Privacy Policy

VmMac ("we") values user privacy. This Privacy Policy ("Policy") describes how we collect, process, store, and protect your personal information when you use vmmac.com and related services (collectively, the "Services").

By accessing or using the Services, you confirm that you have read, understood, and agreed to this Policy in full.If you do not agree, please stop using the Services. This Policy, together with our Terms of Service, constitutes the complete agreement between you and us.

1.1 Information You Provide

• Account information:Email address, name (optional), and password (encrypted) provided at registration
• Payment information:Payments are processed by third-party payment providers; we retain only transaction results, amounts, dates, and partial masked billing information—no full card or payment account details are stored
• Support content:Issue descriptions, attachments, and communication records you submit via the ticket system or email
• Service configuration:Server specifications, data center region, and billing method you select

1.2 Automatically Collected Information

• Access logs:IP address, HTTP request details, access timestamps, referrer pages, browser type, and operating system
• Device identifiers:Device type and a client unique identifier (SSAID) we generate for security verification and anomaly detection
• Service usage data:Login times, feature usage frequency, console activity logs, and bandwidth/resource consumption statistics
• Cookies and local storage:Used to maintain session state, remember language preferences, and improve user experience (see Section 6)

We use the information we collect for the following purposes, all of which are necessary to provide the Services or represent our legitimate interests:

• Providing and managing Services:Creating accounts, activating and managing server instances, processing payments and renewals
• Identity verification and security:Verifying user identity, detecting and preventing fraud, abuse, and unauthorized access
• Customer support:Responding to ticket requests and troubleshooting technical issues
• Service improvement:Analyzing usage patterns, optimizing platform performance, and developing new features; analysis data is processed in aggregated or anonymized form
• Service notifications:Sending billing notifications, expiry reminders, maintenance announcements, security alerts, and other service-related emails
• Marketing:Sending product updates or promotional information we believe may be of value to you, unless you have opted out
• Legal compliance:Complying with applicable laws, responding to lawful requests from law enforcement, and exercising or defending our legal rights
• Platform research:Using technical logs and performance data in anonymized form to improve infrastructure stability

We do not sell your personal information.We may share your information in the following limited circumstances:

3.1 Service Providers

To operate the Services, we share minimal information with necessary third-party providers, including:

• Payment processors (handling transactions, subject to their own privacy policies)
• Email service providers (sending verification codes and notification emails)
• Self-hosted analytics tools (Matomo, data stored on servers under our control)
• Network infrastructure providers

We have data processing agreements with service providers requiring them to use information only for the purpose of fulfilling their contractual obligations and to implement appropriate security safeguards.

3.2 Legal Requirements

We may disclose necessary information if required by law or to protect our legitimate interests, including but not limited to: complying with legal process or government orders, enforcing these Terms of Service, and preventing fraud or security threats.

3.3 Business Restructuring

In the event of a merger, acquisition, asset transfer, or bankruptcy, user information may be transferred to the successor as part of the assets. We will notify you via a platform announcement before the transfer; the successor must be bound by terms equivalent to this Policy.

3.4 With Your Consent

With your explicit authorization, we may share your information with third parties for the authorized purpose.

We retain your information according to the following principles:

• Account information:Retained for the duration of the account and for a reasonable period after account deletion (up to 12 months) to meet legal compliance requirements
• Transaction records:Billing and payment records are retained for at least 7 years
• Access logs:Typically retained for 90 daysfor security audits and troubleshooting
• Support tickets:Retained for the duration of the account and for 12 monthsafter account deletion
• Server data:After service termination 72 hourspermanently deleted

Information required by law to be retained for longer periods will be kept for the statutory duration.

We apply industry-standard technical and organizational measures to protect your personal information:

• Encryption in transit:All data transmissions are encrypted with TLS 1.2+
• Password security:Passwords are stored using a strong hashing algorithm (bcrypt); original passwords cannot be retrieved
• Access controls:Employee access to user data is strictly limited on a least-privilege basis
• Physical security:Data centers have 24×7 physical access controls
• Security audits:Regular internal security reviews and vulnerability scans are performed

We use the following types of cookies and local storage technologies:

You can manage or disable cookies through your browser settings; however, disabling essential cookies will prevent the service from functioning properly.

Depending on applicable data protection laws, you may have the following rights. To submit a request, contact us via the ticket system and we will respond within 30 days:

• Right of access:Request a copy of the personal information we hold about you
• Right of rectification:Request correction of inaccurate or incomplete personal information (basic information can be edited directly in the console account settings)
• Right of erasure:After account deletion, request erasure of your personal information; records required by law (e.g., transaction records) are excluded
• Opt out of marketing:You may opt out of marketing notifications at any time via the unsubscribe link in our emails; service notifications (e.g., billing reminders) cannot be unsubscribed
• Withdraw consent:Where processing is based on your consent, you may withdraw it at any time; this does not affect the lawfulness of processing before the withdrawal

Some deletion requests may not be fulfilled immediately while your account is still active, so we can continue to provide the service and fulfil our legal obligations.

This service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from minors. If you are a parent or guardian and discover that your child has provided us with personal information without authorization, please contact us immediately via a support ticket and we will delete it as soon as possible.

VmMac operates data centers in Hong Kong, Japan, Korea, and the United States. Your information may be stored or processed on servers outside your country or region. Data protection requirements vary across jurisdictions.

We safeguard cross-border data transfers through: data processing agreements with data recipients, industry-standard security measures, and compliance with applicable data transfer regulations.

Our website may contain links to third-party websites. We are not responsible for the content, privacy policies, or security practices of those sites. We recommend reading the privacy policy of any third-party site before visiting it.

We may revise this Policy from time to time. Updated versions will be published on this page with a revised "Last Updated" date at the top.

Formaterial changes(such as substantial changes to how we use your information), we will notify you via your registered email or an in-platform notification.Your continued use of the service after changes are published constitutes acceptance of the revised Policy.If you do not accept the changes, please stop using the service and delete your account.

If you have any questions, complaints, or rights requests regarding this Privacy Policy, please contact us via the following channels: