Privacy Policy

Effective date: 20 June 2026 · Last updated: 20 June 2026

This Privacy Policy explains how 3DollarVPN (“3DollarVPN”, “we”, “us”, “our”) collects, uses, shares, and protects personal data, and the rights you have over your data under the EU General Data Protection Regulation (GDPR) and Hungarian data-protection law. It applies to our website 3dollarvpn.com, our browser extension, and our proxy service (together, the “Service”).

The short version. We are a browser proxy, not a full system VPN. We do not log your browsing activity, the websites you visit, your DNS queries, connection timestamps, or the source IP addresses of your proxied traffic. We collect only the minimum needed to run an account, bill you, and keep the Service working.

1. Who we are (Data Controller)

The data controller responsible for your personal data is Manytours Kft., a company registered in Hungary (company registration number 13-09-245036; EU VAT number HU26344757 (Hungarian tax no. 26344757-2-13)), with its registered seat at Diófa utca 2, 2023 Dunabogdány, Hungary, operating the Service under the brand “3DollarVPN”.

For any privacy question or to exercise your rights, contact us at marcell@3dollarvpn.com.

2. The data we collect

2.1 Data you give us

Waitlist / newsletter email. If you join our waitlist, we collect the email address you submit, on the basis of your consent.
Account data. When accounts are available, we collect your email address and a hashed password (we never store passwords in plain text).
Billing data. Subscription status, plan, and transaction records. Card and payment details are entered with, and held by, our payment processor — we never receive or store your full card number.
Support correspondence. Anything you send us by email.

2.2 Data needed to operate the proxy

Per-account authentication. The Service authenticates each account to our proxy servers using per-user credentials, so that only paying or free-tier users can connect.
Aggregate bandwidth counters. To enforce the free-tier data cap and fair-use limits, we count the total number of bytes transferred by an account in a billing period. These counters are aggregate totals only. They are not linked to the websites you visit, the content of your traffic, or individual connections.

2.3 What we deliberately do NOT collect or log

We do not record, store, or log:

The websites, domains, or URLs you visit;
The content of your traffic;
Your DNS queries;
Connection or disconnection timestamps tied to your activity;
The source IP address from which you connect, beyond what is transiently required to establish a connection and which we do not retain as an activity log.

2.4 Website data

Our website does not use third-party advertising or cross-site tracking cookies and embeds no third-party analytics or advertising trackers. Our hosting and security provider (Cloudflare) processes limited, transient request metadata (such as IP address) to deliver the site and protect it from abuse, as our processor. Our visitor counter stores only a single aggregate number and is not tied to any individual.

3. Why we use your data and our legal bases

To provide the Service (authenticate you, deliver proxy access, enforce plan limits) — legal basis: performance of a contract (Art. 6(1)(b) GDPR).
To take payment and keep tax/accounting records — legal bases: performance of a contract and compliance with a legal obligation (Art. 6(1)(b) and (c)).
To send waitlist / product emails — legal basis: consent (Art. 6(1)(a)); you can withdraw at any time via the unsubscribe link.
To secure the Service and prevent abuse — legal basis: legitimate interests (Art. 6(1)(f)) in keeping the Service available and free from fraud and attack.
To respond to support requests — legal basis: legitimate interests in helping our users.

4. Who we share data with (Processors and recipients)

We do not sell your personal data. We share it only with service providers who process it on our behalf under a data-processing agreement, and only as needed to run the Service:

Payment processing — Lemon Squeezy, which acts as our merchant of record (seller of record) and uses Stripe to process card payments.
Email delivery — Buttondown processes our waitlist and newsletter emails.
Hosting & security — Cloudflare (website, edge functions, DNS) and our server providers (Hetzner, Vultr) host the Service infrastructure.

We may also disclose data where required by law, to comply with a valid legal request, or to protect our rights, users, or the Service. Because we do not keep activity logs, we cannot produce browsing data we do not hold.

5. International transfers

Some of our processors are located outside the European Economic Area (for example, in the United States). Where personal data is transferred outside the EEA, we rely on an adequacy decision, the EU Standard Contractual Clauses, or another lawful transfer mechanism to protect it.

6. How long we keep data

Account data — for as long as your account is active, and a short period afterwards, then deleted or anonymised.
Billing and invoice records — retained for the statutory period required by Hungarian accounting law (currently eight years), which we cannot shorten.
Waitlist / newsletter email — until you unsubscribe or ask us to delete it.
Support emails — for as long as needed to resolve your matter and a reasonable period afterwards.

7. How we protect your data

We use industry-standard measures including encryption in transit, hashed passwords (Argon2id), least-privilege access, hardened servers, and per-user credentials. No method of transmission or storage is perfectly secure, but we work to protect your data and to minimise how much of it exists in the first place.

8. Your rights

Under the GDPR, you have the right to:

Access the personal data we hold about you;
Have inaccurate data corrected (rectification);
Have your data erased (“right to be forgotten”), where applicable;
Restrict or object to processing, including processing based on legitimate interests;
Receive your data in a portable format (data portability);
Withdraw consent at any time, where we rely on consent;
Lodge a complaint with a supervisory authority.

To exercise any of these, email marcell@3dollarvpn.com. We will respond within the time limits set by the GDPR (normally one month). You also have the right to complain to the Hungarian supervisory authority, the Nemzeti Adatvédelmi és Információszabadság Hatóság (NAIH) — 1055 Budapest, Falk Miksa utca 9-11., Hungary; naih.hu — or with the supervisory authority in your country of residence.

9. Children

The Service is not directed to children. You must be at least 16 years old (or the age of digital consent in your country, if higher) to use the Service or to provide us with personal data. We do not knowingly collect data from children below that age.

10. Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated version here and change the “Last updated” date. If the changes are significant, we will give you reasonable notice (for example, by email).

11. Contact us

Questions about this policy or your data? Email marcell@3dollarvpn.com and we will help.