Privacy Policy

Effective date: 2026-04-20 - Applies to the xiongmao-cloud.com website, Panda VPN apps, account access, support communication, downloads, and related service delivery

1. Scope of this policy

This Privacy Policy explains how PPanda Security LLC collects, uses, stores, discloses, and protects personal data and service-related information when you visit our website, download Panda VPN, create or use an account, contact support, or interact with our billing, infrastructure, and delivery partners. It also explains what we do not treat as everyday logging content, what choices you have, and how to contact us about privacy questions.

2. Service provider and contact details

Panda VPN is provided by PPanda Security LLC, 3155 Preston Hall Dr, San Antonio, Texas, 78247. Privacy questions, account requests, deletion requests, and support questions can be sent to support@xiongmao-cloud.com. If applicable law requires a more specific privacy contact channel, we may provide it through the website or account interface.

3. Information we collect from the website

When you browse our website, we may receive standard web request information such as the requested page, approximate time of access, browser family, operating system family, referral source, coarse device type, language preference, and general anti-abuse signals. We use this information to operate the site, understand which pages are being used, prevent abuse, and improve download and support paths.

Website analytics and operational data are typically aggregated or limited to what is needed for infrastructure performance, content planning, and service security. We do not claim that every site interaction is anonymous in the abstract, but we aim to keep the scope proportionate to normal website operation.

4. Account, download, and app-related information

When you create or use an account, download an app, sign in, or interact with app-related delivery paths, we may process data such as your email address, account identifier, subscription status, app platform, app version, purchase channel, billing state, and service eligibility information. This helps us validate access, deliver the correct plan, support app updates, and respond when an account or purchase flow breaks.

5. Diagnostics and service metadata

To keep the service usable, we may process limited service metadata and diagnostics such as the app version in use, platform family, crash events, coarse session timing, support-linked diagnostic notes, anti-abuse indicators, and whether a sign-in or update flow succeeded or failed. Depending on the platform and problem type, diagnostic collection may be automatic, user-triggered, or tied to a support request.

We use diagnostic and service metadata to detect broken releases, fix client compatibility issues, understand recurring installation failures, investigate abuse, and maintain network reliability. We try to keep such data narrow in scope and aligned with operational necessity rather than broad content inspection.

6. What we do not position as routine browsing logs

Our service is not described as an everyday tool for reading or storing the full content of your web browsing, messages, or files as a routine business model. We distinguish between limited operational metadata, support communications, billing records, and the actual content of what you do online. Where we need anti-abuse or security signals, we aim to collect the minimum practical information for that purpose.

7. Payments, billing, and order records

If you purchase a paid plan, our payment processors or app-store partners may process billing details such as payment confirmations, transaction references, country or tax indicators, renewal status, refund outcomes, and chargeback information. We may receive order-level information required to validate entitlement, apply refunds, enforce billing rules, respond to disputes, and maintain accounting records.

We do not store full payment card numbers in ordinary business operations when a specialist payment processor or app-store billing system handles them on our behalf.

8. Support communications

When you email us or otherwise contact support, we process the content you send, including device information, screenshots, error messages, and the explanation of the problem you choose to provide. We use this data to reply to you, diagnose the issue, improve future articles, and maintain a support history that lets us avoid starting from zero each time you write back.

9. Cookies, local storage, and language preference

Our website may use cookies, local storage, or similar browser technologies for basic functionality, performance, analytics, security, and language preference. For example, if you switch between Chinese and English, we may store a small browser-side language preference so the site does not keep guessing on future visits. These technologies may also be used for cache behavior, abuse protection, or lightweight measurement.

10. How we use personal data and service data

We use data to provide the website and apps, deliver downloads, verify access to paid or free features, support subscriptions and renewals, handle support requests, maintain infrastructure performance, protect the service from fraud and abuse, comply with legal obligations, and improve our content, product flows, and support quality. We may also use aggregated or de-identified data for analysis and operational planning.

11. Legal bases, retention, and deletion logic

Depending on where you are located, our legal bases may include contract performance, legitimate interests, legal obligations, fraud prevention, security, consent where required, and related consumer-service obligations. Retention periods depend on the data category and why it was collected. Billing records, tax records, anti-fraud records, support history, and operational logs may be retained for different periods based on business need and legal requirements.

When data is no longer reasonably needed for the original purpose, legal retention, or dispute handling, we aim to delete it, anonymize it, or reduce it to the minimum still required.

12. Processors, vendors, and international transfers

We may rely on infrastructure vendors, app stores, payment processors, email providers, support tools, analytics tools, security partners, and content delivery services. These partners process data on our behalf or on their own terms depending on the role they play. Because our infrastructure and vendors may operate in multiple jurisdictions, your data may be transferred to or processed in countries other than the one where you are located.

13. Security measures

We use administrative, technical, and organizational measures designed to protect website, account, support, and operational data. These may include access controls, role separation, vendor reviews, security monitoring, limited diagnostic access, secure transmission methods, and account-protection controls. No internet-facing service can guarantee absolute security, but we aim to keep our practical controls proportionate to the data we process and the risks we face.

14. Your rights and choices

Depending on applicable law, you may have rights to access, correct, update, delete, export, object to, or limit certain processing of your personal data. You may also have rights related to consent withdrawal, complaint channels, or marketing preferences. We may need to verify your identity before acting on some requests and may decline requests when a legal exception applies, such as fraud prevention, billing retention, or dispute handling.

15. Policy changes and how to contact us

We may update this Privacy Policy to reflect service changes, new features, legal requirements, or revised operational practices. The latest version will remain on this page with an updated effective date. Questions about this policy, privacy requests, support records, or legal concerns can be sent to support@xiongmao-cloud.com or mailed to PPanda Security LLC, 3155 Preston Hall Dr, San Antonio, Texas, 78247.