Privacy Policy

Last updated: February 26, 2026

This Privacy Policy («Policy») describes how VADIM SOLUTIONS LTD (Company No. 16970675), operating the «Blook VPN» service («Provider»), collects, uses, and protects the personal data of any capable individual or legal entity («User»).

By using the Service, the User confirms their agreement with this Policy. If the User does not agree with its terms, they must discontinue use of the Service.

The Provider acts as a data controller under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Definitions

  • «Service» — the Provider’s hardware and software complex, including VPN servers, the Website (https://blook.so/), the Telegram bot («Blook VPN»), and any other means of ensuring the operation of the Service.
  • «Telegram bot» — a software tool in the Telegram messenger designed to interact with the User, provide information, and process Subscription purchases.
  • «Subscription» — a paid right of access to the Service under the terms of the selected plan.
  • «Personal Data» — any information relating to an identified or identifiable natural person.

  1. Data Collected and Purposes of Processing

    1. The Provider collects and processes the following categories of data:

      • Telegram data (first name, last name, username, Telegram ID) — to identify the User, operate the Telegram bot, and handle support requests.
      • Email address — to send payment receipts, Subscription status notifications, and to enable login to the personal account at https://blook.so/.
      • Technical VPN data (connection and disconnection events, access keys, device metadata, Subscription data, and Universal VPN links) — to operate the Service, ensure security, and comply with applicable legal obligations.
      • Website usage data (IP address, browser type, pages visited, time spent on the site) — to analyse user behaviour using third-party analytics services.

    2. The legal bases for processing Personal Data under the UK GDPR are:

      • Consent (Article 6(1)(a) UK GDPR) — for analytics and cookies;
      • Performance of a contract (Article 6(1)(b) UK GDPR) — for providing the Service and processing payments;
      • Compliance with a legal obligation (Article 6(1)(c) UK GDPR) — for retaining data as required by law;
      • Legitimate interests (Article 6(1)(f) UK GDPR) — for security and fraud prevention.

    3. Payments are processed through third-party payment providers (Stripe, Heleket Pay). The Provider does not store or process the User’s payment credentials — they are passed directly to payment providers and protected by their security policies.

  2. Cookies and Analytics

    1. The Website https://blook.so/ uses cookies and similar technologies to ensure the proper functioning of the Website, analyze traffic, and improve the user experience.

    2. The Service may use third-party analytics services to collect aggregated statistics on Website visits, in accordance with those services’ own privacy policies. Users are encouraged to review those policies separately.

    3. The User may manage cookies through their browser settings. Disabling cookies may limit the functionality of the Website.

    4. Where required by law (e.g. under the Privacy and Electronic Communications Regulations 2003), the Provider will obtain the User’s consent before placing non-essential cookies.

  3. Disclosure of Information to Third Parties

    1. The Provider does not disclose the User’s Personal Data to third parties, except in the following circumstances:

      • upon a lawful request from authorised government or law enforcement agencies — to the extent required by applicable law;
      • to protect the rights, property, or safety of the Provider, its users, or third parties;
      • in the event of a corporate reorganisation, merger, or sale of assets — subject to maintaining the confidentiality of data and notifying affected Users.

    2. The Provider may share User data with subcontractors and partners who support the operation of the Service (payment providers, server infrastructure providers), strictly to the extent necessary for them to perform their functions. Such parties are required to process data only on the Provider’s instructions and in accordance with applicable data protection law.

  4. International Data Transfers

    1. The Provider is registered in the United Kingdom and operates infrastructure in various countries. Personal Data may therefore be transferred to and processed in countries outside the United Kingdom.

    2. Any such transfer is carried out in accordance with the UK GDPR, using appropriate safeguards such as UK International Data Transfer Agreements (IDTAs) or equivalent mechanisms, to ensure an adequate level of protection for Personal Data.

  5. Security

    1. The Provider implements appropriate technical and organizational measures to protect Personal Data against unauthorized access, alteration, disclosure, or destruction, including encryption of data in transit and at rest.

    2. While absolute security cannot be guaranteed, the Provider is committed to applying all reasonable efforts to safeguard User data. In the event of a personal data breach that is likely to result in a risk to User rights and freedoms, the Provider will notify the Information Commissioner’s Office (ICO) within 72 hours and will inform affected Users without undue delay.

  6. Data Retention

    1. Technical VPN data is retained for no more than 12 months from the date of collection, after which it is deleted.

    2. Other Personal Data is retained for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law (e.g. financial records may be retained for up to 6 years in accordance with HMRC requirements).

    3. Upon expiry of the applicable retention period, data is securely deleted or anonymized.

  7. User Rights

    1. Under the UK GDPR, the User has the following rights:

      • Right of access — to obtain confirmation of whether their Personal Data is being processed and to receive a copy of it;
      • Right to rectification — to request correction of inaccurate or incomplete data;
      • Right to erasure — to request deletion of data where there is no lawful basis for continued processing;
      • Right to restriction — to request that processing be restricted in certain circumstances;
      • Right to data portability — to receive their data in a structured, commonly used, machine-readable format;
      • Right to object — to object to processing based on legitimate interests;
      • Right to withdraw consent — at any time, without affecting the lawfulness of processing carried out prior to withdrawal.

    2. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal. Following withdrawal of consent, the Provider may restrict the User’s access to the Service.

    3. To exercise any of these rights, the User may contact the Provider at: help@blook.so or via the Contact page. The Provider will respond within one calendar month of receiving the request, as required by the UK GDPR.

    4. The User also has the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk if they believe their data protection rights have been violated.

  8. Third-Party Links

    1. The Service may contain links to third-party websites and resources. The Provider is not responsible for their content, privacy practices, or actions.

    2. Users are encouraged to review the privacy policy of each third-party resource before using it.

  9. Changes to This Policy

    1. The Provider reserves the right to update this Policy at any time. The new version takes effect upon publication at https://blook.so/.

    2. Where changes are material, the Provider will make reasonable efforts to notify Users in advance. Continued use of the Service following publication of an updated Policy constitutes acceptance of the changes.