Legal documents

Privacy policy

We take data protection seriously. This policy explains how we collect, use, and protect your information.

Effective date
05.07.2026
Terms of Use
1

Information we collect

Sign-up data

We only request the minimum amount of data needed to create an account:

  • Email address (used for confirmation and recovery)
  • Password stored exclusively in hashed form
  • Registration date and last activity

Payment information

Payments are processed via certified gateways; card details never touch NvoVPN servers.

Technical diagnostics

To keep the service stable we collect anonymised metrics such as:

  • Device type and operating system version
  • App version and client configuration
  • Aggregated performance/error telemetry
2

How we use data

Collected information is used solely to run and improve the VPN experience.

Service delivery

Providing VPN access, processing payments, and offering support.

Product improvement

Anonymous analytics help us optimise performance and ship new capabilities.

Security

Preventing fraud, abuse, and operational incidents.

Communication

Sending important notices about maintenance, policy changes, and updates.

What we never do

We do not sell, rent, or share your personal data for marketing, nor do we run advertising based on your activity.

3

No-Logs policy

We never log your traffic

This principle is at the core of NvoVPN.

Data we do NOT track

  • Browsing history or the domains you visit
  • Content of your traffic or payload data
  • DNS queries and destination IP addresses
  • VPN session timestamps or connection logs

Data we store to operate the service

  • Email and hashed password for account access
  • Registration and subscription information
  • Payment records required for accounting
  • Aggregated server-load metrics (e.g., active connection counts)

Independent audits

External security firms regularly verify our No-Logs claims.

Most recent audit: October 2023
4

Data security

We apply layered protection so unauthorised parties cannot reach your data.

Encryption

All data in transit and at rest uses AES-256-GCM, with keys stored separately from applications.

Physical security

Servers operate in Tier III+ facilities with 24/7 guards, CCTV, and biometric access.

Network defence

Modern firewalls, IDS, and timely patching reduce exposure to vulnerabilities.

Access control

Strict staff policies, MFA, and continuous security training.

Breach response plan

If we detect a potential incident, we execute the following steps within 24 hours:

  1. 1 Isolate affected systems
  2. 2 Notify regulators when required by law
  3. 3 Inform every impacted customer
  4. 4 Run a full investigation and publish findings
5

Your rights

You stay in control of your personal information. You may:

Access your data

Request a copy of all personal data we store by emailing .

Rectify inaccuracies

Update or correct any inaccurate details via the dashboard or support.

Request deletion

Ask us to delete your account and data, subject to legal retention requirements.

Port your data

Receive your data in a machine-readable format for another provider.

Restrict processing

In specific cases you may ask us to limit how we process your information.

Response timeline

We reply to privacy-right requests within 30 calendar days. If more time is required we will let you know in advance.

Policy updates

We may revise this privacy policy from time to time. Significant changes are announced via email or in-app notices.

05.07.2026
Last updated
No-Logs
Privacy badge