Privacy policy
We take data protection seriously. This policy explains how we collect, use, and protect your information.
Information we collect
Sign-up data
We only request the minimum amount of data needed to create an account:
- Email address (used for confirmation and recovery)
- Password stored exclusively in hashed form
- Registration date and last activity
Payment information
Payments are processed via certified gateways; card details never touch NvoVPN servers.
Technical diagnostics
To keep the service stable we collect anonymised metrics such as:
- Device type and operating system version
- App version and client configuration
- Aggregated performance/error telemetry
How we use data
Collected information is used solely to run and improve the VPN experience.
Service delivery
Providing VPN access, processing payments, and offering support.
Product improvement
Anonymous analytics help us optimise performance and ship new capabilities.
Security
Preventing fraud, abuse, and operational incidents.
Communication
Sending important notices about maintenance, policy changes, and updates.
What we never do
We do not sell, rent, or share your personal data for marketing, nor do we run advertising based on your activity.
No-Logs policy
We never log your traffic
This principle is at the core of NvoVPN.
Data we do NOT track
- Browsing history or the domains you visit
- Content of your traffic or payload data
- DNS queries and destination IP addresses
- VPN session timestamps or connection logs
Data we store to operate the service
- Email and hashed password for account access
- Registration and subscription information
- Payment records required for accounting
- Aggregated server-load metrics (e.g., active connection counts)
Independent audits
External security firms regularly verify our No-Logs claims.
Data security
We apply layered protection so unauthorised parties cannot reach your data.
Encryption
All data in transit and at rest uses AES-256-GCM, with keys stored separately from applications.
Physical security
Servers operate in Tier III+ facilities with 24/7 guards, CCTV, and biometric access.
Network defence
Modern firewalls, IDS, and timely patching reduce exposure to vulnerabilities.
Access control
Strict staff policies, MFA, and continuous security training.
Breach response plan
If we detect a potential incident, we execute the following steps within 24 hours:
- 1 Isolate affected systems
- 2 Notify regulators when required by law
- 3 Inform every impacted customer
- 4 Run a full investigation and publish findings
Your rights
You stay in control of your personal information. You may:
Access your data
Request a copy of all personal data we store by emailing .
Rectify inaccuracies
Update or correct any inaccurate details via the dashboard or support.
Request deletion
Ask us to delete your account and data, subject to legal retention requirements.
Port your data
Receive your data in a machine-readable format for another provider.
Restrict processing
In specific cases you may ask us to limit how we process your information.
Response timeline
We reply to privacy-right requests within 30 calendar days. If more time is required we will let you know in advance.
Policy updates
We may revise this privacy policy from time to time. Significant changes are announced via email or in-app notices.