Privacy Policy

Effective date: June 13, 2026 Applies to: vpn.now apps, extensions, and website

This policy explains what personal data vpn.now collects, why we collect it, how long we keep it, and what rights you have over it. It applies to our apps, our browser extensions, and our website. We wrote it in plain language on purpose. If anything is unclear, contact support and we will explain it.

In short: we store the minimum we need to run your account, secure your devices, and bill you. We do not record what you do online through the service, the sites you visit, or the addresses you open in our web proxy tool.

Contents

  1. Data we collect
  2. What we store and why
  3. What we never collect
  4. How long we keep data
  5. Who we share data with
  6. International data transfers
  7. Your rights
  8. Cookies
  9. Children
  10. Changes to this policy
  11. Contact

Data we collect

We collect data in two ways. First, data you give us when you sign up and use vpn.now, such as your email address and the names you choose for your devices. Second, data our systems create so the service works, such as the public keys that let our servers recognize your devices and the access tokens our apps and extensions use to connect.

Every item we store exists for one specific reason. The table in the next section lists each item, why we keep it, and how long we keep it.

What we store and why

This is the complete list of personal and account data our systems store.

Data Why we keep it How long
Account email address To log you in, send receipts, and send important service notices like security or payment alerts. Marketing email only if you opt in, and you can opt out at any time. Life of account
Password hash (Argon2) To check your login without ever storing your actual password. We store only a one way scrambled hash, so even our staff cannot read your password. Life of account
Subscription, payment, and invoice records To run your subscription, process refunds under our refund policy, and meet tax and accounting law. Your card is handled by our payment provider and never touches our servers. As long as tax and accounting law requires
Device names you choose So you can tell your devices apart in the dashboard. The name can be anything you like and does not need to identify the real device. Life of account
Device public keys (one per device) So our servers can recognize each device. The matching private key is generated on your device when you download your config and is never stored by us. Life of account, removed when you delete the device
API access tokens for the apps So our apps can connect to your account. We store only a SHA-256 hash of each token, never the token itself, and you can revoke a token at any time. Until you revoke it
Browser extension proxy credentials A username and a hashed secret used by our Chrome, Firefox, and Opera extensions to connect through the proxy. You can revoke these at any time. Until you revoke it
Aggregate per-server session counts Totals and the daily peak per server, so we know when to add capacity. They contain no IP addresses and no account identifiers, and they cannot be linked to you. Purged after 30 days
Total data usage per account A single running total of how much data your account transfers, so we can operate the service fairly and apply the free plan's monthly limit. It says nothing about where the data went or what it contained. Kept for operations
Approximate sign-in location and IP address The rough location and IP address you sign in to your account from, kept so we can secure accounts and spot suspicious sign-ins. You can review your own recent sign-ins from your account dashboard. This is the address you connect to our website or app from when you log in, not your IP while the VPN is running and not anything you do over the VPN. Purged after 30 days

What we never collect

The following data is not collected or stored by vpn.now. Not in databases, not in backups, not anywhere:

  • Your browsing activity
  • Your DNS queries
  • The contents of your traffic
  • The websites you visit
  • Your real IP address while you are connected

The free web proxy

The free web proxy tool at our web proxy page works the same way. The addresses you open through it are not logged. We do not keep a record of the pages you load with the proxy.

We do not claim this makes you anonymous. It means that what you do through the service is not recorded by us, so we have nothing about your online activity to lose, sell, or hand over.

How long we keep data

The table above lists the exact retention for each item. In short:

  • Account email, password hash, device names, and public keys stay for the life of your account and are removed when you delete it from your account dashboard.
  • Subscription and payment records are kept as long as tax and accounting law requires, then deleted.
  • API tokens and browser extension credentials are kept until you revoke them or delete the related device.
  • Aggregate per-server session counts are purged after 30 days by an automatic scheduled job.
  • Sign-in location and IP records are purged after 30 days by the same scheduled job.

Who we share data with

We do not sell personal data, ever. We share data only with the few service providers needed to run vpn.now: our payment provider, who processes your card on our behalf, and our email delivery provider, who sends receipts and notices. Each provider receives only what its job requires.

We may also disclose specific data if a court with jurisdiction over us legally compels it. Our transparency page explains that process and what we can and cannot produce.

International data transfers

vpn.now operates servers and works with providers in more than one country, so your account data may be processed outside the country where you live. When we move data across borders, we rely on standard contractual clauses or other lawful transfer safeguards to keep it protected to the same standard described in this policy.

Your rights

You can access, correct, export, or delete your personal data. Most of this works directly from your account dashboard: you can change your email, manage devices, revoke tokens and extension credentials, view invoices, and delete your account. For anything else, including a full export of your data, open a support ticket and we will handle it within 30 days.

Depending on where you live, laws such as the GDPR or CCPA may give you more rights. We honor requests under those laws no matter where you are.

Cookies

Our website uses only the cookies that are strictly necessary, such as the ones needed to log you in and keep our forms secure. We do not use advertising or cross site tracking cookies. The full details are in our cookie policy.

Children

vpn.now is not for children under 16, and we do not knowingly collect data from them. If you believe a child has created an account, contact support and we will delete it.

Changes to this policy

If we change this policy, we will update the effective date at the top and explain the change in plain language. For meaningful changes, we will email account holders before the change takes effect. We will never quietly expand what we collect.

Contact

Questions about this policy or your data? Contact support and ask for the privacy team. We answer plainly.

Have a question we did not cover? Contact support