Account data
Email address, password hash, account status, and account creation time.
Privacy Policy
NoLogVPN Privacy Policy
This page explains what personal data NoLogVPN collects, how it is used, how long it is kept, and where third-party providers are involved.
Service Provider / Data Controller
For GDPR purposes, MORARU ANDREI-DANIEL PERSOANĂ FIZICĂ AUTORIZATĂ is the data controller for account, payment, support, and website-related personal data.
- Legal name
- MORARU ANDREI-DANIEL PERSOANĂ FIZICĂ AUTORIZATĂ
- Legal form
- Authorised Natural Person (Romanian PFA)
- Trade Register no.
- F2026025353008
- CUI/CIF
- 54681475
- Professional headquarters
- Bucureşti Sectorul 1, Bulevardul Bucureştii Noi, Nr. 136, Etaj PARTER, Ap. 5
- [email protected]
- Website
- https://nologvpn.org
No-Log Statement
The separate No-Log Policy covers the VPN activity side of the service. In short: NoLogVPN does not store traffic logs, browsing activity logs, or DNS query logs on its own VPN servers. This Privacy Policy focuses on the personal data and operational records that are retained to run the service, including the minimal bandwidth/accounting totals needed for fair use.
Personal Data We Collect
Password reset records
Short-lived password reset token hashes, expiry times, and related delivery or completion events needed to operate self-service password reset. Used or expired reset tokens are removed automatically.
Billing and subscription data
Selected plan, subscription status, renewal or cancellation timing, provider customer and subscription references, and related billing metadata.
Device records
For active devices: device name, WireGuard public key, assigned internal VPN IP, and selected protection mode. Revoked-device records and linked device-scoped events are erased within 7 days.
Checkout consent data
Typed checkout name, agreement version, consent flags, timestamp, and related payment or subscription references.
Essential event records
A small set of account, consent, checkout, and important subscription-change events needed for billing support, disputes, and security-sensitive account actions. Routine operational events are kept only briefly.
Bandwidth accounting data
Minimal current-cycle and current-day bandwidth totals, plus operational counter state needed for fair-use enforcement, network protection, and throttling.
Why We Use It
To operate your account
Authentication, account access, device provisioning, subscription status, and dashboard management.
To process payments
Stripe-hosted checkout, subscription management, renewal state, and billing issue handling.
To provide support and abuse control
Self-service password reset, billing support, device troubleshooting, and reasonable fraud or abuse prevention.
To meet legal obligations
Record-keeping needed for payment disputes, legal obligations, or compliance where required.
Legal Bases
We use data needed for account creation, authentication, VPN delivery, device management, and subscription handling to perform the contract with you.
We use data needed for billing, accounting, tax, legal requests, and required record keeping to comply with legal obligations.
We use limited data for security, fraud prevention, support, troubleshooting, and network protection based on legitimate interests, without keeping VPN activity logs.
Where a flow asks for separate consent, such as checkout agreement consent, we use that consent for the related consent record.
Third-Party Services
Stripe: Stripe processes payments and keeps its own payment and subscription records under Stripe's policies.
Cloudflare: Cloudflare fronts the public website and API. Cloudflare may keep edge or network records under Cloudflare's policies.
Upstream DNS resolvers: Our DNS layer forwards queries upstream for resolution. We disable EDNS client subnet on our side, but upstream resolvers operate under their own policies.
Transfers and Your Rights
Some third-party providers, such as Stripe, Cloudflare, or email services, may process data in Romania, the EEA, or other countries under their own policies and applicable transfer mechanisms.
Depending on the situation, you may request access, rectification, erasure, restriction, portability, objection to processing, and withdrawal of consent where processing is based on consent.
You have the right to lodge a complaint with the competent data protection supervisory authority. In Romania, the authority is ANSPDCP: dataprotection.ro.
Retention, Deletion, and Security
Account, subscription, device, and consent records are kept while the account remains active and for as long as needed for billing, disputes, fraud prevention, or legal compliance.
Password reset tokens are deleted automatically after use or expiry. Non-essential operational events are auto-purged after a short retention window.
When you delete your account from the dashboard, our application removes local account, device, DNS-setting, subscription, and event records tied to that account.
Third-party providers may keep their own billing or network records under their own policies even when our VPN servers do not store user activity logs.
Live operational state, such as recent VPN handshake status used for simultaneous-connection enforcement, is used at runtime and is not presented as a long-term browsing or DNS history record.
Related Policies
Read the separate No-Log Policy for the VPN activity side of the service, plus the Subscription Terms, Refund Policy, Acceptable Use Policy, and Cookie Policy.
Privacy Contact
For privacy questions, no-log clarification, or account-related help, contact [email protected].