Privacy

What we keep. What we don't.

Last updated June 2026 · Operator: VPNxmen · Jurisdiction: Sweden

VPNxmen exists so a single fixed exit IP can sit on a broker's allowlist — quietly. We do not log your browsing. We do not log DNS queries. We do not sell, syndicate, or share metadata.

1. What we never store

• No browsing history. We do not record domains, URLs, page contents, or destination IPs you visit.
• No DNS query logs by default. If you opt into Shield DNS (Quad9), DNS happens at the resolver under their privacy policy — VPNxmen does not see or store it.
• No deep packet inspection. We forward WireGuard traffic. We do not decrypt, classify, or fingerprint it.
• No advertising IDs. No analytics SDKs on the tunnel. No third-party trackers in the dashboard.

2. What we do store, and why

To run the service, deliver your node, and keep it healthy, we hold the minimum necessary:

• Account: the email you give us at checkout, used for delivery of credentials and support.
• Payment reference: a transaction ID from BTCPay or Stripe — never your card number, never your wallet seed.
• Peer record: your WireGuard public key, the internal tunnel IP we assigned to you, and the timestamp of the last handshake. Used to keep your tunnel up and to detect dead peers.
• Operational telemetry: aggregate bandwidth and uptime per node — not per session, not per destination.

3. Retention

Account email and payment reference: while your subscription is active, plus 12 months for tax/audit compliance, then deleted. Peer records: removed within 30 days of cancellation. Server logs (sshd, system): rotated and discarded within 14 days. Crash dumps are disabled in production.

4. Third parties

We use as few as possible. The current list:

• BTCPay Server — when you pay with crypto (Bitcoin, Lightning). They see invoice metadata; they do not see your email unless you provide it on the invoice.
• Stripe — when you pay by card. Subject to Stripe's privacy policy. Stripe is the data processor for card data; we never receive PAN or CVC.
• Email transport — outbound SMTP for delivery of WireGuard credentials and replies. Messages are sent over TLS.

We do not use Google Analytics, Meta pixels, Hotjar, Sentry, or any session-replay tool on customer-facing surfaces.

5. Your rights (GDPR)

If you are in the EU, EEA, or UK you have the right to access, rectify, export, or delete the data we hold about you. Use the contact form and choose Privacy as the topic, from the address on file. We respond within 30 days. There is no charge for reasonable requests.

6. Lawful interception

We respond only to validly-served Swedish legal process. We cannot produce records we do not keep, and most of what would identify your traffic — destination, content, DNS — we deliberately do not keep. We publish a yearly transparency note on the VPNxmen blog summarising the volume and outcome of any requests received.

7. Cookies

The marketing site uses one functional cookie to remember the language and region of the front page. No tracking cookies. No third-party cookies.

8. Changes

Material changes are emailed to active customers and posted on this page at least 14 days before they take effect. Trivial wording changes are made silently with a refreshed "last updated" date.

9. Contact

Privacy questions and general contact: use the contact form and pick the right topic. Legal service of process: written notice to the operator address listed on request.