Privex VPN — Privacy Policy

Last updated: 2026-05-03

This Policy explains what data Privex VPN ("we", "the service") collects when you use our VPN client apps, browser extensions, and the privexvpn.app website. We aim to keep this short, plain-spoken, and accurate.

1. What we DO NOT log

The websites you visit, the IPs you connect to, or the DNS queries you make.
The content of any traffic that passes through our servers.
Connection timestamps tied to your account beyond the active session.
Bandwidth used per user.

2. What we DO store

Data	Purpose	Retention
Email + hashed password (argon2id)	Sign-in, account recovery	Until account deletion
Optional name	Personalization	Until account deletion
Subscription tier & renewal date	Plan enforcement	Until account deletion
Device list (id, platform, name, last-seen)	Concurrent-device limit + remote sign-out	Until you revoke or account is deleted
Audit log (login, password change, device add/remove, session rotate)	Account security forensics	180 days
Active session token hashes	Sign-in across browser restarts	Until you sign out
WireGuard / VLESS peer entries	Issuing tunnel keys	Until the device or peer is revoked
Anonymous telemetry (opt-in)	Product improvement	90 days, no userId

3. What our servers see

The Privex VPN nodes encrypt and forward your network traffic. They handle packets in real-time but do not write per-user traffic logs. Server-level metrics that are recorded — CPU/memory/load, total bandwidth, current peer count, last-handshake timestamps — exist only as aggregate operational data and are not tied back to specific user accounts.

For the browser-extension HTTP CONNECT proxy, our Squid layer logs short connection events to the control plane (so the admin dashboard can show "active proxy clients"). These records contain only the user id and the node, not the destination URL or content.

4. Third parties

Cloudflare fronts the optional VLESS+WS+TLS protocol on each node. Cloudflare sees the encrypted bytes between your client and our origin; they do not see decrypted traffic.
Let's Encrypt issues TLS certificates for our public hostnames.
Stripe / Apple / Google may handle subscription billing if you purchase a paid plan. They do not receive your VPN usage.

5. Your rights

You can:

Sign out from individual devices in Profile → My Devices.
Change your password in the app or browser-extension settings.
Delete your account, which permanently removes your email, password, device list, audit history, and any active peers within 30 days.
Export your account data on request to [email protected].

6. Children

Privex VPN is not intended for users under 13. We do not knowingly collect data from minors.

7. Changes

If we materially change this Policy we will notify you in-app and update the "Last updated" date above.

8. Contact

Questions: [email protected]. We respond within 5 working days.