privacy policy
We use the minimum data needed to operate your dashboard and subscription. Our core principle: notVPN does not log customer traffic, browsing history, DNS queries or connection contents.
Last updated: May 2026
notVPN is a managed internet access service built on subscription-based tunneling infrastructure.
The service operator and contact company for legal, payment, administrative and privacy matters is EMIBA ENGINEERING SAS, SIRET 94159971400024, RCS Limoges.
Registered address: LIMOGES SIS, 1 PLACE JOURDAN, 87000 LIMOGES, France. Share capital: 400 EUR. Contact email: soulence.dd@proton.me. For support questions, you may also contact us via Telegram: https://t.me/xNotVPNx.
notVPN does not log customer traffic.
We do not store browsing history, websites visited, apps or services used through the connection, DNS queries, traffic contents, browsing activity or full connection history.
We do not collect this data because we do not need it to provide the service.
We collect only the minimum data needed to create, access and manage your dashboard.
notVPN plans may include a traffic limit. To apply this limit, we may process the total amount of traffic used by your subscription.
For example, the system may know that your plan has used a certain amount of GB.
This does not mean that we know what websites, apps, domains or services you used. We do not store destination logs, traffic content logs or browsing activity logs.
Where European Union, European Economic Area or other applicable data protection rules apply, our legal basis may include performance of a contract, legitimate interests, legal obligation or consent where required.
notVPN may use strictly necessary cookies or similar technologies to keep you logged in, remember your selected language, protect registration and login flows, and maintain basic dashboard security.
In the current version of the service, we do not use advertising cookies.
Support for a specific subscription is available only to the owner of the personal dashboard — the user whose email or Telegram is linked to the account.
This protects users from unauthorized requests by third parties.
notVPN subscriptions are intended for personal use.
You may use one subscription on several personal devices if your app supports subscription import. All traffic is consumed from the shared limit of the selected plan.
We keep personal data only for as long as necessary to operate the service, support users, maintain subscription records, prevent abuse and comply with applicable legal obligations.
When data is no longer needed, we delete or anonymize it.
If payments are enabled, payment processing may be handled by third-party payment providers.
To process a payment, the payment provider may receive data required for the transaction: order identifier, amount, currency, payment status and technical payment-flow data.
notVPN does not store full payment card data, banking passwords or confirmation codes.
We may store the payment order id, payment status, internal EUR amount, provider charge amount in RUB, the EUR/RUB exchange rate used, provider status, timestamps, transaction reference and related technical data needed to activate or extend a subscription, support the user and maintain accounting records.
We may use providers for hosting, email delivery, Telegram bot functionality, payments, availability monitoring, databases and backups.
We do not sell personal data.
notVPN infrastructure or providers may be located in different countries. Where personal data is transferred outside the European Economic Area or the user's country, we aim to use appropriate safeguards under applicable law.
We use reasonable technical and organizational security measures, including data minimization, separation between public tokens and internal technical identifiers, restricted administrative access, secure verification flows and infrastructure access controls.
No online service can guarantee absolute security, so we also minimize the amount of personal data we hold.
Depending on applicable law, you may have the right to request access, correction, deletion, restriction of processing, a copy of your data, object to processing or withdraw consent.
Depending on applicable law, you may also lodge a complaint with a competent data protection authority.
We may respond to valid legal requests where we are legally required to do so.
Because we do not log customer traffic, we cannot provide traffic logs, browsing history, visited websites, DNS history, communication contents or destination history that we do not store.
We may only provide limited information that we actually hold, such as email, Telegram identifier, public account token, plan, subscription status, aggregate traffic usage or payment/subscription records.
We may update this Privacy Policy from time to time. The latest version will be available on our website.