Nera VPN Privacy Policy

Last updated: March 3, 2026

This Privacy Policy describes how Nera VPN ("Nera VPN," "we," "our," or "us") collects, uses, and shares information when you use our website, mobile apps, desktop apps, and related services (collectively, the "Services").

1. Our Core Privacy Commitment

Nera VPN is built on a no-account architecture. We do not require you to create a username, provide an email address, or submit any personal identifier to use our service. Access is granted via a subscription code only.

We do not log:

• Your browsing history
• DNS queries (verbose DNS logging is disabled by default)
• VPN traffic content or payload data
• The websites, services, or IP addresses you connect to through the VPN

2. Information We Collect

Because Nera VPN has no user accounts, the data we collect is limited to what is operationally necessary to deliver, secure, and support the service.

Subscription and entitlement data
Subscription codes, redemption status, redemption count, device count, and expiration records. These are not linked to your name, email address, or real-world identity.

Authentication and session metadata
We retain a hashed token, associated subscription identifier, and revocation status in order to authenticate requests, enforce device limits, and maintain service security. We do not retain last-used timestamps for session tokens. This data is not used to reconstruct your browsing activity or VPN session history.

Connection-adjacent operational data
We record timestamps related to subscription redemption (such as when a code was redeemed and redemption count). These records exist for abuse prevention and device-limit enforcement. We do not associate these records with browsing or traffic activity.

Server request logs
Our backend logs request method and path for security monitoring and debugging purposes. Redemption endpoints are excluded from request logging to reduce exposure of code activation patterns. No timestamps are recorded in request logs at the application level.

Payment metadata
Transaction metadata from our payment processors (Stripe and Paddle). We do not receive or store full card numbers or payment details. For purchases made through app stores (Google Play or Apple App Store), Google and Apple process payments directly and we receive only a purchase token or receipt to verify and activate your subscription. App store purchases are subject to Google's and Apple's respective privacy policies in addition to this policy.

Support communications
Information you voluntarily provide when contacting us for support.

Website technical data
Standard request metadata (IP address, timestamps, user agent) processed by our infrastructure and CDN providers for site operation and security. This data is not used to track or profile users.

3. VPN Service - What We Do Not Collect

As a VPN provider, we want to be explicit about what we do not log:

• No browsing history. We do not record the websites or services you access through the VPN.
• No DNS query logs. We do not log DNS queries in standard operation. Verbose DNS logging is disabled by default and is controlled by an environment flag (off in production configuration).
• No traffic content. We do not inspect, store, or sell the content of your internet traffic.
• No VPN destination logs. We do not record the IP addresses or hostnames you connect to through the tunnel.
• No sale of user data. We do not sell, rent, or trade information about you to third parties for advertising or marketing purposes.

Our VPN tunnel is provided via WireGuard protocol over infrastructure operated by our network provider. Our network provider's stated policy is that they maintain no connection logs, usage logs, or any logs of user activity on their infrastructure. We rely on this representation but cannot independently guarantee our provider's internal practices.

4. How We Use Information

• Provide, operate, and maintain the Services
• Authenticate subscription codes and enforce device limits
• Process payments and prevent fraud and abuse
• Diagnose and resolve service reliability and security issues
• Monitor for and respond to security incidents
• Respond to support requests
• Comply with applicable legal obligations

5. How We Share Information

We do not sell personal information. We may share limited information with:

Service providers
Third parties that assist with payments, infrastructure, CDN, monitoring, and customer support, under contractual obligations to protect your data.

Legal and compliance
When required by law, valid legal process, or court order, or to protect the rights, safety, and systems of Nera VPN and its users. We do not retain browsing history, traffic logs, or VPN destination records, which means such data is not available for us to produce in response to legal demands.

Corporate transactions
In connection with a merger, acquisition, financing, or asset sale, subject to confidentiality obligations.

6. Data Retention

We retain subscription entitlement and authentication metadata for the duration of your subscription and a reasonable period thereafter for billing, dispute resolution, and security purposes. Server request logs are retained on a rolling basis for security monitoring and are not used for user profiling. We do not retain browsing, traffic, or VPN activity data.

7. Infrastructure and Third Parties

Nera VPN relies on third-party infrastructure including CDN and edge network services (such as Cloudflare), payment processors, and our VPN network provider. These providers may process certain technical metadata (such as IP addresses at the network layer) as part of delivering the service. This is inherent to how internet infrastructure operates. We select providers with strong privacy and security commitments.

8. Security

We implement reasonable administrative, technical, and organizational safeguards to protect the information we hold, including hashing of authentication tokens and exclusion of sensitive endpoints from standard request logging. No method of transmission or storage is completely secure.

9. Your Choices and Rights

Depending on your jurisdiction, you may have rights to request access to, correction of, deletion of, or restriction of processing of personal data we hold. Because Nera VPN does not collect personal identifiers by default, many of these rights may have limited applicability. To make a privacy request, contact us at the address below.

10. Children's Privacy

The Services are not directed to children under 13 (or the applicable age in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us and we will delete it.

11. International Data Transfers

Our infrastructure operates across multiple regions. Your data may be processed in countries other than your own. We take steps to ensure transfers comply with applicable data protection laws.

12. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects when the most recent changes were made. Continued use of the Services after changes are posted constitutes your acceptance of the updated policy.

13. Contact

For privacy questions, requests, or concerns:
Admin@neravpn.com

Back to home