Privacy & Logging Policy

Last updated: March 29, 2026

1. What We DO NOT Log

We do not monitor or store your browsing activity. This means we never collect:

  • Websites you visit – We don't track which sites you browse
  • Traffic content – We don't inspect or store what you download or upload
  • DNS queries – We don't log which domains you look up
  • Search history – We don't track your searches or online behavior
  • Deep packet inspection – We don't analyze the content of your data

Your browsing activity is completely private.

2. What We DO Log (And Why)

To prevent fraud, enforce our fair-use policy (3-device limit), and maintain service security, we temporarily collect minimal connection metadata:

Connection Logs (Retained 24-48 hours)

  • Your IP address – To identify your device and detect unauthorized account sharing
  • Connection timestamps – To enforce simultaneous device limits
  • Approximate location (city/country) – To detect password theft (e.g., account used in France and China simultaneously)
  • Anonymous username – A random identifier like "NAUIZ_1" (not linked to your real identity)

Legal Basis (GDPR Article 6)

We process this data under:

  • Contract performance (Art. 6(1)(b)) – To enforce our 3-device-per-subscription limit
  • Legitimate interest (Art. 6(1)(f)) – To prevent fraud and unauthorized account sharing

Automatic Deletion

Connection logs are automatically deleted after 24-48 hours via log rotation. We do not retain long-term connection history.

3. How We Protect Your Privacy

  • Short retention – Logs deleted within 48 hours, not weeks or months
  • Minimal data – We only collect what's necessary for fraud prevention
  • No traffic analysis – We don't know what you browse, download, or search
  • Encrypted connections – All VPN traffic is encrypted end-to-end
  • No third-party sharing – We never sell or share your data

4. Account & Payment Data

  • Email address – Used for account access and support (required)
  • Payment information – Processed by Stripe (we don't store credit card details)
  • Subscription status – To manage your service access

This data is retained while your account is active and for legal/tax purposes as required by law.

5. Your Rights (GDPR)

Under EU data protection law, you have the right to:

  • Access – Request a copy of your data
  • Deletion – Request deletion of your account and associated data
  • Rectification – Correct inaccurate information
  • Object – Object to data processing (may limit service functionality)

Contact us at support@vulcainvpn.com to exercise these rights.

6. No-Warrant Canary

As of March 29, 2026:

  • We have not received any government data requests
  • We have not been compelled to log user activity
  • We have not installed any backdoors

This section will be updated quarterly. Absence of an update may indicate legal restrictions on disclosure.

7. Changes to This Policy

We may update this policy to reflect service changes or legal requirements. Material changes will be communicated via email.

Continued use of the service after policy updates constitutes acceptance.