🎉 BETA TEST until end of June — Premium FREE for everyone!Download

After beta ends, Premium trial will be 3 days. Then subscription required.

Privacy Policy

Last updated: July 14, 2026

1. Our Commitment to Privacy

At VPNMesh, privacy is not just a feature—it's our core principle. We designed our service from the ground up to minimize data collection while providing you with fast, secure VPN access.

2. Information We DO NOT Collect

We maintain a strict no-logs policy. We do NOT collect:

  • Browsing history, visited websites, or VPN traffic contents
  • DNS queries (which domains you resolve)
  • In-tunnel destination addresses (where you go online)
  • Permanent “when and how long you were online” browsing-style session histories

3. Information We Collect

We collect only the minimum information necessary to operate our service:

3.1 Account Information

  • Sign-in identifiers: Telegram User ID, Google / Apple account ID and/or email — depending on the login method
  • Display name, first/last name, and photo URL — if provided by the identity provider
  • Registration date
  • Device identifiers (device_id) and platform for sessions / device limits

3.2 Subscription Information

  • Subscription plan and status
  • Payment transaction IDs (not card details)
  • Payment provider and method (YooKassa / Telegram Stars / CryptoPay / NOWPayments, etc.)
  • Subscription expiration date

3.3 Usage and Infrastructure

To enforce quotas, device limits, and session security we record operational metrics (never traffic contents and never DNS):

  • Per-account tx/rx byte totals (daily and monthly aggregates for GB quotas; daily stats have limited retention)
  • Connection counts in traffic aggregates (not a list of websites)
  • Online devices in Redis: device_id, device name/platform, connected_at / last_seen, client IP (the IP used to reach our API when connecting — for the device list and session security), backend FQDN and GEO code of the selected VPN node
  • Client IP on refresh-token updates (security)
  • GEO region selection and load balancing

3.4 Error Diagnostics (Sentry)

To detect and fix failures, client apps and backend services may send error telemetry to our self-hosted Sentry instance (sentry.vpnmesh.pro). This is not browsing analytics and not advertising tracking:

  • Crash stacks, exceptions, and error messages
  • Technical breadcrumbs (VPN connection stages, API failures)
  • App version, platform, and environment (development/production)
  • Sampled performance traces
  • Error extras may include operational labels (VPN node name/GEO, elapsed_ms) — not website URLs or DNS
  • We do not send email or user id by default (sendDefaultPii = false; user cleared in beforeSend); screenshots and UI view hierarchy are disabled
  • Sentry does not receive traffic contents, browsing history, or DNS queries

4. How We Use Information

The limited information we collect is used solely to provide the Service to you (not for advertising and not for selling data):

  • Providing and maintaining the VPN service
  • Processing payments and managing subscriptions
  • Enforcing device and traffic quotas
  • Showing online devices and protecting sessions (kick / device limit)
  • Account service communications (Telegram / email if provided)
  • Diagnosing and fixing errors (Sentry)
  • Improving infrastructure reliability

5. Data Storage and Security

5.1 Encryption: Data in transit between the client and our APIs / VPN tunnel is protected with industry-standard protocols. 5.2 Storage: Account data in PostgreSQL; online devices temporarily in Redis (while the session is active / short TTL). 5.3 Account: while active; after deletion typically up to ~30 days for recovery, then related rows are removed (CASCADE), except where short-term payment retention is required by law. 5.4 Traffic: daily tx/rx aggregates (about ~90 days retention target), monthly aggregates kept longer for quotas and reporting. 5.5 Sentry: error events kept for a limited time and not used to profile browsing.

6. Third-Party Services

We use the following third-party services:

  • Telegram — authentication, bot, and communication
  • Google Sign-In — optional sign-in
  • Apple Sign-In — optional sign-in
  • YooKassa — cards / SBP
  • Telegram Stars — in-Telegram payments
  • CryptoPay (@CryptoBot) and NOWPayments — crypto payments
  • Sentry (self-hosted at sentry.vpnmesh.pro) — error telemetry

7. Data Sharing and VPN Commitment (Apple 5.4)

We do NOT sell, rent, or monetize your data. Regarding the VPN service, we commit that we do not sell, use, or disclose to third parties any user data for any purpose other than operating the Service at your request (commitment aligned with App Store Review Guideline 5.4). In particular, we never disclose to third parties VPN traffic contents, browsing history, DNS queries, your original IP address, or connection destinations — we do not have such data. Sign-in and payment providers (Telegram, Google, Apple, YooKassa, etc.) process only the data needed for authentication or payment; they do not receive VPN traffic and are not used for advertising or profiling your online activity. Sentry diagnostics are self-hosted (sentry.vpnmesh.pro), contain only technical error events about the app/backend, and do not include browsing data or user identifiers. Disclosure may occur only if expressly required by applicable law and only for data we actually hold (not browsing logs).

8. Your Rights and Account Deletion

You have the right to: access, correction, deletion, and portability of your data. To request access or deletion of your account and related data, email the support address or contact us through our Telegram bot (section 12) with the subject "Delete account". We will process the request and delete account data within a reasonable time (generally within the retention window in section 5), except where short-term retention is required by law (for example, payment records).

9. Children's Privacy

Our Service is not intended for users under 18 years of age. We do not knowingly collect information from children under 18.

10. International Data Transfers

Our servers are located in multiple countries. By using our Service, you consent to the transfer of your information to countries that may have different data protection laws. Sentry diagnostic events are processed on our infrastructure (sentry.vpnmesh.pro).

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes through our Telegram bot and/or on the website.

12. Contact Us

The data controller and operator of the Service is the legal entity below. For privacy-related questions or requests, use the support email below:

🔒 Our Privacy Promise

We believe privacy is a fundamental right. Our no-logs policy means that even we cannot see what you do online. Your trust is our most valuable asset, and we're committed to protecting it.