Privacy

What Fexyn does and doesn't log

A plain-language explanation of our logging stance.

Our commitment in one sentence

Fexyn does not log browsing history, DNS queries, or traffic content. We keep only the account, billing, security, limited connection, and operational data needed to run the service.

That sentence appears in our Privacy Policy and Terms of Service. The rest of this page explains what it means in practice and where the limits sit, so you can decide whether Fexyn matches your threat model before you sign up.

What we do not log

Browsing history. Fexyn servers do not record which sites or services you visit while connected. There is no per-user URL log on the VPN infrastructure.
DNS queries. Domain lookups made through the tunnel are not stored. The DNS resolver answers the request and the result is forwarded; the query itself is not retained for analytics or marketing.
Traffic content. The bytes that pass through the tunnel are not inspected, copied, or stored. There is no deep-packet inspection of user traffic on Fexyn servers.
IPs you connect to from the tunnel. The list of destination IPs your traffic exits to is not retained per user.

What we do keep, and why

Running a paid VPN at scale requires a small amount of operational data. We keep this data because the alternative is not "more privacy" — it is "a service that cannot bill, cannot detect abuse, and cannot tell you why a connection failed."

Account data. Your email address and account credentials so you can sign in. If you pay with cryptocurrency we do not require a real name.
Billing data. Subscription state, plan, billing interval, invoices, and the payment provider's tokenized reference. Card details themselves stay with the payment provider; Fexyn does not store full card numbers.
Security data. Authentication events such as sign-ins, password changes, and MFA enrollment. These exist to protect your account from takeover and to satisfy account-recovery requests.
Limited connection data. Coarse-grained operational counters such as the device count allocated against your plan and recent connection success or failure indicators. This is what makes it possible to enforce a 5-device plan and to tell you which device is currently active.
Operational data. Aggregate, non-user-identifying server health metrics — CPU load, network throughput per server, error counts — that let us keep the network running. Logs that would tie a metric back to an individual user are not part of this set.

How this differs from "zero logs"

You will see other VPNs say "zero logs" or "we keep nothing." In our experience that phrasing is either imprecise or unverifiable. A subscription business has to keep billing records to charge a card. A multi-device plan has to know which devices are active. A support team has to be able to tell whether your account exists.

Rather than overstate, we describe exactly what we keep so you can compare honestly.

What this means in practice

If a third party serves us valid legal process and asks for your browsing history, we cannot produce it because it does not exist on our systems.
If you ask support for a list of sites you visited last week, we cannot produce that either, for the same reason.
If you forget your password we can help you recover access via your account email and any MFA you have enrolled — that workflow uses the security-event data described above.
If you cancel and request data deletion under GDPR, we delete account, billing, and security records on the schedule described in the Privacy Policy.

About independent audits

Fexyn has not yet completed an independent third-party no-logs audit. Audits are valuable but they are also a snapshot of one point in time. We will publish audit results here when an audit is performed; until then this page is the source of truth for what we do and don't collect, alongside our Privacy Policy.