Legal
Privacy Policy
Last updated: March 2026
1. Introduction
Fexyn VPN (“Fexyn,” “we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our VPN service, website, and related applications.
By using Fexyn VPN, you agree to the practices described in this policy. If you do not agree, please discontinue use of our services.
2. Information We Collect
Account Information
- Email address (for account creation and communication)
- Display name (optional, for personalization)
- Account credentials (securely hashed, never stored in plaintext)
Payment Information
Payments are processed by Stripe. We do not store your credit card numbers, CVV, or full card details. We retain only a transaction reference and the last four digits of your card for billing history.
Device Information
- Device name (as provided by you during registration)
- Device platform (e.g., Windows, macOS, iOS)
- Connection timestamps (when a VPN session starts and ends)
Connection Metadata
- Server connected to (e.g., Frankfurt, Amsterdam)
- VPN protocol used (Fexyn Bolt, Fexyn Stealth, Fexyn Secure)
- Bandwidth consumed per session
3. What We Do NOT Collect
Our strict no-logs commitment:
- No browsing history — We never monitor, record, or store the websites you visit.
- No traffic content — We cannot and do not inspect the content of your encrypted traffic.
- No DNS queries — We do not log your DNS requests.
- No originating IP addresses — After your VPN session ends, we do not retain your source IP address.
- No activity logs — We do not log the websites you visit, files you download, or any internet activity. Connection metadata (which server, when, how long) cannot reveal what you did while connected.
4. How We Use Information
- Account management — To create and maintain your account, process authentication, and enable device management.
- Service provision — To allocate VPN resources, manage server connections, and enforce device limits.
- Billing — To process payments, manage subscriptions, and provide invoices.
- Abuse prevention — To detect and prevent misuse of our service in accordance with our Terms of Service.
- Service improvement — To understand aggregate usage patterns and improve infrastructure performance.
5. Data Retention
- Connection metadata is automatically purged after 90 days.
- Account data is retained while your account is active.
- Upon account deletion, all personal data is permanently removed within 30 days.
- Billing records may be retained for up to 7 years as required by tax and financial regulations.
6. Law Enforcement Requests
Fexyn complies with valid legal process, including subpoenas, court orders, and search warrants issued by courts of competent jurisdiction.
When we receive a legal request, our process is:
- Verify validity — We review every request for legal sufficiency and narrow scope before responding.
- Notify the user — We will notify the affected user of the request unless we are legally prohibited from doing so (e.g., by a gag order).
- Limit disclosure to data actually possessed — Because we do not log browsing history, DNS queries, or traffic content, we cannot provide this information in response to any request. We can only disclose account-level data (email, subscription status, connection metadata) as described in Section 2.
For transparency about government data requests we have received, see our Warrant Canary.
7. Legal Basis for Processing
Under the General Data Protection Regulation (GDPR), we process your data under the following legal bases:
| Processing Activity | Legal Basis |
|---|---|
| Account creation & management | Performance of contract |
| VPN service delivery | Performance of contract |
| Payment processing (via Stripe) | Performance of contract |
| Connection metadata (timestamps, server, bandwidth) | Legitimate interest (service quality & abuse prevention) |
| Security event logging | Legitimate interest (security monitoring) |
| Affiliate referral tracking | Consent (cookie banner) |
| Email communications | Performance of contract / Consent |
You may object to legitimate interest processing at any time by contacting privacy@fexyn.com.
8. Third Parties
- Stripe — Payment processing. Stripe's privacy policy applies to payment data they handle.
- Keycloak — Authentication (self-hosted on our infrastructure). No data is shared with third parties through Keycloak.
- Resend — Transactional email delivery (account notifications, password resets). Resend's privacy policy applies to email delivery data.
We do not sell, rent, or share your personal data with advertisers or any other third parties. We do not engage in data brokering.
9. Data Security
We implement industry-standard security measures to protect your data:
- All data is encrypted in transit using TLS 1.2 or higher.
- Databases are encrypted at rest.
- VPN connections use state-of-the-art encryption (Fexyn Bolt: ChaCha20-Poly1305, Fexyn Stealth: TLS 1.3 Reality, Fexyn Secure: AES-256-GCM).
- Authentication credentials are protected with short-lived certificates and secure hashing.
- Infrastructure is hardened with firewalls, intrusion detection, and regular security audits.
10. Your Rights
You have the right to:
- Access — Request a copy of all personal data we hold about you.
- Correction — Request correction of inaccurate personal data.
- Deletion — Request permanent deletion of your account and all associated data.
- Data export — Request an export of your data in a portable format.
To exercise any of these rights, contact us at support@fexyn.com.
11. Cookies
- Session cookies — Used for authentication and maintaining your login session. Essential for service operation.
- Preference cookies — Used to remember your language and theme preferences.
We do not use tracking cookies, advertising cookies, or any third-party analytics cookies. We do not participate in cross-site tracking.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we make significant changes, we will notify you by email or through a prominent notice on our website. The “Last updated” date at the top of this page indicates when the policy was last revised. Continued use of our services after changes constitutes acceptance of the updated policy.
13. Contact
If you have any questions about this Privacy Policy or our data practices, contact us at: