NexGuard VPN

Privacy Policy

Effective Date: March 14, 2026

1. Introduction

NexGuard VPN, operated by NexGuard Technologies (“we,” “us,” or “our”), is committed to protecting the privacy of our users. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our VPN service, website at nexguardvpn.com, desktop application, and mobile application (collectively, the “Service”).

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address — used for account identification, communication, and password recovery.
  • Password — stored using bcrypt one-way hashing; we never store or have access to your plaintext password.
  • Display name — optionally provided for your profile.

2.2 Social Authentication Data

If you sign in using Google or Apple, we receive a limited profile from the authentication provider, which typically includes your email address and display name. We do not receive or store your social media passwords.

2.3 Payment Information

Payments are processed through Stripe. We do not store your full credit card number, CVV, or other sensitive payment details on our servers. Stripe provides us with:

  • A unique customer identifier
  • Subscription status and plan details
  • Last four digits of your payment method (for display purposes)
  • Billing country

2.4 Device and Session Information

To enforce our per-account device limit (up to 10 devices) and manage active sessions, we collect:

  • Device type and platform (e.g., Windows, macOS, Android, iOS)
  • Session tokens and their creation/expiration timestamps
  • Application version

2.5 Usage Analytics

We may collect minimal, aggregated usage data to improve the Service, such as:

  • Connection timestamps (when you connect and disconnect)
  • Server location selected (country/city, not IP address)
  • Amount of data transferred (aggregate, not content)
  • Connection protocol used (OpenVPN, WireGuard, IKEv2, or L2TP/IPsec)

2.6 Technical Data

When you visit our website, we may automatically collect:

  • IP address (not stored in connection with VPN usage)
  • Browser type and version
  • Operating system
  • Referring URL
  • Pages visited on our website

3. Information We Do Not Collect

NexGuard VPN operates under a strict zero-log policy for VPN activity. We do not collect, monitor, store, or share:

  • Your browsing history or the websites you visit while connected to our VPN
  • DNS queries made through our VPN tunnels
  • The content of your internet traffic
  • Your originating IP address in connection with VPN sessions
  • Your download or upload activity details
  • Connection logs that could tie specific internet activity to your account

Our zero-log policy means that even if compelled by legal authority, we cannot provide VPN usage data that we do not possess.

4. How We Use Your Information

We use the information we collect for the following purposes:

  • Provide and maintain the Service — to operate the VPN, manage your account, and deliver customer support.
  • Process payments — to manage your subscription billing through Stripe.
  • Enforce usage limits — to manage the 10-device-per-account limit and prevent abuse.
  • Improve the Service — to analyze aggregated usage patterns, optimize server performance, and develop new features.
  • Communicate with you — to send account-related notifications, security alerts, and service updates.
  • Ensure security — to detect and prevent fraud, abuse, and unauthorized access.
  • Comply with legal obligations — to meet applicable legal or regulatory requirements.

5. Data Sharing and Third Parties

We do not sell, rent, or trade your personal information to third parties for marketing purposes. We share data only in the following limited circumstances:

5.1 Service Providers

  • Stripe — processes subscription payments on our behalf.
  • Neon (PostgreSQL) — provides our database infrastructure where account data is securely stored.
  • VPN Infrastructure Provider — our VPN server infrastructure partner receives only the minimum data required to provision and maintain your VPN connection. No browsing activity is shared or logged.
  • Vercel — hosts our web application and API endpoints.

5.2 Legal Requirements

We may disclose your account information if required to do so by law or if we believe in good faith that such disclosure is necessary to:

  • Comply with a legal obligation, court order, or government request
  • Protect and defend our rights or property
  • Prevent fraud or address security issues
  • Protect the personal safety of users or the public

Due to our zero-log policy, any such disclosure is limited to account-level information and cannot include VPN browsing activity.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you via email or prominent notice on our website before your information becomes subject to a different privacy policy.

6. Cookies and Tracking Technologies

Our website uses a minimal set of cookies:

  • Essential cookies — required for authentication and session management. These cannot be disabled without breaking core functionality.
  • Preference cookies — store your settings and preferences (e.g., theme, language).

We do not use third-party advertising cookies or cross-site tracking technologies. We do not participate in ad networks or retargeting programs.

7. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service. Specifically:

  • Account data — retained until you delete your account or request deletion.
  • Payment records — retained as required by applicable tax and financial regulations (typically 7 years).
  • Session data — automatically purged when sessions expire or are revoked.
  • Aggregated analytics — retained indefinitely in anonymized, non-identifiable form.

When you delete your account, we will remove your personal data from our active systems within 30 days. Backup copies may persist for up to 90 days before being permanently deleted.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access — request a copy of the personal data we hold about you.
  • Correction — request that we correct any inaccurate or incomplete data.
  • Deletion — request that we delete your personal data, subject to legal retention requirements.
  • Portability — request your data in a structured, commonly used, machine-readable format.
  • Objection — object to the processing of your data in certain circumstances.
  • Restriction — request that we restrict the processing of your data in certain circumstances.
  • Withdraw consent — where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, please contact us at support@nexguardvpn.com. We will respond to your request within 30 days.

9. Data Security

We implement industry-standard security measures to protect your data, including:

  • AES-256 encryption for VPN tunnels
  • TLS 1.3 for all API communications
  • Bcrypt password hashing with salting
  • JWT-based authentication with short-lived access tokens and rotating refresh tokens
  • Rate limiting on authentication endpoints
  • Regular security audits and penetration testing

While we strive to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to promptly addressing any breach in accordance with applicable notification laws.

10. International Data Transfers

Our servers are located in multiple countries worldwide. By using the Service, you consent to the transfer of your information to countries outside your country of residence, which may have different data protection laws. We ensure that appropriate safeguards are in place for such transfers.

11. Children's Privacy

The Service is not intended for individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal data from a child under 13, we will take steps to delete that information promptly. If you believe a child under 13 has provided us with personal information, please contact us at support@nexguardvpn.com.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

  • Posting the updated policy on our website with a revised effective date
  • Sending an email notification to the address associated with your account

Your continued use of the Service after any changes constitutes acceptance of the updated Privacy Policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: