Legal · Updated June 2026

Privacy Policy

How EngineVPN collects, uses, and protects the limited information needed to run the service — and the much larger list of things we deliberately don't collect.

Short version: we don't log your browsing. We keep the minimum data needed to operate accounts and bill usage, we don't sell it, and we run on RAM-only servers so there's little to leak. The full detail follows. This document is a plain-language template and not legal advice.

1. Who we are

EngineVPN ("EngineVPN", "we", "us") operates a virtual private network service for individuals ("Consumer VPN") and automated workloads ("Agentic VPN"), running on infrastructure we manage ourselves. This policy explains what happens to information when you use our website, apps, and API.

2. What we collect

Account data

When you create an account we store an email address and authentication credentials. If you pay, our payment processor handles card details — we receive a token and basic billing metadata, never your full card number.

Service metadata

To run the network and bill fairly we keep aggregate, time-limited counters such as total bandwidth per billing period and the number of active exits on an account. For Agentic VPN, per-key usage totals are retained for invoicing.

Diagnostics

Apps may send crash reports and coarse, non-identifying performance metrics. These can be turned off in settings.

3. What we deliberately do not collect

  • Browsing history, DNS queries, or the contents of your traffic.
  • The IP addresses you connect to, or the websites and services you reach.
  • Connection timestamps tied to your identity in a way that could reconstruct activity.
  • Any record that maps an exit IP back to a specific user session after the session ends.

See our No-logs Policy for how this is enforced technically.

4. How we use information

  • To create and secure your account.
  • To operate, maintain, and improve the network.
  • To meter usage and process payments.
  • To send essential service messages and, if you opt in, product updates.
  • To detect and prevent abuse, fraud, and threats to the network.

5. Legal bases

Where the GDPR applies, we process data to perform our contract with you (running the service), to meet legitimate interests (security and abuse prevention), to comply with legal obligations, and on the basis of consent for optional communications.

6. Sharing

We don't sell personal data. We share it only with processors who help us run the service — for example payment and email providers — under contracts that limit them to our instructions. We may disclose information if compelled by valid legal process, but we can only ever produce what we actually hold, which by design is very little.

7. Retention

Account data is kept while your account is active and for a short period afterwards to handle billing and disputes. Usage counters are retained only as long as needed for the current and prior billing period. RAM-only nodes hold operational state only until reboot.

8. Your rights

Depending on where you live, you may have rights to access, correct, export, or delete your data, and to object to or restrict certain processing. Email privacy@enginevpn.com and we'll respond within the time the law requires.

9. Security

Traffic is encrypted with modern ciphers (WireGuard and AES-256). Accounts are protected with hashed credentials and optional multi-factor authentication. Core infrastructure runs from volatile memory and is access-controlled.

10. International transfers

Our network spans many regions. Where data crosses borders we rely on appropriate safeguards such as standard contractual clauses.

11. Children

EngineVPN is not directed to children under 16, and we don't knowingly collect their data.

12. Changes

We'll post any updates here and adjust the "updated" date above. Material changes will be announced by email or in-app.

Questions about this policy? Email privacy@enginevpn.com or visit our contact page.