NNebulaVPN
Download
Your privacy

Privacy Policy

We wrote this to be read, not buried. Here's exactly what NebulaVPN does with data — and, more importantly, what it doesn't.

📋 Last updated: June 24, 2026 ✉️ Questions: [email protected]
On this page The 30-second summary Our no-logs promise What we do (and don't) collect How the VPN servers work How ads work Third-party services Children's privacy Your rights (GDPR & CCPA) Security Changes to this policy Contact us

The 30-second summary

If you read nothing else, read this: NebulaVPN is built to collect as little as possible. We don't log your browsing, we don't sell your data, and we don't operate the servers you connect through. We use standard crash and analytics tooling to keep the app stable, and lightweight ads to keep it free. That's the whole story.

Plainly: We cannot see which websites you visit while connected, because that traffic flows through servers we don't control and don't monitor. Our promise isn't a policy clause we can quietly rewrite — it's a structural fact about how NebulaVPN is built.

Our no-logs promise

"No logs" gets thrown around loosely in this industry, so here's precisely what we mean:

  • We do not record the websites you visit or the apps you use while connected.
  • We do not log your originating IP address for tracking purposes.
  • We do not log your DNS queries.
  • We do not log connection timestamps tied to your identity.
  • We do not log the bandwidth you consume.

We can make this promise credibly because we are not your VPN server provider. NebulaVPN is a smart client that connects you to a validated pool of publicly operated servers. Your encrypted traffic passes through infrastructure we neither own nor instrument. If we wanted to spy on you, we technologically couldn't — and we wouldn't want to anyway.

What we do (and don't) collect

To keep the app running and improving, we handle a small amount of non-identifying technical data:

Information you give us directly

  • Contact form & support emails. When you email [email protected] or use our contact form, we receive whatever you choose to share (name, email, message). We use it solely to reply and resolve your request, then retain it only as long as needed for support.

Information collected automatically

  • Crash & stability data. If the app crashes, anonymous stack traces and device info (Android version, app version) may be sent so we can fix bugs. This is never linked to your browsing.
  • Aggregate, anonymized analytics. We may collect high-level, non-personal stats like approximate install counts and aggregate feature usage to understand what's working. This is not tied to your identity.
  • Server list data. The app fetches our publicly published, ranked server list. This is generic data about available servers, not about you.

What we never collect

  • Your browsing history, search queries, or app usage while connected.
  • Your real IP address for tracking or profiling.
  • The content of your traffic — it's encrypted and routed through servers we don't control.
  • Personal data sold to or shared with data brokers. We don't have a data-selling business, full stop.

How the VPN servers work

This matters for your privacy, so it's worth understanding. The servers NebulaVPN connects you to are operated by independent volunteers and organizations as part of a public community network — not by us. Our role is to test, score, and rank those servers every hour so you get the best, most reliable ones, and to build the app that connects you securely.

Because we don't operate the exit servers, we have no access to their internal logs — and they are outside our control. If you have concerns about what an individual community server might log, the responsible assumption with any free VPN is that the server operator could see connection metadata. That's why we encrypt your traffic and verify exit locations — but for the highest-threat privacy needs, a paid, independently audited VPN provider remains the stronger choice.

How advertising works

NebulaVPN is free because of ads, not data sales. We use established mobile ad networks and mediation partners to serve advertising. These partners may collect device identifiers (such as an advertising ID) and usage data for their own purposes — like measuring ad performance and preventing fraud — under their own privacy policies and applicable laws.

Here's what that means in practice:

  • We do not share your personal information with advertisers in exchange for money.
  • Ad networks operate under their own policies; you can reset or limit ad tracking via your device's advertising-ID settings.
  • Ads are kept unobtrusive — banners and occasional interstitials — and never interfere with an active, protected connection.

If you'd prefer no ads at all, you can adjust your device's ad-tracking settings or limit ad personalization in your Google/Android privacy controls.

Third-party services

We rely on a few trusted, standard services to operate:

  • Mobile advertising & mediation networks — to serve and measure ads (under their own policies).
  • Firebase — for app analytics, crash reporting, and remote configuration, operated under Google's privacy practices.
  • Public server feeds — the source of the VPN server list we validate.

Each of these is governed by its own privacy policy. We encourage you to review them. We do not hand them your browsing data, because we don't have it.

Children's privacy

NebulaVPN is not directed at children under 13 (or the equivalent minimum age in your region), and we do not knowingly collect personal information from them. If you believe a child has provided us personal data, contact us and we'll delete it.

Your rights (GDPR, CCPA & similar laws)

Depending on where you live, you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Delete your data ("right to be forgotten").
  • Object to or restrict certain processing.
  • Withdraw consent where processing relies on it.
  • Lodge a complaint with your local data-protection authority.

Because we collect so little, exercising these rights is usually simple. Email [email protected] with your request and we'll respond within the timeframe the law requires. You don't need a lawyer to ask — a plain email works.

Security

Your VPN connections use real OpenVPN tunnels with AES-256-CBC encryption and SHA-512 authentication. The app verifies each server's real exit country before trusting it, so you're not silently routed somewhere unexpected. No method of transmission or storage is 100% secure, but we use industry-standard protections and design the system to hold as little sensitive data as possible.

Changes to this policy

We may update this policy as the app evolves. When we do, we'll revise the "Last updated" date above and, for significant changes, surface a notice in the app or on this site. Continued use after a change means you're cool with the updated terms.

Contact us

Privacy questions, data requests, or concerns? We want to hear from you.

We're a small team, but we read everything and take privacy seriously — it's the whole point of the app.