1 Overview
LumenVPN ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy describes how we collect, use, and handle your personal information when you use our services, including our mobile apps, website at lumenvpn.net, and any related services (collectively, the "Service").
By using LumenVPN, you agree to the terms of this Privacy Policy. If you do not agree, please do not use our Service.
โก
The short version: We collect as little data as possible. We never log your browsing activity, originating IP address, DNS queries, or the content of your VPN traffic. Your online activity is your business, not ours.
2 Information We Collect
We collect only the minimum information necessary to provide the Service:
- Account Information: When you register with an email and password, we store your email address and a bcrypt-hashed password. If you sign in via a third-party provider (Google, Facebook, or Apple), we receive and store only the OAuth identifier and email address provided by that service โ we do not receive or store your social account password.
- Session Usage Data (Free Tier): To enforce the free-tier daily usage quota, we collect total connection duration (in seconds) and total bytes transferred per session. This data is used solely for quota management and is not linked to any browsing activity or destinations visited.
- Approximate Location (Server Suggestion): The app uses your device's coarse location or IP-derived region to suggest the nearest VPN server. Your precise GPS coordinates are never transmitted to our servers.
- Payment Information: Billing details are processed securely by our third-party payment provider. We do not store full card numbers on our systems.
- App Diagnostics: Crash reports and performance data are automatically collected in release builds via Firebase Crashlytics to help us fix bugs. This data never includes VPN traffic content, browsing history, or your originating IP address.
- Support Communications: Messages you send to our support team to help resolve your issue.
We do not collect: your originating IP address while connected, browsing history, DNS queries, traffic content, or the destinations of your VPN traffic.
3 No-Log Policy
LumenVPN operates under a strict no-logs policy for VPN traffic. The following data is never collected or stored:
- Your originating IP address while using the VPN
- Your assigned VPN IP address
- DNS queries or browsing history
- The content of your internet traffic
- The destinations or websites you visit
- Connection timestamps tied to your identity
๐ก๏ธ
Note: Session duration and total bytes are collected for free-tier quota management only (see Section 2). These figures are not linked to any browsing activity, destinations, or traffic content.
4 Third-Party Services
The LumenVPN app and website integrate the following third-party services. Each has its own privacy policy and data practices:
- Firebase Crashlytics (Google LLC): Automatic crash reporting and app stability monitoring. Collects device model, OS version, app version, and stack traces. No VPN traffic data is included. Firebase Privacy Policy โ
- Firebase Analytics (Google LLC): Aggregated, anonymised app usage analytics (e.g. screen views, feature usage). No personally identifiable VPN activity is tracked. Firebase Privacy Policy โ
- Google Mobile Ads (Google LLC): Used to display advertisements in the free tier of the app. Google may collect device identifiers and usage data to serve contextual ads. You can opt out via your device's ad settings. Google Privacy Policy โ
- Google Sign-In / OAuth (Google LLC): Optional sign-in method. We receive only your Google account email and OAuth identifier.
- Facebook Login (Meta Platforms, Inc.): Optional sign-in method. We receive only your Facebook account email and OAuth identifier. Meta Privacy Policy โ
- Sign in with Apple (Apple Inc.): Optional sign-in method. We receive only the email (or Apple-relayed email) and OAuth identifier provided by Apple.
- Payment Processors: Subscription purchases are processed by our payment provider (e.g., Google Play Billing, Stripe). We do not store full payment card details.
โน๏ธ
We do not control the data practices of these third-party services. We encourage you to review their privacy policies for details on how they handle your data.
5 How We Use Information
The limited information we do collect is used solely to:
- Provide, operate, and maintain the LumenVPN Service
- Enforce free-tier daily usage quotas (session duration and bytes)
- Suggest the nearest VPN server based on approximate location
- Process transactions and manage your subscription
- Send important service announcements and security alerts
- Respond to support requests
- Fix bugs and improve app stability via crash reports
- Detect and prevent fraud or abuse of our platform
- Serve advertisements in the free tier via Google Mobile Ads
6 Data Sharing & Disclosure
We do not sell, rent, or trade your personal information. We may share limited data only with:
- Third-Party Service Providers (Section 4): Firebase, Google, Meta, Apple, and payment processors as described above โ each bound by their own data processing terms.
- Infrastructure Providers: Cloud hosting and networking vendors who help us operate VPN servers, bound by strict data processing agreements.
- Legal Requirements: If required by valid law enforcement requests โ however, since we do not log VPN traffic or originating IPs, there is no meaningful activity data to disclose.
- Business Transfers: In the event of a merger, acquisition, or sale of assets, your account data may be transferred to the successor entity, subject to the same privacy protections.
7 Data Retention
We retain account information for as long as your account is active. Session usage figures (duration and bytes) used for daily quota are automatically reset each day. If you delete your account, all personal data is permanently deleted within 30 days, except where required by law (e.g., financial transaction records, typically 7 years โ containing no VPN activity data).
8 Security
We take security seriously and implement industry-standard protections:
- AES-256 encryption for all VPN tunnels
- TLS 1.3 for all data transmitted between the app and our servers
- Bcrypt hashing for email/password accounts
- Regular penetration testing and security reviews
- Strict access controls โ only essential personnel can access account systems
9 Your Rights
Depending on your location, you may have the following rights under GDPR, CCPA, or other applicable laws:
- Access: Request a copy of the personal data we hold about you.
- Rectification: Request correction of inaccurate data.
- Erasure: Request deletion of your account and associated data.
- Portability: Receive your data in a structured, machine-readable format.
- Objection: Object to specific uses of your data.
To exercise any of these rights, contact us at privacy@lumenvpn.net or visit our account deletion page.
10 Cookies
Our website (lumenvpn.net) uses only essential cookies โ to keep you logged in and remember your preferences. We do not use advertising or behavioural tracking cookies on the website itself. Note that the Google Mobile Ads SDK in the mobile app may use device identifiers; see Section 4 for details.
11 Children's Privacy
LumenVPN is not intended for children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If you believe a child has provided us with their data, please contact us immediately and we will delete it.
12 Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top and notify you via email or an in-app notice for material changes. Your continued use of the Service after changes take effect constitutes your acceptance of the updated policy.