At X-VPN, your privacy is more than just a motto—it’s at the center of everything we do. We know many users have questions like: “How is my data stored, sent, and handled when I use X-VPN? Do you secretly keep my personal information?”
We believe transparency builds trust. So, in this blog, we’ll explain exactly how we protect your data at every step when you use X-VPN.
Table of Contents
X-VPN Never Stores Any Logs of Your Online Activity
X-VPN strictly follows a no-logs policy and avoids anything that could put your privacy at risk. Specifically, we NEVER COLLECT, STORE, or SELL any of your personal data or online activity, including:
1. Your Browsing History and Online Activities
We do not record the websites you visit, search terms you type, apps you’ve used, or any online activities conducted while connected to X-VPN.
2. Your Transferred Content
We never monitor or log anything you send or receive online, including messages, emails, streaming data, downloads, uploads, or any kind of data transferred while using X-VPN.
3. Your IP Address
We do not collect or store your real (source) IP address or the IP addresses of the X-VPN servers you connect to.
4. Your DNS Queries
We are unable to see the domain names you query, search, or try to access.
5. Your Exact Location
We do not capture your GPS or IP-based precise location. Your location always stays private.
6. Your Payment Information
We do not have access to your credit card numbers, bank account details, or cryptocurrency wallet addresses. All payment transactions are independently processed by secure third-party payment platforms.
7. Your Device Identifiers
We do not track your device’s identity, such as collecting IMEI, MAC addresses, or other unique device identifiers.
8. Your App Usage and Configuration
We do not build profiles on your app configurations or track the other apps or services you use while connected.
9. Your Behavior Analysis
We do not perform any targeted analysis, behavior modeling, or personal habit analysis on you.
10. Your Data from Non-X-VPN Apps
We do not access or collect data from any apps outside of X-VPN. All permission requests are strictly limited to the minimum required to ensure basic VPN functionality.
We ensure that every user can trust their data and privacy are safe with X-VPN. How do we achieve this? Please read on to see how our technology and processes are built to protect your privacy from the ground up.
How We Use Technology to Enforce Our No-Logs Policy
Our strict no-logs policy is more than just a statement. From product design to technical implementation and internal processes to third-party collaborations, we hold ourselves to the highest standards to ensure no sensitive user data is ever collected or stored.
Designed for Zero Logs
Our servers are engineered to never log your data. Someone asks us for logs? Sorry, we can’t hand over what we never had.
✅ No-Log Server Setup: Our servers are deployed with logging completely disabled. No records of your online activity, no IP addresses, nothing.
✅ Zero-Retention Packet Handling: Every piece of data passing through our servers is processed in memory and instantly wiped—never saved or written to disk.
✅ Strict Logging Whitelist: If anyone tries to add unapproved or sensitive logs, our automated systems (CI pipeline) block it immediately.
✅ Automatic Cleanup: Any temporary data needed to maintain operation is deleted immediately after use
Strong Encryption & Smart Key Management
A secure tunnel is the heart of a VPN, but how do we make sure encryption keys don’t become a liability? It’s simple: we use military-grade encryption, and each of our session keys is designed for one-time use.” As soon as you disconnect, the keys disappear automatically—just like snow melting away.
✅ Strong Encryption Protocols: We encrypt all VPN tunnels using the TLS security protocol and advanced encryption algorithms, such as AES-GCM. Using elliptic curve key exchange, each connection gets its own unique encryption key. This way, even if a key is exposed, your data stays private and secure.
✅ Key Rotation and HKDF Derivation: We regularly rotate our encryption keys and use HKDF to safely generate different types of secret keys (for encryption and authentication) from a shared key. This keeps your keys safe and ready for multiple secure uses.
Regular Self-Checks & Transparent Third-Party Audits
We don’t just ask you to trust us. We regularly review our own systems and invite independent experts to check our privacy policies.
✅ Regular Internal Self-Audits: Our engineering and security teams regularly review our systems to ensure no logs can be leaked.
✅ Transparency and Verification: We openly share the results so our users (and the public) can see we truly honor our privacy commitments. Additionally, we welcome global security experts to join our bug bounty program to help test and fix any potential issues.
By never creating (or storing) your data in the first place, your privacy and data are truly protected with us.
In-Depth Analysis: How X-VPN Upholds Privacy from Start to Finish
Now, we will analyze each step to demonstrate how X-VPN upholds its privacy protection commitment by exemplifying the Data Minimization Principle throughout the entire process of downloading/installing, launching, logging in, connecting to servers, and ending a VPN session on iOS.
On other devices, the download and installation of X-VPN are also only handled by the respective app stores (such as App Store or Google Play)/our official website and the operating system (e.g., iOS, Android, Windows, macOS, Linux).
1. Download and Installation
X-VPN cannot, and will not, know who you are while you are downloading and installing X-VPN. We believe privacy protection should be in effect from the moment of zero interaction.
Is Any Data Being Collected?
Technical Handling
- The Download and installation of the X-VPN app on iPhone/iPad are entirely handled by the App Store & iOS. No data is sent back to our servers during the entire process.
- No Device Fingerprinting: Device Fingerprinting is a technology commonly used to track users. It can collect device hardware identifiers (like IMEI, MAC address, or serial number) and system parameters (like resolution, fonts, language, time zone, or OS version) to generate a unique identifier for persistent tracking across sessions, apps, or websites. And we strictly do not collect, calculate, or construct any form of device fingerprints.
- No Permission Requests: X-VPN does not proactively request permissions to access location, contacts, camera or the file system during installation. If permissions are required for subsequent connections to the VPN (such as network access), they will also be used only after you have explicitly authorized them.
2. First Launch
The first launch marks the initial connection between each user and X-VPN. During this process, we adhere to the Principle of Least Privilege and Privacy-by-Design to strictly limit what is collected and how it is used.
Is Any Data Being Collected?
Technical Handling
- Request Construction: X-VPN will build an initialization request when you tap the app icon for the first time.
- Encrypted Transmission: The request is transmitted via end-to-end TLS encryption to prevent data leakage and man-in-the-middle attacks.
3. Account Registration/Login
When you create an account or log in to X-VPN, the system needs to establish a binding relationship with you. We utilize the Minimal Necessary Data Collection Policy in this process, and use the latest encryption standards to ensure secure transmission and user privacy.
As well as using regular email, X-VPN also supports creating accounts via virtual email. The free version does not even require a login to use – giving you complete control over your personal information.
Is Any Data Being Collected?
Technical Handling
- Credential Input: When you enter your email and password on the login screen, the credentials are processed locally. The plaintext password is never stored.
- Encrypted Transmission: The login request is transmitted via end-to-end TLS encryption to prevent data leakage and man-in-the-middle attacks.
- API Server Communication: After the server receives the request, it will verify the encrypted credentials server-side. Once validated, it will get your subscription status and assign configurations such as server lists, feature flags, etc., to the current anonymous device.
- Data Cleaning: Login credentials are processed in memory only and never written to the hard disk. All information is cleared immediately after login is completed.
4. Connect to a VPN Server
When you select and connect to a server located in a region, X-VPN creates a secure, encrypted network tunnel for your device.
Is Any Data Being Collected?
Technical Handling
- Server Selection: X-VPN pre-assigns VPN node routes asynchronously through encrypted channels to ensure a smooth and reliable connection.
- Tunnel Establishment: Once assigned, the client establishes an encrypted tunnel using your selected VPN protocol (e.g., X-VPN’s own Everest protocol, or OpenVPN, WireGuard). The tunnel is based on the TLS transport protocol, which prevents third-party snooping.
- Encryption: All traffic within the VPN tunnel is encrypted using the protocol’s built-in algorithms (such as AES-GCM-256), protecting the communication content from eavesdropping or tampering during transmission.
5. Online Behavior While Using X-VPN
Your browsing data is also not recorded and tracked when you use X-VPN for online activities – X-VPN always adheres to the No-logs Policy.
Is Any Data Being Collected?
Technical Handling
- DNS Processing: X-VPN operates its own recursive DNS servers. During your VPN session, all DNS queries are forwarded to a dedicated process that handles query and response only, no personally identifiable information is involved.
- Encrypted Data Transfer: Your internet traffic is transmitted via an encrypted tunnel established between the client and server.
- In-Memory Session Cache: All VPN packet processing and session metadata reside solely in volatile RAM on the VPN servers. X-VPN does not write traffic load or IP-to-client mappings to disk. Only aggregated TX/RX byte counts are briefly retained to calculate bandwidth usage.
Bandwidth calculations are performed only in memory and do not record or store any user data, so there are no user logs.
6. Disconnect the VPN
When you actively choose to disconnect from the VPN or close the app, X-VPN will promptly erase all session data to completely end the current network session. During this process, all your user data is immediately destroyed, ensuring that no sensitive information remains.
Is Any Data Being Collected?
Technical Handling
- Instant Session Destruction: When you click “Disconnect” or exit the app, the client immediately shuts down the encrypted tunnel and destroys all session data stored in memory. At the same time, the server terminates the session and clears the associated temporary information, ensuring that no traceable session data remains.
- Server-side Synchronization: When you disconnect, X-VPN not only clears the session data on the client side but also performs a synchronized server-side cleanup operation to ensure that there is no session information or data left in the entire connection chain.
X-VPN always adheres to the principle of minimizing data collection at each of these steps. Strict adherence to privacy measures at every stage to ensure that users’ online activities are fully protected is our enduring commitment to our users.
The Minimal Data We Collect and Why We Need It
We are committed to protecting your privacy, but all online services require some general information to function properly. So, to keep our services running smoothly and to support you, we only collect the following a small amount of necessary and non-sensitive information:
- Payment and Subscription Details: For VIP services, we keep your subscription status and transaction info (like your email address, plan type, and transaction ID) so we can manage your account and handle support requests. We never store your credit card or payment information.
- Basic Device Information: To provide tailored tech support and optimize server allocation, we need to know your device type, operating system, and country/region. However, we never collect your precise location or unique device identifiers.
- Analytics Data: To help solve your issues, we may temporarily keep support chat records and crash logs. These are fully deleted once your problem is fixed.
- Billing Data: For accurate billing, we temporarily store each user’s data usage (bytes sent/received). This data is only used to determine your usage during the service period and is linked to your account. It is deleted immediately after billing is processed to protect your privacy.
We Value Your Privacy Rights
At X-VPN, we believe in being transparent and giving you control over your privacy. Here are your rights and how we help protect them:
1. Right to Access: You have the right to ask us what personal data we have about you.
2. Right to Data Portability: You can request a summary of your information. We’ll provide it in a readable format (like CSV or XML) within 45 days.
3. Right to Restrict Processing: You can ask us to limit or pause using your data, like when a dispute is being resolved or when you’re waiting for a correction.
4. Right to Deletion: You can request to permanently delete your account and all related data. This process can’t be undone and will be finished within 72 hours.
5. Right to Rectification: If any account information we have is incorrect, you can ask us to update it to ensure our records are accurate.
6. Right to Opt-Out: You can disable all non-essential data collection (like diagnostic reports) anytime in your account settings.
If you have any questions or concerns about your privacy or data rights, feel free to contact us at support@xvpn.io. Our team is always happy to help. Also, our privacy policy is legally binding. If we don’t fulfill our commitments in the privacy policy, you have the right to protect your interests through legal means.
Final Words
X-VPN always follows a strict no-logs policy and puts your privacy first. With X-VPN, your data and online activities are always safe, private, and completely under your control!
