La distribuzione gratuita di X‑VPN Premium sta avvenendo ora sul nostro subreddit!

La distribuzione gratuita di X‑VPN Premium sta avvenendo ora sul nostro subreddit!
Entra Ora

Privacy Policy

Last updated: December 18, 2025

Introduce

This document ("Privacy Policy") explains how X-VPN collects, uses, and shares your personal data.
X-VPN is operated by LIGHTNINGLINK NETWORKS PTE. LTD. ("we", "us", or "our"), a company based in Singapore. LIGHTNINGLINK NETWORKS PTE. LTD. is dedicated to creating a free and secure online environment for users worldwide.
We will not collect, process, store or transfer your data unless we have your consent. By submitting your personal data to us, and by accessing and/or using our Services, you confirm that you have read this Privacy Policy and agree to be bound by this Privacy Policy.
X-VPN adheres to the User Privacy First Principle.

Our Core Promise: No-Logs

X-VPN is designed to not collect, store, or log any VPN traffic data or online activity, including:
Your source or destination IP addresses
Browsing activity / websites visited, DNS queries
Downloaded/uploaded content or transferred content
VPN server information used for a session
Connection timestamps
We do not link your account identity to any VPN traffic or online activity.

Data We Collect (Data Linked to You)

You can use X-VPN without creating an account (availability may vary by platform/version).
If you choose to register or subscribe, we process only the minimum necessary data:

Account & Authentication

Email address (pseudonymous/disposable emails are acceptable)
Encrypted/hashed password (we do not store passwords in plaintext)

Orders & Subscription (If you purchase)

We store only what is necessary to deliver subscription entitlements and handle refunds/accounting:
Order ID
Payment status
Historical order records
We do not store card numbers, CVV, billing address, or cardholder name; those are handled by payment providers.

Support & Feedback (Provided by you)

If you contact us via 24/7 live chat or email, we process the information you provide to resolve your request.

What We Do Not Collect

We do not collect or store VPN traffic data or online activity, including your source or destination IP addresses, DNS queries, websites visited, downloaded content, VPN server information used for a session, or connection timestamps.

Anonymized & Aggregated Data

We collect anonymized or aggregated statistics and diagnostic information solely to maintain service reliability, capacity planning, and troubleshooting. This information is not linked to your account or identity, is not used for advertising tracking or profiling, and is processed in a way that does not allow us to re-identify individuals by design (i.e., our systems are architected so these datasets cannot be tied back to a specific user or account).

Categories we may collect (with representative examples)

  1. App usage & interaction statistics (aggregated)

    Examples: feature usage counts, button click counts, crash event counts (statistics only)

  2. Device & system information (de-identified / aggregated)

    Examples: device model, operating system version, language settings, app version

  3. Connectivity & performance metrics (aggregated)

    Examples: connection success rate, latency/jitter distributions, packet loss rate, throughput ranges, error codes and failure reason statistics

    We do not include: your source or destination IP addresses, DNS queries, websites visited, downloaded content, connection timestamps, or per-session identifiers that enable tracking a specific user/session.

  4. Bandwidth consumption & capacity statistics (aggregated)

    Examples: total or time-bucketed bandwidth statistics, server resource utilization (for capacity planning only)

    We do not record: browsing content or website/domain information.

  5. Diagnostics (minimized and de-identified before retention)

    Examples: crash stacks and performance diagnostics (for troubleshooting)

How we prevent re-identification

Aggregation thresholds: we generate and retain only aggregated statistics when the dataset reaches a minimum aggregated size, reducing the risk of singling out any individual.
Architectural separation (non-linkable by design): anonymized/aggregated metrics are generated without account identifiers or persistent device/session identifiers. We do not maintain any mapping that could link these metrics back to a specific user or account.
Rolling deletion: data is deleted on a rolling basis and retained only as necessary for operations and troubleshooting (up to 48 hours).

How We Use Data

We use data only to:
Provide and maintain the service (login, entitlement delivery, cross-device entitlement sync)
Verify payments, process refunds, and accounting
Provide customer support
Maintain security and availability (aggregated metrics only)

Third Parties & Sharing

We do not sell your personal data. We use a limited set of third parties strictly as necessary.

  1. Payment Processors:

    On the web platform, we support user subscriptions to our VIP service. Therefore, we have integrated several popular global payment methods, including Stripe, PayPal. In addition, to ensure the privacy and security of our users, we also offer an encrypted cryptocurrency payment option that cannot be traced back to the source of the payment being made - CoinGate.

  2. Advertising (Free version only, where applicable)

    To support the cost of providing a free service, the free version may include ads. Current disclosed ad platforms include AdMob (by Google) and Liftoff.

    Paid/no-ads versions do not enable ad components by default (subject to product implementation).

  3. Crash & Performance Diagnostics (Mobile, where applicable)

    We may use Firebase (by Google) for crash and performance diagnostics on mobile platforms.

    We do not use such tools to collect VPN traffic, websites visited, or DNS queries.

Cookies

What are Cookies?

Cookies are small text files that are placed on your device by the X-VPN website. They allow the website to remember your actions and settings (such as login information, language preferences, font size, etc.) for a certain period, so you don't have to re-enter them every time you visit the website or navigate between different pages.

Cookies We Use

You can check what cookies we use at our Cookie Policy.

Data Retention

We retain data for the minimum duration necessary:
Account data: retained for the life of your account; deleted or anonymized upon request (subject to legal obligations).
Orders: retained as required for fulfillment, refunds, and accounting.
Support records: retained only as needed to resolve issues and for a limited internal follow-up window.
Anonymized and aggregated metrics: retained only on a rolling basis for operations and troubleshooting, and for no longer than 48 hours, after which they are automatically purged or overwritten.

Your Rights & Choices

You have the right to request access to, receive, restrict, delete, or rectify the personal data that X-VPN holds about you. If you need to access your personal data, we will provide it to you in a portable, readily-usable format (e.g., XML, CSV, etc.) within 45 days. If necessary, we may extend this period by an additional 45 days after notifying you. Please note that you can make up to two requests every 12 months. To exercise your rights, please send an email to support@xvpn.io.

Security Measures

We apply reasonable administrative, technical, and physical safeguards, including encryption in transit, strict access controls, change management, environment separation, monitoring, and incident response.
We also implement controls to ensure that all VPN servers, core databases, and code remain secure and compliant throughout deployment, operation, and maintenance. Through automated deployment, multi-level review, encrypted transmission, access control, and continuous automated monitoring, we maintain long-term system security, integrity, and compliance with privacy requirements.
In addition, we ensure that our Data Protection Officer (DPO) Group operates with independence, transparency, and full traceability, providing continuous oversight of privacy and security controls to help prevent unauthorized actions, configuration changes, or compliance deviations.

Transparency & Verifiability

We maintain governance and controls intended to keep this policy consistent with real operations, and we plan/are pursuing independent third-party attestation/audits such as SOC 2 and ISAE 3000-type engagements.
We also publish a transparency report regarding data requests (where applicable).

Country-specific provisions

Users in European Union

This section applies to individuals in the European Union and to individuals in other countries whose data privacy laws are similar to GDPR.
X-VPN will always fully respect your rights regarding the processing of your personal data, and has provided below the details of the person to contact if you have any concerns or questions regarding how we process your data, or if you wish to exercise any rights you have under the GDPR.
As a data subject, you have rights under the GDPR, including but not limited to:
  1. The right to be informed; This means anyone processing your personal data must make clear what they are processing, why, and who else the data may be passed to.
  2. The right of access; this is your right to see what data is held about you by a Data Controller.
  3. The right to rectification; the right to have your data corrected or amended if what is held is incorrect in some way.
  4. The right to erasure; under certain circumstances you can ask for your personal data to be deleted. This is also called 'the Right to be Forgotten'. This would apply if the personal data is no longer required for the purposes it was collected for, or your consent for the processing of that data has been withdrawn, or the personal data has been unlawfully processed.
  5. The right to restrict processing; this gives the Data Subject the right to ask for a temporary halt to processing of personal data, such as in the case where a dispute or legal case has to be concluded, or the data is being corrected.
  6. The right to data portability; a Data Subject has the right to ask for any data supplied directly to the Data Controller by him or her, to be provided in a structured, commonly used, and machine-readable format.
  7. The right to object; the Data Subject has the right to object to further processing of their data which is inconsistent with the primary purpose for which it was collected, including profiling, automation, and direct marketing.
  8. Rights in relation to automated decision making and profiling; Data Subjects have the right not to be subject to a decision based solely on automated processing.
In line with the GDPR, we collect and process the data outlined in this Privacy Policy on one of the following bases, depending on the circumstances:
1. For the purposes of fulfilling our contractual obligations to users, including:
Providing users with the Services and Apps they have requested.
Managing user subscriptions and processing payments.
Providing customer support.
2. For a legitimate interest associated with the operation of our business, including:
Enhancing the quality, reliability, and effectiveness of our Site, Services, and Apps.
Communicating with customers to provide information and seek feedback related to our Services and Apps.
You can exercise your rights under the GDPR to access, transfer, correct, delete, or object to the processing of your personal information by contacting us at: support@xvpn.io (Please note that we may need one month or longer to respond)

Users in California

X-VPN does not share information that identifies you personally with non-affiliated third parties for our own marketing use without your permission. In addition, unless permitted by the CCPA, we will never:
  1. Deny you goods or services.
  2. Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
  3. Provide you a different level or quality of goods or services.
  4. Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

Users in Nevada

X-VPN will never sell information that identifies you personally with non-affiliated third parties. X-VPN will never sell or trade Personal Data for commercial purposes.

Children's Data

We do not intentionally collect personal data from individuals under the age of 18. If you are under 18, please do not provide us with any personal data.
If we become aware that we have collected personal data from a person under 18, we will take reasonable steps to delete or irreversibly anonymize that data without undue delay, unless retention is required by law. A parent or legal guardian may contact us using the details in the “Contact Us” section.

Changes

We change this Privacy Policy from time-to-time and all updates will be posted online, consistent with applicable privacy laws and principles. Your continued use of our Site or Services after the effective date of such changes constitutes your acceptance of our Privacy Policy. We will post an effective date at the top of the page for your convenience.

Limitation of Liability

It is your responsibility to exercise caution when using our services. You will be personally liable if your use of our services violates any third-party privacy or any other rights or any applicable laws. Under no circumstances will we be liable for the consequences of your illegal, intentional, or negligent acts or for any circumstances that are not reasonably controllable or foreseeable. (please read the Terms of service for more information)

Contact Us

If you have any questions regarding our Privacy Policy or how we handle your information, please feel free to contact X-VPN at the following email address: support@xvpn.io.