Privacy Policy for Novol VPN

Last updated: May 25, 2026

Welcome to Novol VPN ("Novol", "we", "our", or "us"). This Privacy Policy explains how we collect, use, store, and protect information when you use the Novol VPN mobile application, website, backend, VPN servers, and related services (collectively, the "Service").

By using Novol VPN, you agree to the practices described in this Privacy Policy and our Terms of Use.

1. Overview

Novol VPN is designed with privacy and security as core principles. Our goal is to provide secure, encrypted internet access while minimizing data collection wherever possible. The app does not require account registration for its core VPN features.

  • We do not sell your personal information to third parties.
  • We do not inspect the contents of your internet traffic.
  • We do not collect or store browsing history, DNS queries, visited domains, or VPN traffic contents.
  • We use limited operational data only to run the VPN service, manage access, process purchases, prevent abuse, and provide support.

2. Information We Collect

2.1 Anonymous Account and Device Identifiers

Novol VPN does not require an email address, username, or password to use the core VPN service. The app creates and stores technical identifiers needed to operate the Service, including:

  • An anonymous account ID generated by the app
  • A device ID used to register and manage VPN access for that device
  • A WireGuard public key and an assigned VPN tunnel IP address
  • The selected VPN server ID and related server access status
  • Subscription entitlement status and purchase linkage identifiers

We use this information to:

  • Provision and maintain the encrypted VPN tunnel
  • Authorize access to free and Premium VPN features
  • Restore purchases and sync entitlement status across devices
  • Prevent abuse and protect service reliability
  • Provide customer support

2.2 VPN Connection and Usage Information

To provide VPN connectivity and enforce the free daily quota, we may process limited connection metadata, including:

  • Connection start and end timestamps
  • Session duration used for free quota accounting
  • Server ID and device ID associated with the VPN session
  • Approximate country or region used for routing, regional availability, and fraud prevention
  • Operational status such as whether a VPN peer is registered or synchronized

VPN servers necessarily receive your device's source IP address to establish a network connection. We do not use this information to create browsing profiles, and we do not log the websites, apps, content, or DNS queries you access through the VPN.

2.3 Payment Information

Payments and subscriptions are processed by Apple App Store and StoreKit.

  • In-app purchases and subscription restoration are handled by Apple.
  • Subscription status is synchronized with the Service so Premium access can be activated and restored.

We do not store full credit card numbers, Apple payment credentials, or card security codes on our servers. We may store payment provider identifiers, transaction identifiers, payment status, product period, entitlement expiration time, and related metadata needed to activate Premium access, prevent duplicate processing, handle refunds, and provide support.

2.4 Device, Diagnostics, and Technical Information

To maintain service reliability and prevent abuse, we may collect limited technical data, including:

  • Device type
  • Operating system version
  • App version
  • Crash reports, stack traces, and app hang diagnostics
  • Performance and reliability metrics
  • Network error information and API request status

This data is used strictly for:

  • Service stability
  • Fraud prevention
  • Performance optimization
  • Technical troubleshooting

3. Information We Do NOT Collect

Novol VPN is built to minimize logging. We do not collect or store:

  • Browsing history
  • DNS requests
  • Websites visited
  • IP addresses associated with browsing activity
  • VPN traffic contents
  • Connection payloads
  • Messages, files, or transmitted data
  • Persistent traffic activity logs

We do not monitor or analyze the content of your encrypted VPN traffic.

4. VPN Infrastructure & Security

All VPN traffic is encrypted in transit using industry-standard protocols (including WireGuard). We implement technical and organizational safeguards designed to protect your information, including:

  • Encrypted communications
  • Secure server infrastructure
  • Access controls
  • Authentication protections
  • Infrastructure monitoring
  • Limited internal access to systems

No method of transmission or storage is 100% secure, but we continuously work to maintain strong security standards.

5. Analytics & Diagnostics

We may use crash reporting and diagnostic tools to improve the Service and investigate failures. Diagnostics may include:

  • App performance metrics
  • Crash diagnostics and stack traces
  • App version, device model, operating system version, and event timestamps
  • Network request status and error messages
  • Technical metadata that diagnostic providers may receive, such as IP address, solely for security and delivery of the diagnostic service

Diagnostics are used to improve reliability and service quality. They are not used to record browsing history or the contents of VPN traffic.

6. Cookies & Similar Technologies

If Novol VPN provides a website or web dashboard, we may use cookies or similar technologies for:

  • Authentication
  • Session management
  • Security
  • Website analytics
  • Preference storage

You may control cookies through your browser settings.

7. Third-Party Services

The Service may integrate with third-party providers, including:

  • Apple App Store, StoreKit, and App Store Server APIs for subscriptions and purchase restoration
  • Cloudflare Workers and D1 for backend API, entitlement, server, and quota data
  • Novol-controlled VPN servers for encrypted VPN connectivity and WireGuard peer configuration
  • Apple iCloud Key-Value Store for optional cross-device entitlement synchronization
  • Sentry or similar diagnostics providers for crash reporting and reliability monitoring
  • FitSpace/Vercel hosting infrastructure for the public legal pages

These providers process limited information necessary to deliver their respective services. We do not share browsing history, DNS queries, VPN traffic contents, or visited websites with these providers because we do not collect that information.

8. Data Retention

We retain operational and personal information only for as long as necessary to:

  • Provide the Service
  • Maintain VPN access, server assignments, and Premium entitlements
  • Enforce free quota limits and prevent abuse
  • Comply with legal obligations
  • Resolve disputes
  • Enforce agreements

Free quota records and VPN session duration records are retained only as needed for quota enforcement, abuse prevention, support, and service reliability. Users may request deletion of associated personal information where legally permitted.

9. International Data Transfers

Your information may be processed or stored in countries outside your place of residence. By using the Service, you acknowledge that your information may be transferred to jurisdictions with different data protection laws. We take reasonable measures to ensure appropriate protection of personal data.

10. Children's Privacy

Novol VPN is not intended for children under the age of 13 (or the minimum age required in your jurisdiction). We do not knowingly collect personal information from children. If we become aware that information from a child has been collected without appropriate consent, we will delete it promptly.

11. Your Rights

Depending on your jurisdiction, you may have rights to:

  • Access your personal information
  • Correct inaccurate data
  • Delete your data
  • Restrict processing
  • Object to certain processing
  • Request data portability
  • Withdraw consent

To exercise these rights, contact us using the information in Section 16 below.

12. GDPR & EEA Users

If you are located in the European Economic Area (EEA), United Kingdom, or similar jurisdictions, processing of personal data is based on:

  • Contractual necessity
  • Legitimate interests
  • Legal obligations
  • Consent where applicable

You may also lodge complaints with your local data protection authority.

13. California Privacy Rights

If you are a California resident, you may have rights under the California Consumer Privacy Act (CCPA/CPRA), including rights to know what personal information is collected, request deletion, correct inaccurate information, and limit certain uses of data. Novol VPN does not sell personal information.

14. Abuse Prevention & Legal Compliance

While Novol VPN maintains a strict privacy-focused approach, we may process limited operational data when necessary to detect abuse or fraud, enforce Terms of Service, protect infrastructure, and comply with applicable legal obligations. We only disclose information when legally required to do so or when necessary to protect the Service, users, or third parties.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If material changes are made, we may notify users through:

  • The app
  • Website notices
  • Email notifications

Continued use of the Service after updates constitutes acceptance of the revised Privacy Policy.

16. Contact Us

For privacy-related questions, data requests, or support, contact us at support@fitspace.app.

This document is hosted on the FitSpace website for stable access via a permanent link.