Skip to main contentSkip to footer

NURPN VPN Privacy Policy

Effective Date: July 24, 2025

Last Updated: November 5, 2025

Introduction

NURPN, LLC (”NURPN,” “we,” or “us”) is committed to protecting your privacy and providing a secure, family-friendly VPN service. This Privacy Policy explains what information we collect – and, importantly, what we do not collect – when you use the NURPN VPN app and related services (the “Service”). We describe how we use and safeguard your information, and outline your rights. Our guiding principle is to collect only the minimal data necessary to operate our Service, and to uphold a zero-log policy to protect your online privacy.

By using NURPN’s Service, you agree to the practices described in this Privacy Policy. If you disagree, please do not use the Service. We may update this Privacy Policy from time to time (see “Changes to This Privacy Policy” below).

Our Zero-Log Policy

“Zero-log” means that NURPN does not collect or retain any data about your online activities while using our VPN. We do not monitor, record, or log the content of your internet traffic, the websites you visit, or any data transmitted through our Service. In practice, this means:

  • No activity logs: We do not log your browsing history, the specific websites or apps you use, what you download or stream, or your DNS queries. Your online activity remains private.
  • No connection logs: We do not store connection timestamps and session duration. We never store logs of your originating network address.
  • No usage profiling: We do not store bandwidth usage per user or any other identifiers that could tie an individual to specific network activity. Our systems are engineered not to retain sensitive data about customers, so we cannot share or misuse data we simply do not possess.

This strict no-logs policy means that even if we are compelled by law enforcement with valid legal process, we have no VPN traffic data or personal browsing details to provide. NURPN’s mission is to safeguard your privacy, and zero-logging is a fundamental aspect of that commitment. In the sections below, we detail the limited information we do collect to run our Service and why it’s needed.

Information We Collect

While we strive to minimize data collection, certain information is necessary for operating the Service and supporting your account. We never sell your data. The types of information we may collect include:

1. Information You Provide

  • Family Plan Linking:  For Family Plan access, the primary subscriber generates a secure token (pairing code) that can be entered on up to three dependent devices. Dependent devices do not require registration or personal information. They exchange only minimal technical details—such as device type and operating system version solely to validate the Family Plan token. This process ensures subscription access is shared securely without collecting or storing any personal identifiers.
  • Support Communications: If you contact us directly (for example via email), we will receive your contact details and any information you choose to provide. We will use this information only to assist you and resolve your inquiry, and retain support correspondence as necessary for quality assurance.

2. Payment Information

We use RevenueCat as a third-party service provider to manage in-app purchases and subscriptions on Apple devices. RevenueCat processes the purchase receipt generated by Apple and maintains your subscription entitlement status (e.g., active, expired, refunded, canceled, resubscribed etc.) so the app can unlock premium features and prevent fraud. If you previously purchased a subscription, you can restore it at any time using the “Restore Purchases” option within the app. This ensures you maintain access to entitled features across devices without re-purchasing.

3. Information Collected Automatically

When you use our app and connect to the VPN, we may automatically collect limited, non-personal technical information needed to maintain service quality and improve performance. This does not include your browsing history, DNS queries, or the content of your internet traffic (per our strict zero-log policy).

  • Device Information: Basic technical details such as device type (e.g., iPhone, iPad) and operating system version, used only to ensure compatibility and optimize app performance.
  • Server Region Selection: To connect you to the nearest or fastest VPN server, our systems may infer your approximate region (e.g., country or state) in real time from the server connection itself. This is processed only during the connection for performance purposes and is not saved, logged or stored.
  • Connection Performance: Temporary diagnostic data such as connection success/failure, latency, or speed, used only to verify that servers are functioning properly. This information is processed temporarily for troubleshooting and performance monitoring and is not stored in a way that can identify or track users.

4. Third-Party Tools and Cloud Hosting and Servers

Our VPN servers run on trusted third-party cloud infrastructure in the regions where we operate. These providers cannot access your VPN traffic or personal data; they only supply the physical or cloud environment in which our servers run. 

How We Use Your Information

We use the limited information we collect for the following purposes:

  • Customer Support: If you reach out to us with questions or problems, we will use your contact information and any details you provide to respond. For example, if you email support, we use your email to communicate and may refer to your account status or recent connection attempts (if available) to assist you. 
  • Enforcing Terms and Preventing Abuse: We may use information to enforce our Terms of Service and usage policies, and to prevent fraudulent, abusive, or illegal activities on our platform. Because of our no-logs design, we generally will not have detailed user activity to analyze; however, we reserve the right to use available data (including real-time diagnostics or account information) to protect the Service and our users. In extreme cases, we might suspend or ban accounts involved in severe abuse (per our Terms).
  • Legal Compliance: If we are required by applicable law to retain or disclose certain information, we will use the data we have strictly to fulfill those legal obligations. For instance, NURPN is a U.S.-based company (Virginia) and will comply with U.S. laws and regulations. Should any regulation mandate minimal data retention (e.g., certain jurisdictions might require retaining connection logs), we will only comply to the extent legally necessary and will be transparent with users if our practices change. At present, our zero-log policy means we do not have user activity data to share.  We may, however, use and disclose account or payment information as needed to meet financial reporting, tax, or other legal requirements.

How We Share or Disclose Information

Since NurPN enforces a zero-log policy, we do not sell or rent any personal information regarding you. We only share information in a few strict scenarios:

  • Legal Requirements: We may disclose information we hold if required to do so by law or in response to a valid legal process (such as a subpoena, court order, or government demand). However, due to our no-log architecture, we can only provide very limited data such as purchase history, device version etc. 

Data Storage 

NURPN is a United States-based company, but our infrastructure is global to ensure fast and reliable VPN connections. 

  • Primary Data Centers: We currently utilize secure servers located in the United States for core service operations and data storage. These data centers, such as AWS, are chosen for their robust security measures and reliable connectivity.
  • Regional Servers: To provide better performance and lower latency for users around the world, we operate VPN servers in various regions. For example, if you are connecting from Europe, you may use our Germany, France, or Netherlands servers; if connecting from North America, you might use U.S. servers. Regardless of location, all our servers adhere to the same zero-log standards and security practices.
  • Retention: We retain only the data necessary to operate our service and meet legal obligations, in line with our data-minimization goals. Subscription records (including purchase-receipt references handled via RevenueCat) and entitlements (e.g., subscription/transaction records) are retained for up to 7 years to satisfy tax and audit requirements. If you request to delete your account, we deactivate access and cease processing beyond these operational and legal needs; the specific retention periods above still apply. 

Data Security Measures

We employ strong security measures to protect your personal information and your VPN data:

  • Encryption: All VPN internet traffic between your device and NURPN’s servers is encrypted using industry-standard encryption protocols. We utilize advanced VPN protocols (IKEv2/IPsec) which employ strong modern cryptographic algorithms (for example, AES-128-GCM with SHA-256 for integrity and AES-256 with SHA-2 on secure elliptic curve and Diffie-Hellman groups). This ensures that all data transmitted through our VPN tunnel is protected with industry-grade encryption and remains confidential and tamper-proof. Even on unsecured networks (like public Wi-Fi), your browsing through NURPN is protected from eavesdropping and tampering.
  • Authentication and Access Controls: NurPN does not require account registration or password-based logins. Subscriptions can be purchased and activated directly in the app without providing personal information. For Family Plan linking, a secure token (pairing code) is generated by the primary subscriber and entered on dependent devices, which only exchange minimal technical information (e.g., device type, OS version) to validate the subscription. Internally, we apply the principle of least privilege staff access to systems and data is strictly limited to what is necessary to operate and support the Service.
  • Routine Audits and Updates: We regularly update our applications and servers to patch vulnerabilities and use up-to-date security practices. Our team conducts security reviews, and we may also enlist independent auditors to assess our zero-logs claims and infrastructure security. 
  • Payment Security: As noted, payments are processed by PCI-DSS-compliant third parties like Apple, which adhere to high security standards for handling financial data. We do not directly process or store your sensitive payment details on our systems, adding an extra layer of security for your financial info.
  • Employee Training and Policies: All NURPN personnel are trained on data privacy and security. We maintain internal policies to ensure that any personal data is handled lawfully and carefully. We also have an incident response plan in place in the unlikely event of a security breach, which includes notifying users and authorities as required by law.

Despite our best efforts, it’s important to note that no method of transmission over the Internet, or method of electronic storage, is 100% secure. However, we strive to use commercially acceptable means and state-of-the-art techniques to protect your personal data. We are continuously improving our security to respond to new threats.

Your Rights and Choices

We respect your rights over your personal information. Depending on your jurisdiction, you may have the following rights:

  • Access and Portability: You may request a copy of the data we hold about you. To submit a request, contact us at [email protected]. We will verify your identity and respond within the time period required by applicable law (typically 30–45 days). These rights may be subject to limits (e.g., protecting others’ privacy, legal obligations, or our trade secrets). 
  • Deletion: You have the right to request deletion of your data (also known as the “right to be forgotten”). We will erase information associated with your account (tokens, VPN account etc.), except for information we are required to keep by law or for legitimate business purposes which is mentioned in the retention policy above. Once your account is deleted, you will no longer be able to use the Service, and this action is irreversible for your data.
  • Objection or Restriction: In certain cases, you may have the right to object to or ask us to restrict processing of your data. For instance, EU users have the right to object to processing done for legitimate interests or direct marketing. While NURPN does not currently use data for much beyond service provision, if you believe we’re doing something with your data that you want to object to, let us know and we will review and accommodate when required by law.
  • California Privacy Rights: If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA), such as the right to know, delete, and opt-out of the sale of personal info (note: NURPN does not sell any data). California users can exercise their rights by contacting us as described below. We will not discriminate against you for exercising any privacy rights.
  • Other U.S. State Privacy Rights: Residents of other U.S. states, such as Virginia, Colorado, Utah, Connecticut, and Delaware, may have similar rights, including the right to know, delete, correct, and opt-out of the sale or processing of their personal data for targeted advertising or profiling. We are committed to honoring these rights in accordance with applicable state laws.
  • Universal Opt-Out Mechanisms: We respect and will honor any Universal Opt-Out Mechanism (UOOM) signals, such as Global Privacy Control (GPC), where required by applicable state laws (e.g., Colorado, Connecticut), even though NURPN does not engage in the sale of any data or targeted advertising. This allows you to communicate your privacy preferences automatically.
  • EU General Data Protection Regulation (GDPR): If you are in the European Union or EEA, our processing of your personal data must have a legal basis. In NURPN’s case, the primary bases are: legitimate interests (for minimal analytics to maintain quality, fraud prevention, etc., in a way that does not override your rights), and consent (when you opt into optional features or communications). You also have the right to lodge a complaint with an EU Data Protection Authority if you believe we have violated any data protection laws. We invite you to contact us first, so we can address your concerns directly.
  • If your request concerns subscription/entitlement data processed via RevenueCat (e.g., purchase receipt references), we will coordinate with RevenueCat as needed to fulfill your request consistent with applicable law.

To exercise any of your rights or if you have questions about your privacy rights, please contact us at the email provided in the Contact section. We may need to verify your identity (for example, by confirming control of your account email) before fulfilling certain requests. We will respond to your request within a reasonable timeframe and in accordance with applicable law.

Children’s Privacy and Family Account

  • Parental Visibility: The app does not log or display the websites a child visits or attempts to visit. Threat-blocking operates in real time at the network level, without logging, inspecting, or storing the content of websites visited. NURPN does not log or monitor a child’s internet activity. NURPN is designed as a safety net, not a surveillance tool.
  • Consent and Removal: Consent and Removal: By linking a child’s device, the parent consents to the processing of limited technical information (such as device type, operating system version) solely for validating Family Plan access. If at any time a parent wishes to remove a child’s device from the Family Plan, they can revoke App access through the device management page in the app.

Changes to This Privacy Policy

We may update or revise this Privacy Policy from time to time as our services and applicable laws evolve. When we make changes, we will change the “Last Updated” date at the top of this Policy. We encourage you to review this Privacy Policy periodically for the latest information on our privacy practices.

Your continued use of NURPN VPN after any modifications to this Privacy Policy will signify your acceptance of the changes. If you do not agree with the changes, you should stop using the Service and, if applicable, deactivate your account.

Terms of Use

By using NurPN, you also agree to our Terms of Use, which outline your rights and responsibilities when accessing the app. You can review the Terms of Use at: https://nurpn.com/terms-of-service/ 

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy, please contact us. We are here to help and will respond as promptly as possible.

Contact Information:

NURPN, LLC

Email: [email protected] 

Website: https://nurpn.com/privacy-policy/ (for the latest version of this Policy)

By using NURPN VPN, you trust us with your privacy. We take that responsibility seriously and are dedicated to maintaining your trust through our no-log technology and privacy-first policies. Thank you for choosing NURPN to keep your family’s internet experience safe and private.