1. Data Controller
The controller of your personal data is wg-vpn.com. For privacy-related questions, please use our Contact page.
2. What data we collect and on what legal basis (GDPR Art. 6)
A. Data you provide to use the Service
This data is necessary to provide you with our core service:
| Category of Data | Legal Basis | Purpose of Processing |
|---|---|---|
| Login access data: Link sent to your email (contains unique token) | Performance of contract (Art. 6(1)(b) GDPR) | Creating and operating your account, authentication |
| Your server data: Server IP address, login, password or SSH key (stored encrypted) | Performance of contract (Art. 6(1)(b) GDPR) | Providing the core service function - connecting to your server for configuration |
| Your VPN users data: Name, public WireGuard key, set limits (traffic, time) | Performance of contract (Art. 6(1)(b) GDPR) | Functionality to create and manage VPN users on your server |
| Contact form data: Message content, optional email address | Legitimate interest (Art. 6(1)(f) GDPR) | Responding to your inquiries and improving our service |
B. Data collected automatically
This data is collected for security and operational purposes:
| Category of Data | Legal Basis | Purpose of Processing |
|---|---|---|
| Technical data: IP address you access from, browser type and version, request timestamps | Legitimate interest (Art. 6(1)(f) GDPR) | Ensuring security, preventing fraud and abuse, diagnosing failures |
| Cookies data: Session and security cookies | Legitimate interest (Art. 6(1)(f) GDPR) | Maintaining login session, protection against bots and attacks (see Cookie Policy) |
3. What we do NOT do
- We do NOT collect or process traffic that passes through your configured VPN servers
- We do NOT use your data for behavioral analytics, marketing, or advertising
- We do NOT sell or share your data with third parties for their commercial purposes
4. Data transfers to third parties
We may transfer data to a limited number of trusted Processors who help us provide the Service, subject to Data Processing Agreements:
Our Processors include:
- Cloudflare, Inc.: Security services and CDN provider. Processes technical data and cookies to protect the Site. May store data in the USA. Uses Standard Contractual Clauses (SCCs)
- OVH Group SA: Infrastructure provider for the Site servers. Location: France
5. Data retention periods
- Your account data, server data, and VPN users data are stored as long as your account is active
- Upon account deletion, all associated data is permanently deleted from our systems within 30 days
- Technical logs (IP addresses of Site access) are stored for no more than 90 days for security purposes
- Contact form messages are stored for up to 90 days, then permanently deleted
6. Your rights (GDPR Data Subject Rights)
- Right to access (receive a copy of your data)
- Right to rectification of inaccurate data
- Right to erasure ('right to be forgotten') of your data
- Right to restriction of processing in certain cases
- Right to data portability (receive data in structured format)
- Right to object to processing based on legitimate interest
- Right to lodge a complaint with a supervisory authority (e.g., Data Protection Commission, Ireland)
To exercise your rights, please use our Contact page.
7. Data security
We implement technical and organizational measures to protect your data: encryption of transmitted and stored data, physical access control to servers, regular software updates.
8. International transfers
As we use services with infrastructure worldwide (e.g., Cloudflare), your data may be processed outside the EEA. All such transfers are safeguarded by appropriate measures (SCCs) and comply with GDPR.
9. Changes to Privacy Policy
We may update this Policy. Significant changes will be notified via the Site or to the email associated with your account.
10. Contact
For questions regarding this Policy and your rights, please use our Contact page.