Privacy Policy

Privacy, with the drama removed.

Effective date: 20 Mar 2026

This Privacy Policy explains how FLOWMOTION LLC, operated by FLOWMOTION LLC of 936 SW 1ST AVE MIAMI FL 33130, processes personal data when you use the nologs.app website, applications, and related VPN services. For privacy requests, contact sup@nologs.app. If a dedicated data protection contact applies, contact dpo@nologs.app.

Short privacy summary

• We do not log browsing history, traffic content, DNS queries, or traffic destinations.
• We do not keep connection logs that identify who used which VPN IP, when, or for how long.
• We collect only the minimum data needed for accounts, payments, support, and optional diagnostics.
• Email is optional and may be added only for account recovery and notices.
• We do not sell personal data or use third-party ad SDKs for behavioral profiling.
• You can request access, correction, deletion, restriction, portability, or object to processing where applicable.
• If we do not have traffic data, we cannot disclose it. That is not a slogan. It is an architectural consequence.

1. What we do not collect or store

Our VPN service is designed around a strict no-activity-logs model. We do not collect or store data that would allow us to reconstruct a user’s activity in the VPN tunnel. In particular, we do not collect or retain:

• Browsing history, visited URLs, or traffic content.
• Traffic destinations or DNS queries.
• Source IP addresses used to connect to the VPN service.
• Assigned VPN IP addresses linked to an account or person.
• Precise connection or disconnection timestamps, session duration, or per-user bandwidth logs.
• Session logs or event trails that would let us correlate a particular user with a particular VPN action.

Our VPN servers are intended to run on RAM-only or otherwise ephemeral storage. By design, activity data is not meant to survive reboot or routine server rotation. We also separate account and billing systems from systems that relay VPN traffic to reduce the chance that operational data can be tied back to usage.

2. Data we do collect

We collect a limited set of data needed to provide the service. The exact data depends on how you use nologs.app.

2.1 Account data

• A random account ID.
• An email address only if you choose to provide one for recovery or notifications.
• Basic subscription status or entitlement information.

Email is optional. If you do not provide one, we may not be able to help you recover access to your account.

2.2 Payment data

Payments are handled by external payment providers. We do not store full payment card details. We may retain:

• The payment provider transaction identifier.
• The amount, currency, and transaction date.
• The payment status, such as successful, refunded, or canceled.

2.3 Support data

If you contact support, we process what you send us, such as your email address, message contents, attachments, and any diagnostic information you intentionally provide. We ask users not to send sensitive traffic data unless explicitly requested and agreed to for troubleshooting.

2.4 Optional diagnostics and crash reports

Enhanced diagnostics, performance reports, or crash reports are opt-in where the product offers them. If enabled, these reports are limited to bug-fixing and performance investigation. They are not intended to include browsing history, DNS queries, traffic content, or source IP addresses.

2.5 Aggregated service metrics

We may process aggregated and de-identified infrastructure metrics to keep the service running and defend it against abuse. These metrics may include total active connections on a server or aggregate throughput by server or region. They are not intended to include account identifiers, IP addresses, or per-user timestamps.

3. Why we process data and our legal bases

To the extent the GDPR or similar laws apply, we process personal data on the following bases:

• Performance of a contract: to create accounts, authenticate users, deliver paid access, and provide customer support.
• Legitimate interests: to secure the service, prevent abuse, maintain uptime, and respond to support requests in a proportionate way.
• Consent: for optional diagnostics, optional marketing messages if ever offered, or other optional features that clearly request permission.
• Legal obligation: where we must keep limited records for tax, accounting, fraud prevention, or lawful compliance.

4. Data retention

We retain personal data only for as long as reasonably necessary for the purpose it was collected, unless a longer retention period is required by law.

• Account data: retained while the account remains active and for a limited period thereafter to handle disputes, fraud checks, or account recovery.
• Optional email address: retained until removed by the user or deleted with the account.
• Payment records: retained for accounting, tax, and anti-fraud purposes for the legally required period.
• Support communications: retained only as long as needed to resolve the request, maintain continuity, and document abuse or fraud issues where justified.
• Optional diagnostics: retained only for the debugging window reasonably needed to investigate and fix the issue.
• VPN activity logs: not retained because they are not collected in the first place.

5. Sharing and processors

We may use service providers that process limited personal data on our behalf, including payment processors, support tooling, email delivery providers, and infrastructure or hosting providers. These processors are permitted to use data only to provide services to us and under appropriate contractual restrictions.

We do not sell personal data. We do not share personal data for cross-context behavioral advertising. We do not use advertising SDKs in the VPN applications for profiling or retargeting.

6. International transfers

Because our providers, support systems, and infrastructure may operate in multiple jurisdictions, personal data may be processed outside your home country. Where required, we use appropriate safeguards for cross-border transfers, such as contractual protections or equivalent lawful transfer mechanisms.

7. Requests from public authorities

We may respond to valid and binding requests from competent public authorities to the extent required by applicable law. However, our ability to disclose data is limited by what we actually possess. If we do not collect or store traffic activity data, source IP logs, DNS queries, or session timestamps, we cannot provide them.

In practice, the most we may be able to produce is limited account information, support correspondence, or payment metadata, if such data exists and if disclosure is legally required.

8. Security

We use technical and organizational measures designed to reduce privacy and security risk, including data minimization, logical separation between traffic and account systems, access controls, and ephemeral server design where feasible. No service can promise absolute security, absolute anonymity, or uninterrupted operation. What we can honestly say is that we try to structure the system so there is as little sensitive data to expose as possible.

9. Cookies, trackers, and app analytics

On the website, we aim to use only the minimum necessary cookies or equivalent technologies required for core site functionality. If optional analytics are used, they should be privacy-conscious and, where legally required, enabled only with consent. We do not use invasive advertising trackers on this public site.

In the VPN applications, we do not intend to use third-party ad SDKs or similar behavioral profiling tools. Optional diagnostics, where offered, are separate from advertising and can be disabled.

10. Your rights

Depending on your location and applicable law, you may have the right to request access to your personal data, correction of inaccurate data, deletion, restriction of processing, portability, or to object to certain processing. You may also have the right to withdraw consent where processing is based on consent, and to lodge a complaint with a competent supervisory authority.

To exercise your rights, contact sup@nologs.app or dpo@nologs.app. We may request reasonable information to verify identity before acting on a request. We will respond within the period required by applicable law.

11. Account deletion

If you delete your account, we will delete or anonymize account and contact data that is no longer required for billing, fraud prevention, legal compliance, or dispute resolution. Data that we never collected, such as traffic logs, obviously cannot be deleted because it does not exist in our systems.

12. Children

The service is not directed to children under the age at which consent is required under applicable law in your jurisdiction. We do not knowingly collect personal data from children in violation of applicable law.

13. Changes to this Policy

We may update this Privacy Policy from time to time. If we make material changes, we will update the effective date and, where appropriate, provide additional notice in the app, on the site, or by email if you have chosen to provide one.