← Back to NovaBridgeVPN

Privacy Policy

Last updated: 13 June 2026

1. Who We Are

NovaBridgeVPN is operated by NovaBridgeVPN Limited, registered in England and Wales (Company No. 16903183). Contact us at contact@novabridgevpn.com. We are the data controller for all personal data described in this policy.

2. Information We Collect

  • Account data: email address and, optionally, your display name when you register.
  • Device identifier: a generated device ID stored on your device, used to enforce the guest free-time allowance and to manage authorised devices on your account.
  • Push notification token (FCM): collected when you enable push notifications so we can deliver service alerts to your device.
  • Support ticket contents: any information you voluntarily submit when contacting support.
  • Connection metadata: see Section 3 below.

3. Connection Metadata

We do not log browsing activity, DNS queries, traffic contents, websites visited, or the apps/services you use through the VPN.

To operate and secure the service, we process only the minimum operational data needed, such as account email, subscription status, device identifier for guest limits/device management, support ticket content, and limited session metadata such as connection time, disconnection time, duration, and VPN server location. Session metadata is retained for 30 days and then deleted.

4. How We Use Your Data

  • Authenticating and managing your account.
  • Delivering the VPN service and enforcing guest free-time limits.
  • Sending transactional emails (receipts, account alerts, support replies).
  • Sending push notifications you have opted in to.
  • Fraud prevention and abuse detection.

NovaBridgeVPN does not sell, use, or disclose VPN user data to third parties for any purpose. We do not use VPN user data for advertising, marketing, profiling, data mining, or analytics.

5. Payment Processing

Payments are processed by third-party processors: Stripe, PayPal, NOWPayments, Google Play (Google LLC), and Apple App Store (Apple Inc.). We do not store full card numbers or sensitive payment credentials on our servers. Each processor handles billing under its own privacy policy.

6. Third-Party Services

  • Firebase Authentication & Firebase Cloud Messaging (Google LLC): identity management and push notification delivery.
  • Microsoft 365: transactional and support email delivery.
  • Twilio: operational alerts only; no user personal data is shared.

7. Data Retention

  • Account data: retained while your account is active.
  • Connection metadata: automatically deleted after 30 days.
  • Support tickets: retained for 12 months after closure.
  • Payment records: retained for 7 years for legal and accounting purposes (personal details anonymised on account deletion).

8. Account Deletion

You can delete your account from within the app (Settings → Account → Delete Account) or by visiting novabridgevpn.com/account/delete.

Deletion permanently removes your account, session history, connected devices, push token, and support tickets. Payment transaction records are retained for legal purposes with your personal details anonymised.

9. Your Rights (UK GDPR)

If you are in the UK or EEA you have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Request deletion of your data.
  • Object to or restrict certain processing.
  • Data portability.

To exercise any right, contact us at contact@novabridgevpn.com. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk.

10. Changes to This Policy

We will notify users of material changes via in-app notification or email. Continued use of the service after changes constitutes acceptance.