Your IP: 216.73.216.87 · Browser: · Your IP: 216.73.216.87

Privacy Policy

Last updated: April 4, 2026

1. Who We Are

MidiVPN is a sovereign VPN infrastructure provider registered in Greater Paris, France. We operate under French law and are fully subject to the General Data Protection Regulation (GDPR). Our registered contact address is available on request via our contact page.

2. The No-Log Architecture

MidiVPN is built on a structural privacy guarantee, not a policy claim. When you use a MidiVPN product, your internet traffic is routed through a dedicated private node that you own and control. Your traffic never passes through MidiVPN servers. There is nothing for us to log — by design.

This is fundamentally different from shared VPN providers who route all user traffic through their own infrastructure and ask you to trust their no-log policies. With MidiVPN, the architecture itself makes logging impossible on our end.

3. Data We Collect

We collect only the minimum data necessary to operate your account:

  • Account data: email address, first name, hashed password.
  • Device data: device names and WireGuard® public keys you register in your dashboard. These are stored to generate your configuration files.
  • Order data: shipping address and order details for hardware products, processed through our payment provider. We do not store full card numbers.
  • Support data: messages you send us via the contact or support form.
  • Technical logs: server-side access logs (IP address, timestamp, HTTP status) retained for a maximum of 30 days for security and abuse prevention. These are infrastructure logs, not VPN traffic logs.

We do not collect: browsing history, DNS queries, VPN traffic, connection timestamps, or bandwidth usage.

4. How We Use Your Data

  • To create and manage your account.
  • To generate and deliver your WireGuard® configuration files.
  • To process hardware orders and arrange shipping.
  • To respond to support requests.
  • To send transactional emails (email verification, order confirmation). We do not send marketing emails without explicit consent.

5. Data Sharing

We do not sell, rent, or trade your personal data. We share data only with:

  • Payment processors (for hardware orders) — subject to their own GDPR-compliant privacy policies.
  • Shipping carriers — your delivery address is shared solely to fulfil your hardware order.
  • Hosting providers — our web infrastructure is hosted on servers in the European Union.

We do not share data with advertising networks, data brokers, or analytics platforms.

6. Cookies

This website uses only strictly necessary technical cookies: a session cookie for authentication and a cookie to remember your cookie consent choice. No tracking cookies, no third-party pixels, no advertising identifiers.

7. Your Rights Under GDPR

As a data subject under GDPR, you have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Request deletion of your account and all associated data.
  • Object to or restrict processing.
  • Data portability.
  • Lodge a complaint with the CNIL (Commission Nationale de l'Informatique et des Libertés), the French data protection authority.

To exercise any of these rights, contact us via our contact page. We will respond within 30 days.

8. Data Retention

Account data is retained for as long as your account is active. Upon account deletion, all personal data is permanently removed from our systems within 30 days. Technical access logs are purged after 30 days on a rolling basis.

9. Security

Passwords are stored using bcrypt hashing. All data in transit is encrypted via TLS. Access to production systems is restricted to authorised personnel only.

10. Changes to This Policy

We may update this policy to reflect changes in our practices or legal obligations. Material changes will be communicated by email to registered users. The date at the top of this page reflects the most recent revision.

Questions about your data? Contact us.