Home Tunnel Teams vs ngrok vs Tailscale Stremio
Docs / Security

Security

How VendTunnel keeps your data secure with modern encryption, minimal data collection, and secure authentication.

Encryption

All VendTunnel services use modern, audited encryption protocols with strong cryptographic foundations.

Audited & Verified

We use encryption protocols that have been formally verified and are trusted by security-focused organizations worldwide.

Perfect Forward Secrecy

Ephemeral key exchange ensures that even if a key is compromised in the future, past sessions remain secure.

No Logging

What We Don't Log

  • Traffic contents
  • Websites you visit
  • DNS queries
  • Connection timestamps
  • Bandwidth usage per session
  • Source IP addresses

What We Do Store

  • Session metadata (ID, expiry time, region)
  • Payment transaction IDs
  • Server allocation data

We store the minimum needed to operate the service. No traffic data ever touches our database.

Network Security

Traffic Isolation

Even on shared servers, your traffic is isolated:

  • Each user has a unique configuration
  • Traffic is encrypted end-to-end with your unique keys
  • Other users cannot see your traffic
  • No cross-user routing (except within teams)

IP Protection

VPN traffic is routed through the server's public IP. Your home IP is never exposed to destination servers.

Infrastructure Security

Server Provisioning

  • Fresh servers for each dedicated session
  • Servers destroyed when sessions expire
  • No persistent data between sessions
  • SSH access via key-only authentication

Cloud Providers

We use reputable cloud providers with strong security practices:

  • DigitalOcean: SOC 2 Type II certified
  • Hetzner: ISO 27001 certified, EU data privacy compliant

DNS Security

Public DNS is managed through Cloudflare, providing:

  • DDoS protection
  • DNSSEC
  • Automatic SSL/TLS certificates
  • Edge caching and protection

DNS Threat Protection

VPN servers include built-in DNS filtering that blocks malicious domains:

  • Malware blocking: Known malware and phishing domains are blocked at DNS level
  • Ad blocking: Common advertising and tracking domains are filtered
  • Encrypted upstream: DNS queries to upstream resolvers use DNS-over-HTTPS
  • No query logging: DNS queries are not logged or stored
Important Limitation

DNS filtering blocks connections to known malicious domains. It is not antivirus software and cannot scan files or detect malware already on your device.

Privacy

No Account Required

We don't collect:

  • Email addresses
  • Phone numbers
  • Names
  • Physical addresses

Your identity is tied only to your PayPal transaction, which we don't store beyond the transaction ID.

Payment Privacy

We use PayPal for payments:

  • We only receive a transaction ID from PayPal
  • We don't store your PayPal email or personal info
  • PayPal handles all payment security (PCI DSS compliant)

Threat Model

What We Protect Against

  • Network eavesdropping: Modern encryption
  • Man-in-the-middle: Cryptographic authentication
  • IP tracking: Your traffic exits from our server IP
  • Team intrusion: Join codes + cookie authentication
  • Data breaches: Minimal data collection

What's Outside Our Scope

  • Endpoint security: We can't protect a compromised device
  • State-level adversaries: Traffic correlation attacks are possible
  • File-based malware: DNS filtering blocks known malicious domains, but cannot scan downloaded files or detect malware already on your device

Best Practices

For All Users

  • Keep the app updated
  • Don't share your config file
  • Disconnect when not needed

For Team Admins

  • Share join codes only with trusted members
  • Create new teams for different projects
  • Monitor the team services dashboard

Reporting Security Issues

If you discover a security vulnerability, please report it responsibly. Contact us through the website with details. Do not publicly disclose until we've had time to address the issue.