How it works
_Last updated: 2026-05-16._
solotunnel is private and stateless by design. Every VPN server
is yours alone (no shared exit nodes, no other users on your IP),
runs in an ephemeral container with no disk attached, and keeps its
peer list in memory only. There is no traffic log to leak or sell —
because no traffic log is ever written.
This page covers both what we don't store and how the technical
setup makes that hold up. For account-level data (email, billing),
see the Privacy policy.
What we do not store
We do not collect, store, or otherwise process:
- Your VPN traffic (the bytes flowing through the tunnel).
- DNS queries you make through the VPN.
- Source or destination IP addresses of your traffic.
- The peer (public) IP your WireGuard handshakes come from.
- Per-device, per-peer, or per-session telemetry.
- Bandwidth or session-duration counters.
We can't show you a "traffic dashboard" because we deliberately do
not collect the data needed to build one.
How the setup enforces that
Each VPN server is a per-tenant Container Instance running
wg-easy. It holds the
WireGuard peer table in memory.
- No file-share mount. We deliberately do not mount any
persistent disk. When the container restarts, the WireGuard
configuration is regenerated, peers are re-issued, and any
transient wg show counters are dropped on the floor.
- No log shipping from tenants. Tenant containers send
stderr
to a time-series database only at the info level for lifecycle
events (start, ready, shutdown). Per-packet or per-handshake
logging is disabled.
- No control-plane traffic logs. The control plane sees activate
/ delete / config-download calls (because they are the API), but
it never sees a single byte of your tunnelled traffic — it isn't
on the data path.
What we do record (and why)
See the Privacy policy for the full list. In short:
account data needed to log you in, plan data needed to bill you,
and instance metadata (region + state + container FQDN) needed to
show your dashboard and stop idle servers.
To keep costs (and your bill) down, idle VPN servers are shut down
automatically after a period of inactivity. The check reads the
WireGuard latest handshake field on each running server and
compares it against the idle threshold — it does not record
the handshake time itself.
What we cannot promise
- Stripe sees your payment metadata. We have no influence over
Stripe's retention.