No-logs policy

_Last updated: 2026-05-14._

solotunnel is private and stateless by design. Every VPN server

is yours alone (no shared exit nodes, no other users on your IP),

runs in an ephemeral container with no disk attached, and keeps its

peer list in memory only. There is no traffic log to leak, subpoena,

or sell — because no traffic log is ever written.

"No logs" is an over-used phrase in the VPN industry. The rest of

this page spells out exactly what we mean.

The short version

We do not collect, store, or otherwise process:

• Your VPN traffic (the bytes flowing through the tunnel).
• DNS queries you make through the VPN.
• Source or destination IP addresses of your traffic.
• The peer (public) IP your WireGuard handshakes come from.
• Per-device, per-peer, or per-session telemetry.
• Bandwidth or session-duration counters.

Even if a court ordered us to produce such records tomorrow, we

would have nothing to produce — because we never wrote them down.

How it works technically

Each VPN server is a per-tenant Azure Container Instance running

wg-easy. It holds the

WireGuard peer table in memory.

• No file-share mount. We deliberately do not mount Azure Files

or any persistent disk. When the container restarts, the WireGuard

configuration is regenerated, peers are re-issued, and any

transient wg show counters are dropped on the floor.

• No log shipping from tenants. Tenant containers send stderr

to Azure Log Analytics only at the info level for lifecycle

events (start, ready, shutdown). Per-packet or per-handshake

logging is disabled.

• No control-plane traffic logs. The control plane sees activate

/ delete / config-download calls (because they are the API), but

it never sees a single byte of your tunnelled traffic — it isn't

on the data path.

What we do record (and why)

See the Privacy policy for the full list. In short:

account data needed to log you in, plan data needed to bill you,

and instance metadata (region + state + container FQDN) needed to

show your dashboard and run the idle-reaper.

The hourly reaper checks each running VPN's WireGuard `latest

handshake` field to decide whether the server is idle (>24h since

any handshake). It does not record the handshake time itself —

it just compares, decides, and moves on.

What we cannot promise

• Your upstream ISP and the Azure region can still see that you

connected to <some-fqdn>.azurecontainer.io on UDP/51820. A VPN

hides traffic from your local network; it cannot hide its own

existence from the hosting provider.

• Stripe sees your payment metadata. We have no influence over

Stripe's retention.

• Subpoenas can compel us to put new logging in place going

forward (it is technically impossible to log retroactively). We

will publish a warrant canary

if and when commercial deployment begins.

How to verify

The control-plane and tenant images are built from the public

repository at <https://github.com/pelithne/myvpn>. You can read the

provisioning code (controlplane/lib/provisioner.js), the Bicep

templates (infra/), and the reaper (controlplane/reaper.js) to

confirm there is no traffic-logging hook anywhere in the stack.