Product Pricing Mac iPhone & iPad Security Contact
Sign in

Security

How we protect your connection

BigCatVPN uses the WireGuard protocol with modern cryptography. We don't store browsing activity, DNS queries, or the originating IP address used for a VPN connection.

Choose your plan Learn about WireGuard

What's under the hood

The protocol, cipher, and logging posture in one place.

Tunnel Cipher
ChaCha20
Browsing Logs
None
VPN Protocol
WireGuard
Key Exchange
Curve25519

Our Security Approach

We protect your privacy through four fundamental security pillars, each designed to keep your data safe and your identity anonymous.

Secure by Design

Our infrastructure is built with security as the foundation, not an afterthought. Every system component is designed to minimize attack surfaces and protect user data from the ground up.

  • WireGuard tunnels at the operating-system level
  • Lean protocol design with a smaller attack surface
  • Restricted, key-based administrative access
  • Principle of least privilege access controls
Advanced Encryption

Your traffic is protected by the WireGuard protocol using ChaCha20-Poly1305 authenticated encryption and Curve25519 key exchange — modern, vetted cryptography built for speed and security.

  • ChaCha20-Poly1305 authenticated encryption
  • Curve25519 key exchange
  • Perfect Forward Secrecy
  • BLAKE2s cryptographic hashing
Minimal Data by Design

We don't store browsing activity, DNS queries, or the originating IP address used for a VPN connection. The less we hold, the less there is to leak.

  • No activity logs or connection logs
  • No IP address storage or tracking
  • No DNS query logging
  • Anonymous payment options accepted
Operational Monitoring

We monitor our infrastructure for availability and abuse and apply security updates as part of routine operations. Logs are retained only to the extent needed to run the service.

  • Availability and abuse monitoring
  • Routine security patching
  • Responsible disclosure for reported issues
  • Minimal operational data retention

Next-Generation Protocol

Why WireGuard Changes Everything

BigCatVPN is built on WireGuard — a modern, lean VPN protocol with strong cryptography.

Fast, Modern Protocol
WireGuard's streamlined codebase keeps the protocol lean and efficient on your devices.
Modern, vetted cryptography
WireGuard pairs ChaCha20-Poly1305 with Curve25519 and BLAKE2s — a fixed, well-studied set of primitives.
Minimal Attack Surface
WireGuard's compact codebase is easier to review and is shipped as part of the Linux kernel.
Perfect for Mobile
Designed for the mobile-first world. WireGuard handles network changes seamlessly and uses minimal battery power, perfect for always-on protection.

No-Logs Policy

Here's exactly what we don't store, and the small set of operational data we do keep.

Traffic & Activity

We do not store:

  • Websites you visit
  • DNS queries
  • The contents of your traffic
  • Connection logs that link you to specific traffic

Identifying Data

We do not store:

  • The originating IP address you connect from
  • Your location history
  • Traffic metadata
  • Profiles built from your activity

What We Do Store

Only the minimum needed to operate:

  • Email address (for account management)
  • Payment information (processed by Stripe)
  • Account creation date
  • Subscription status

Infrastructure Security

How our infrastructure is set up

Standard, conservative choices: minimal server-side data, modern encryption in transit, and restricted administrative access.

Minimal Server-Side Data

VPN servers are configured to keep as little data as possible. We don't store browsing history, DNS queries, or the originating IP address used for a VPN connection.

  • No browsing or DNS logs
  • No retention of originating IP address
  • Minimal operational metadata only

Multi-Layer Encryption

Your data is protected by multiple layers of encryption, from the WireGuard tunnel to our secure server communications. Even our internal systems use end-to-end encryption.

  • ChaCha20-Poly1305 tunnel encryption
  • TLS 1.3 for all communications
  • Encrypted backups and databases

Global Network Security

Our server network sits behind standard network protections at reputable data centers, with locations chosen for performance and reliability.

  • Servers across multiple regions
  • Standard network firewalling and DDoS protection
  • Reputable data center hosting

Access Control & Monitoring

Strict access controls ensure only authorized personnel can access our systems, with comprehensive logging and monitoring of all administrative actions.

  • Multi-factor authentication required
  • Role-based access permissions
  • Comprehensive administrative-action logging

Trust & Transparency

Our Commitment to You

We believe privacy should be transparent. Here's how we earn and maintain your trust every day.

Built for transparency

We aim to be clear about how BigCatVPN is built, how our VPN infrastructure works, and what data we do and do not store. As the product matures, we'll continue publishing plain-English details about our security and privacy practices.

Clear logging posture

Our no-logs policy spells out exactly what we don't store and the small set of operational data we do keep.

Responsible disclosure

Found a vulnerability? Report it to our team and we'll work with you to confirm, fix, and acknowledge the issue.

Ready to try BigCatVPN?

30-day money-back guarantee for first-time subscribers. Cancel anytime.

Get started Read our no-logs policy →