Privacy Policy

Nostr VPN (to.iris.nvpn)

Last updated: March 28, 2026

Introduction

Nostr VPN is an open-source mesh VPN application developed by Sirius Business Ltd. It uses the Nostr protocol for peer discovery and WireGuard for secure tunneling. This policy describes how the app handles your data.

The source code is publicly available under the MIT license at github.com/mmalmi/nostr-vpn.

Data We Collect

Nostr VPN does not collect, store, or transmit any personal data to us. There are no ads, analytics, tracking, or telemetry of any kind.

How the App Works

The app operates on a peer-to-peer basis:

• Nostr keypairs are generated and stored locally on your device. Your private key never leaves your device.
• Nostr relays are used solely for signaling: discovering peers and exchanging encrypted connection metadata. Messages sent through relays are encrypted and only readable by the intended recipient.
• Network traffic passes directly through WireGuard tunnels between peers. No traffic is routed through any central server operated by us.

Permissions

The app requests the following permissions:

• INTERNET — Required to connect to Nostr relays and establish WireGuard tunnels.
• CAMERA — Used only to scan QR codes for adding peers. Camera access is not used for any other purpose.
• POST_NOTIFICATIONS — Used to show VPN connection status notifications.
• FOREGROUND_SERVICE — Required to keep the VPN tunnel active while the app is in the background.

Third-Party Services

The app connects to public Nostr relays for signaling purposes. These are third-party servers that may have their own privacy policies. The data sent to relays consists of encrypted Nostr messages used for peer discovery and connection setup. No personally identifiable information is transmitted in plaintext.

Data Storage

All app data, including your Nostr keypair and peer configurations, is stored locally on your device. No data is stored on any server operated by us.

Children's Privacy

Nostr VPN does not collect any personal information from anyone, including children under the age of 13.

Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated revision date.

Contact

If you have questions about this privacy policy, you can reach us at:

Sirius Business Ltd
Email: sirius@iris.to