Transparency is core to our mission. Here's exactly how VPN Fleet protects your privacy at every layer.
RAM-Only Servers
Every VPN Fleet server runs entirely from volatile memory. The operating system and VPN software are loaded from encrypted, signed images on each boot. No hard drives or SSDs are present. If a server is seized or loses power, all data vanishes instantly.
Encryption Stack
- WireGuard: Noise protocol, Curve25519 key exchange, ChaCha20 symmetric encryption, Poly1305 MAC, BLAKE2s hashing
- OpenVPN: AES-256-GCM, RSA-4096 handshake, SHA-512 HMAC, Perfect Forward Secrecy via ECDHE
DNS Protection
We run our own recursive DNS resolvers on every VPN server. Your DNS queries never leave the encrypted tunnel and are resolved locally, then discarded. No DNS query logs are kept.
Kill Switch Architecture
Our kill switch operates at the firewall level (iptables/nftables on Linux, PF on macOS, WFP on Windows). If the VPN connection drops, ALL internet traffic is blocked — not just routed differently, but completely blocked until the VPN reconnects.
Multi-Hop Implementation
Multi-hop routes your traffic through two VPN servers in different countries with separate encryption layers. Even if one server were compromised, the attacker would only see encrypted traffic heading to another server — never your real IP or destination.
We believe actions speak louder than words. Our architecture makes logging technically impossible, not just a policy promise.