Name: Doppler VPN
Brand: Doppler VPN
Price: 6.99 USD
Availability: InStock

This page explains, in concrete technical terms, how Doppler VPN protects your traffic and your identity: the protocol we run, what is encrypted, what we store — and what we deliberately cannot store — and how to report a vulnerability.

Protocol: VLESS-Reality over Xray-core

Doppler VPN runs the VLESS protocol with the Reality transport on Xray-core. Unlike OpenVPN, WireGuard, or IKEv2 — whose handshakes are fingerprintable and routinely blocked by deep packet inspection (DPI) — Reality makes your connection indistinguishable from an ordinary TLS 1.3 session with a real, existing website.

During the handshake, Reality presents the TLS certificate of a genuine destination site, so censors performing SNI inspection or active probing see valid TLS to a legitimate domain. This is why Doppler keeps working in networks where mainstream VPN protocols are detected and dropped.

Read the full VLESS-Reality protocol explainer →

Encryption in transit

All tunnel traffic is protected by TLS 1.3 with an X25519 key exchange — the same cryptography that protects online banking. DNS queries are resolved inside the encrypted tunnel, so your ISP or local network cannot see, log, or tamper with the domains you visit.

XTLS Vision flow control avoids double-encrypting traffic that is already TLS-protected. That improves speed and removes the layered-encryption fingerprint that DPI systems look for.

No-logs architecture

Our no-logs policy is enforced by architecture, not just by promise: VPN traffic is never inspected, logged, modified, or stored.

What we never store

Browsing activity or history
Connection timestamps
Originating or assigned IP addresses
DNS queries
Bandwidth usage
VPN session duration

The only things we store

A randomly generated device identifier (not linked to your identity)
Anonymous, aggregated server performance metrics
An email address — only if you voluntarily contact support

Data retention

VPN usage data: not retained (no-logs)
Account data: while active, plus 30 days after deletion
Payment records: 6 years (tax and accounting law)
Support correspondence: 12 months after resolution

No-registration account model

You never create an account with an email or phone number. Your device generates a random account ID in the form VPN-XXXX-XXXX-XXXX, and that ID is your subscription. There is no identity to leak, because none is collected in the first place.

Learn more about the no-registration model →

Infrastructure & website security

Server configurations are stored server-side and delivered over authenticated APIs — never embedded in the apps. The website enforces HTTPS with HSTS preload, a Content-Security-Policy, strict referrer and permissions policies, and frame denial.

Payments are processed by Revolut (cards, Apple Pay) and OxaPay (cryptocurrency). Card details never touch Doppler servers.

Responsible disclosure

Found a vulnerability? We want to hear about it. Contact us at the address below, or see our machine-readable security contact file (RFC 9116). We aim to acknowledge reports within 72 hours.

supportsimnetiq.store
View our security.txt

Jurisdiction & company

Doppler VPN is operated by SIMNETIQ LTD (company number 16861177), registered in England and Wales and subject to UK GDPR. Because of the no-logs architecture, there is no browsing activity to hand over in response to legal requests.

Related documents: Privacy · DPA · Subprocessors

Security at Doppler VPN