Skip to main content

Our team is available Monday to Friday, 1:00 AM – 5:00 PM GMT

What legal jurisdiction governs NymVPN's operations?

Updated

Nym Technologies SA is registered in Neuchâtel, Switzerland, and NymVPN operates under Swiss jurisdiction. Switzerland has the strongest privacy protections in the world, is politically neutral, and is not part of the 5/9/14-Eyes intelligence-sharing arrangements.

Why Swiss jurisdiction matters

Where a privacy company is based shapes how legal requests for user data are handled, what the company is required to retain, and who its data is shared with under intelligence agreements. Switzerland is one of the most user-friendly jurisdictions in the world on each of those fronts:

  • No mandatory data retention for VPN providers. Swiss law does not require Nym to log what you do.
  • Strong privacy law foundations. The Federal Act on Data Protection (nFADP) sets out clear data-subject rights and obligations. Article 13 of the Swiss Federal Constitution explicitly protects the right to privacy.
  • Politically neutral. Switzerland is not in the EU and not subject to bloc-level data-sharing mandates.
  • Not part of the 14-Eyes alliance. The Five Eyes (US, UK, Canada, Australia, New Zealand), Nine Eyes (adding Denmark, France, Netherlands, Norway), and Fourteen Eyes (adding Germany, Belgium, Italy, Spain, Sweden) all share signals intelligence with each other. Switzerland is in none of them.

What this means for your data

Even setting aside jurisdiction, NymVPN's architecture means there is no meaningful traffic data anywhere we control to hand over. The mixnet's design ensures no single party (including Nym itself) has the full picture to log. See How does NymVPN handle user data and logging? for the architectural detail.

Swiss jurisdiction is a legal backstop on top of the architectural guarantee. Both layers protect you.

What about subpoenas or court orders?

If Nym receives a valid legal request, our response is shaped by two things:

  1. What we have. No meaningful traffic logs exist by architecture, so there is nothing to produce on that front.
  2. What we're required to disclose. Under Swiss law and our terms, we publish an incident disclosure policy and a vulnerability disclosure and bug bounty policy. Any required disclosure is documented through these channels.

Related questions

Does NymVPN have a warrant canary?

NymVPN's transparency commitments are documented at the Nym Trust Center, including independent security audits and our incident disclosure policy.

Is NymVPN subject to GDPR?

Switzerland is not in the EU, but our handling of EU resident data complies with GDPR equivalents under the nFADP framework. See the NymVPN apps privacy statement.

Where can I read Nym's privacy policy?

The NymVPN apps privacy statement covers what data we collect, how it's processed, and your rights.

Related to

Related articles