Privacy Policy
Last updated: 7 July 2026
Your privacy is very important to Underwater (“us”, “we”, or “our”), the operator of Noodle VPN (the “App” or “Service”). Underwater is a sole proprietorship established in the Republic of Korea. This Privacy Policy explains how we collect, use, disclose, transfer, and store your information when you use Noodle VPN. Please take a moment to get to know our practices, and contact us at support@underwwwater.com if you have any questions.
Because Noodle VPN is a virtual private network, we have designed the Service to collect and retain as little information about you as reasonably possible. This policy describes both what we keep and — just as importantly — what we do not.
The Short Version
- You can use Noodle VPN anonymously. We assign you an anonymous user ID (UID); we do not require your name, email, or any personal detail to get started.
- We do not keep activity or traffic logs. We do not record the sites, services, or servers you reach through the VPN, your browsing history, your DNS queries, or any record linking your real IP address to your online activity.
- We do keep limited operational data — such as connection timestamps and your monthly data usage — to run the Service and enforce free-plan limits.
- We do not show ads, and we do not use third-party analytics.
- We do not sell your data, and we do not share it with anyone except where strictly necessary to provide the core VPN service (for example, the server infrastructure that carries your connection).
The sections below explain all of this in full.
Governing Law
We collect and process your personal data in accordance with the relevant data protection regulations, in particular the Personal Information Protection Act (PIPA) of the Republic of Korea. This means we may process your personal information for the purposes described in this Privacy Policy: with your consent; where it is necessary to perform a contract with you or to take steps at your request before entering into a contract; where it is necessary to comply with a legal obligation to which Underwater is subject; or where it is necessary for the legitimate interests pursued by Underwater or by a third party, provided those interests are not overridden by your rights.
The personal information controller responsible for your data is Underwater (business registration number 806-06-02790), located at 101 Gwangjin World Meridian 1-cha, Achasan-ro 78-gil 57, Gwangjin-gu, Seoul, South Korea. If you have any questions about how your personal data is handled, you can contact the controller at support@underwwwater.com.
Information We Collect
At sign-up — nothing is required
When you first use Noodle VPN, we assign you an anonymous user ID (UID). You can use the Service with this UID alone, without providing any personal information.
Optional email account
You may choose to register an email address. Doing so lets you recover your account if you lose or change your device, manage your account through our web dashboard, and access additional features. This is entirely optional.
Please understand the trade-off: if you use Noodle VPN anonymously and then lose access to your device, we have no way to identify you or recover your account, because we hold nothing that links the account to you. An email address is the only thing that lets us help in that situation.
Operational data
To operate the Service, prevent abuse, and enforce free-plan usage limits, we keep a limited amount of operational information, such as:
- Connection timestamps — when a VPN session begins and ends.
- Monthly data usage — the total volume of data used on your account each month.
This operational data is associated with your UID (and your email, if you provided one). It is not linked to your browsing activity, the destinations you visit, or the contents of your traffic.
Payment information
Noodle VPN is a freemium service. Paid subscriptions are processed through Apple In-App Purchase and Google Play In-App Purchase, and we plan to add PayPal and possibly other payment gateways in the future. These payment providers handle your transaction and payment details directly under their own privacy policies; we do not receive or store your full payment card details.
Communications with us
If you contact us (for example, at support@underwwwater.com), we keep your email address and a record of that communication so we can respond and improve our support.
What We Do Not Log
Noodle VPN is built around not knowing what you do online. We do not log or store:
- the websites, applications, or servers you connect to through the VPN;
- your browsing history or the contents of your network traffic;
- your DNS queries;
- any record that pairs your real (source) IP address with your VPN activity or the destinations you reach.
We cannot see what you do while connected, and we cannot reconstruct it afterwards. This also means that if we ever receive a legal request for such information, we simply do not have it to provide (see Legal Requests below).
How We Use Your Information
We use the information described above to:
- provide, maintain, and operate the VPN Service;
- assign and manage your account, and — where you have provided an email — enable account recovery and the web dashboard;
- enforce free-plan limits and prevent fraud, abuse, or misuse of the Service;
- process payments through the providers listed above;
- respond to your inquiries and support requests;
- protect the security and integrity of our systems;
- comply with our legal obligations; and
- send you important service notices, such as communications about changes to our terms, conditions, and policies. Because this information is essential to your use of Noodle VPN, you may not opt out of these particular messages while you hold an account.
We do not use your data for advertising, and we do not profile you for marketing purposes.
Disclosure to Third Parties
We do not sell your personal information, and we do not share it with anyone except where it is strictly necessary to provide the core VPN service. Specifically:
- Server infrastructure. Noodle VPN currently runs on a combination of our own servers and third-party server providers. Your encrypted connection necessarily passes through this infrastructure in order for the VPN to function.
- Payment processors. As described above, Apple, Google, and (in future) PayPal or other payment gateways process your payments under their own privacy policies.
We do not disclose your personal information to advertisers, data brokers, or analytics companies, because we do not work with any.
Legal Requests
We may be required to disclose information in response to a valid legal demand — such as a court order, subpoena, or lawful request from a government or law-enforcement authority — where we are legally obliged to comply.
However, we can only ever provide information that we actually hold. Because we do not keep activity or connection logs, there is no browsing history, traffic content, or destination record for us to hand over. Where we are legally able to do so, we will review each request for validity and scope, and push back on requests that are overbroad or unlawful.
Cookies and Similar Technologies
Our website and web dashboard may use cookies and similar technologies to keep you signed in and to make the dashboard work. You can disable cookies in your browser settings, but some features of the dashboard may then be unavailable. Because we do not run advertising or third-party analytics, we do not use tracking or advertising cookies.
Protection of Your Information
We take appropriate security measures to protect against unauthorized access to, or unauthorized alteration, disclosure, or destruction of, your data. These include internal reviews of our data-collection, storage, and processing practices, appropriate encryption, and physical security measures for the systems where we store data.
Inside Underwater, access to personal information is restricted to those who need it to operate and maintain the Service, and they are bound by confidentiality obligations.
When you connect to our Service, we use encryption such as Transport Layer Security (TLS) to protect information in transit. That said, no method of transmitting or storing data is 100% secure, so we cannot guarantee absolute security.
Data Retention
We retain your personal information only for as long as necessary to fulfill the purposes described in this policy, to enforce our Terms of Service, or to comply with our legal obligations.
- Account data (UID, and email if provided) is kept until you delete your account.
- Operational data (connection timestamps, monthly usage) is retained for 90 days, after which it is deleted or aggregated into non-identifiable statistics.
There may be cases where we cannot delete data in its entirety due to legal retention periods.
Your Rights and Choices
You are entitled to request information about the personal data we hold about you, to have incorrect data corrected, and to request the freezing or deletion of your data. You are also entitled to data portability, and you may object to the processing of your data at any time with effect for the future.
You can delete your account — including any associated email address and content — from within the App settings or the web dashboard.
Please note: if you use Noodle VPN anonymously, we hold nothing that identifies you as an individual, so in most cases there is no personal data for us to retrieve, correct, or specifically delete on request. We may decline requests where they would risk the privacy of others, would be extremely impractical, or where fulfilling them is not required by law.
International Data Transfers
Because Noodle VPN routes your connection through servers that may be located in various countries, your data (such as the encrypted connection itself and limited operational data) may be processed outside the Republic of Korea. Where this occurs, we take steps to ensure your information continues to be protected in line with this policy and applicable law.
Children
Noodle VPN is designed for adults aged 18 or older. We do not knowingly collect personal information from children under 18, or the equivalent minimum age in the relevant jurisdiction. If we learn that we have collected such information, we will take steps to delete it as soon as possible. Contact us at support@underwwwater.com if you have any concerns.
Third-Party Sites and Services
Our website, dashboard, or Service may contain links to third-party websites or services. We are not responsible for the information practices of those third parties, and we encourage you to read their privacy policies before submitting any personal information to them.
Changes to This Policy
Our Privacy Policy may change from time to time. When we change it, we will post the updated version at this page. If a change is significant, we will also provide a more prominent notice.
Privacy Questions
If you have any questions about this Privacy Policy or our data processing, or if you would like to make a complaint about a possible breach of local privacy laws, please contact us at support@underwwwater.com.