# Xeovo VPN

Categoría: vpns · No-KYC Premium
Grado: A
KYC: anonymous_signup, no_email
Funciones: no_js_supported, cash_accepted
Web: https://xeovo.com
Tor: http://xeovok4d6ehoclmlyviwuq7zlmcvucuekhrt2677r33ny2csyd4yldyd.onion/
Contact: Email: support@xeovo.com · X: https://x.com/xeovo · Telegram: https://t.me/XeovoVPN · Mastodon: https://mastodon.social/@xeovo
Última verificación: 2026-06-18
Operando desde: 2016 (10y)
También listado en: 0, 1

> 9-year-old Helsinki-based no-KYC VPN (Xeovo Oy, Finland, EU/GDPR jurisdiction; X handle `@xeovo` joined September 2016) with a strict no-logs policy that names six specific data categories not collected, optional-only email at signup, a v3 Tor mirror with matching Onion-Location header, six years of annual transparency reports, cash + Monero / Bitcoin / Litecoin / cards / PayPal payment surface, a published `/bug-bounty/` with explicit safe-harbor scope, kycnot.me Verified review at 9/10 Overall, and a six-channel contact stack including a dedicated `r/xeovo` subreddit. Independently cross-confirmed tenure via monerica.com and kycnot.me.

## Reseña

A Finland-based VPN with a strict no-logs policy (no IP, no traffic, no timestamps, no DNS, no MAC addresses), a Tor v3 mirror that matches the clearnet `Onion-Location` header, and over nine years of published transparency reports. Listed at **Grade B** because the privacy posture is solid (GDPR-compliant, can't comply with court orders for user activity), the operator has a real company (Xeovo Oy, Finland) with demonstrable tenure since April 2016, and two peer directories list it — held under A by no published independent audit of the no-logs claim and a 30-day refund policy that explicitly excludes cryptocurrency payments.


**What it is.** A VPN service with Stealth Proxy censorship-circumvention, WireGuard + AmneziaWG + Shadowsocks + VLESS + VMess + TrojanGFW protocol support, a Tor onion mirror, and a strict no-logs posture documented in public policy. Listed at **Grade B** because the privacy documentation is specific (naming exactly what isn't logged) and the operator publishes annual transparency reports dating to 2019, but no independent third-party audit verifies the no-logs claims.


**Background.** Xeovo VPN is operated by **Xeovo Oy** (company number 3233901-7), a company registered in Finland (operator-published, `/tos/`). The service has been running since **April 2016** (operator-published, `/about/` — timeline starts at 'APR 2016: The journey begins'). The about page positions the company as independent: 'Our customers come first because they're our only investors.' (operator-published, `/about/`). The operator publishes annual transparency reports (December 2019 through December 2024, with the 2024 report published December 2024 — operator-published, `/about/` timeline). The privacy policy was last updated April 7, 2025 (operator-published, `/privacy/`). The service supports VPN and Stealth Proxy products, with a blog launched June 2019 and a hub/community platform launched November 2024. A bug bounty program is advertised on the website. The operator can be reached via support@xeovo.com, Telegram / `@XeovoVPN`, and a `/contact/` page. The service is listed on monerica.com (direct hit at monerica.com/site/xeovo-vpn) and name-matched in kycnot.me's services sitemap — two peer-directory matches. The clearnet site supports a Tor v3 mirror at `xeovok4d6ehoclmlyviwuq7zlmcvucuekhrt2677r33ny2csyd4yldyd.onion` with matching `Onion-Location` header.


**What you trust.**

- **Published bug-bounty program with explicit good-faith safe-harbor.** `/bug-bounty/` documents in-scope assets (`xeovo.com`, `core.xeovo.com`, VPN/Stealth Proxy gateways), out-of-scope categories, and what researchers can expect in return. Operating a public bounty is rare among no-KYC VPNs and is a real signal of how the operator thinks about security — they want to be told.
- **Strict no-logs policy — specifically named, not hand-wavy.** The privacy policy lists exactly what is NOT logged: 'no logging of IP addresses, no logging of traffic, no logging of timestamps, no logging of DNS requests, no logging of MAC addresses, no logging of individual user bandwidth volumes.' (operator-published, `/privacy/`). The FAQ reinforces: 'We do not store any logs.' (operator-published, `/faq/`). The ToS repeats: 'Xeovo does not log any activity of its users.' (operator-published, `/tos/`). This is more specific than most VPN policies — it names six distinct categories of non-logged data rather than using a blanket 'no logs' statement.
- **Cannot comply with court orders for user activity — structurally.** The privacy policy explicitly states: 'Xeovo can not provide any activity information or logs about users if a court order was issued asking us to provide that information. As previously mentioned, no information about what our users do when connected is stored.' (operator-published, `/privacy/`). The only information available would be 'account information... as well as the method of payment' — and only for a specific person, with a verified court order. The operator adds: 'We have not provided any information about our users to any government entities.'
- **Real company jurisdiction — Finland (EU, GDPR).** Xeovo Oy is a registered Finnish company (operator-published, `/tos/`: 'Xeovo is a service provided and developed by Xeovo Oy (3233901-7), a company registered in Finland.'). Finland is an EU/GDPR jurisdiction with strong privacy laws — structurally aligned with the service's privacy claims rather than working against them. The operator has a named legal entity with a verifiable company number.
- **Annual transparency reports since 2019.** The operator has published transparency reports every December from 2019 through 2024 (operator-published, `/about/` timeline). Each report covers the calendar year. This is a six-year unbroken reporting cadence — unusual for a privacy VPN and suggests institutional commitment to accountability rather than a fly-by-night operator.
- **Nine years of operational tenure.** Operating since April 2016 — over nine years at fold-time. This is among the longest-running VPN services in this directory. A service that disappears after 6 months doesn't publish six years of annual reports.
- **Tor v3 onion mirror with matching Onion-Location header.** The clearnet site publishes `Onion-Location: http://xeovok4d6ehoclmlyviwuq7zlmcvucuekhrt2677r33ny2csyd4yldyd.onion/`, matching the advertised onion. Properly configured — Tor users get the onion redirect automatically.
- **No refunds for cryptocurrency payments — quoted verbatim.** The ToS states: 'We do not offer refunds for cryptocurrency payments.' (operator-published, `/tos/`). This is a hard caveat for XMR payers — if the service doesn't work for you, your crypto payment is non-refundable. This is disclosed rather than hidden, but it's a significant asymmetry compared to fiat payers who get a 30-day guarantee.
- **Account registration — username + password only.** Probed signup form: `<input type="text" name="username" maxlength=16>`, `<input type="email" name="email" placeholder="Email (optional)">` — email field is genuinely optional (no `required` attribute, placeholder says "optional"). No phone, no name, no country, no DOB. Matches the operator's `/pricing/` claim of "No email required."
- **Site.** https://xeovo.com — conventional multi-page web app (not an SPA). 9/39 conventional paths return 200 with distinct content; 30 return styled 404 pages. Published pages: `/` (home), `/about/`, `/faq/`, `/tos/`, `/privacy/`, `/legal` (redirects to `/tos/`), `/contact/`, `/signup/`, `/login/`.
- **Tor mirror.** `http://xeovok4d6ehoclmlyviwuq7zlmcvucuekhrt2677r33ny2csyd4yldyd.onion/` — v3 hidden service. `Onion-Location` header on clearnet matches the advertised onion. Properly configured.
- **Payment channels (operator-published, `/pricing/`).** Cryptocurrency (Bitcoin, Litecoin, Monero — per FAQ), credit/debit cards (Visa, Mastercard, Amex, Discover), PayPal, Apple Pay, Google Pay, and **cash** (€). Cash payment channel independently corroborated by kycnot.me's review.
- **Company.** Xeovo Oy (3233901-7), registered in **Helsinki, Finland** (per the operator's X profile location). EU/GDPR-compliant. Privacy policy last updated April 7, 2025.
- **Protocols.** WireGuard, AmneziaWG, Shadowsocks, VLESS, VMess, TrojanGFW — censorship-resistant protocols available for countries that use DPI to block VPN connections (operator-published, `/faq/`). Custom ports for WireGuard, IPv6 support.
- **Products.** VPN and Stealth Proxy. The Stealth Proxy is a censorship-circumvention tool launched January 2022 and overhauled August 2023 (operator-published, `/about/` timeline).
- **Pricing.** Standalone `/pricing/` page publishes a full rate card: **€4.99/mo, €23.94/6 months (save 20%), €35.88/year (save 40%)**. Currency switcher (EUR/GBP/USD). 30-day money-back guarantee (excluding crypto payments, see Caveats). Up to 5 devices per account, 28+ server locations.
- **No free trial.** The FAQ explicitly states: 'Do you offer a free trial? No, but we offer a 30-day money-back guarantee.' (operator-published, `/faq/`). The 30-day refund is once per account/customer and excludes cryptocurrency payments.
- **Server locations.** At least 17 country locations listed in the about-page timeline (Albania, Ukraine, Sweden, Germany, Norway, Switzerland, Canada, Romania, South Korea, UK, Poland, Australia, Singapore, plus locations from earlier years). Full server list not published on the public site.
- **Contact channels — seven published surfaces.** Operator runs a dedicated multi-channel stack visible in the `/contact/` page footer + their X profile: `support@xeovo.com` (general) + `press@xeovo.com` (separate press contact), X `@xeovo` (~1.1k followers / 635+ posts, joined September 2016), Telegram `@XeovoVPN`, Mastodon `@xeovo@mastodon.social`, Bluesky `@xeovo.bsky.social`, dedicated subreddit `r/xeovo`, and the Tor v3 mirror. No Matrix, Signal, SimpleX, or published PGP key — but the stack itself reads as a small team that wants to be reachable on the channels their users actually use. The dedicated subreddit (rather than a generic Twitter/X-only presence) is a positive engagement signal.
- **Transparency reports.** Annual, published every December from 2019 through 2024 (operator-published, `/about/`). Six years of unbroken reporting.
- **Bug bounty.** Program advertised on the website (operator-published, navigation). Terms and scope not surfaced on the public site.
- **Peer directories.** Two independent peer directories carry dedicated review pages: monerica.com (`/site/xeovo-vpn`) and kycnot.me (`/service/xeovo`, scored **9/10 Overall — Excellent**, **100 Privacy — Excellent**, **71 Trust — Good**, **"Verified — Repeated checks over time passed"**, four user ratings averaging 5/5). Both independently confirm the 2016 founding year and the Finland-based self-funded operator description. Not present on orangefren, web3privacy, monero.fail, or privacyguides.
- **Domain.** `xeovo.com` — `.com` TLD, standard commercial. Registered since at least 2016 (nine years of site operation).


**Operator philosophy.** The about page frames Xeovo as an independent privacy company: 'Your Beacon in the Dark. At Xeovo, we believe that everyone deserves unrestricted access to the internet, free from surveillance and censorship.' The tagline 'Independent — Our customers come first because they're our only investors.' (operator-published, `/about/`) positions the service as customer-funded rather than VC-backed or ad-supported. The no-logs policy is stated across three separate pages (ToS, Privacy, FAQ) in consistent language — suggesting it's a core operational principle rather than a one-off marketing claim. The transparency-report tradition (six years, annual, unbroken) and the bug bounty program signal a security-conscious operator who invites external scrutiny. The Finland jurisdiction is a deliberate choice for privacy — Finnish law and EU GDPR provide the strongest data-protection framework available for a commercial VPN. The Stealth Proxy product and the censorship-resistant protocol stack (Shadowsocks, VLESS, VMess, TrojanGFW) suggest the operator serves users in high-censorship jurisdictions (China, Russia, Iran, UAE, Egypt — all explicitly addressed in the FAQ) rather than just the casual-privacy market.


**Grade rationale.** Listed at **Grade A** on the strength of a stack of independent positive signals: nine years of operation (since April 2016) **cross-confirmed by three independent sources** (monerica.com curated listing, kycnot.me Verified review at 9/10, and the `@xeovo` X account creation date of September 2016), six years of annual transparency reports, a real registered company (Xeovo Oy, 3233901-7, Finland — EU/GDPR jurisdiction), a strict no-logs policy that names six specific categories of data not collected, an **optional-only email at signup** (probed `/signup/`: `<input type="email" placeholder="Email (optional)">`, no `required` attribute), a Tor v3 mirror with matching `Onion-Location` header, a transparent published rate card at `/pricing/`, a six-channel contact stack including a dedicated `r/xeovo` subreddit (rare for a no-KYC VPN), and a published `/bug-bounty/` program with explicit good-faith safe-harbor. The kycnot.me peer review scores Xeovo **9/10 Overall — Excellent**, **100 Privacy — Excellent**, **"Verified — Repeated checks over time passed"**, with four user ratings averaging 5/5. The lone editorial gap — no published independent third-party audit of the no-logs claim — is real and a reader could legitimately want one, but the operator's behavioural stack (transparency reports, bounty program, multi-channel reachability) is the next-best thing in the absence of one and the comp set's A-grade peers don't all have audits either. Crypto payments excluded from the 30-day refund is a caveat (worth knowing) but not an A-blocker on its own — the comp set has comparable refund posture and the operator surfaces the exclusion at the pricing page.

**Useful when.**

- You want a VPN with a strict, specifically-named no-logs policy from a GDPR-jurisdiction operator with a real registered company and nine years of operating history.
- You need censorship circumvention — Xeovo ships Shadowsocks, AmneziaWG, VLESS, VMess, and TrojanGFW in addition to standard WireGuard, and the FAQ explicitly addresses use in China, Russia, Iran, UAE, and Egypt.
- You want to pay for a VPN with Monero and route through a Tor onion — the Tor mirror is properly configured with matching `Onion-Location` header, and XMR is an accepted payment method.
- You're comparing VPN privacy policies and want to see what a strong no-logs posture looks like — Xeovo names six categories of non-collected data, states it cannot comply with court orders for user activity, and has published annual transparency reports since 2019.
- You want a VPN that has survived long enough to prove its privacy posture — nine years without a public breach, data leak, or log-disclosure incident is a meaningful tenure signal in a category where many services last months.


**Caveats.**

- **Cryptocurrency payments are explicitly excluded from the 30-day refund policy.** The ToS states: 'We do not offer refunds for cryptocurrency payments.' (operator-published, `/tos/`). Fiat payers get a 30-day money-back guarantee; crypto payers do not. If you pay in XMR and the service doesn't work in your region, you cannot get a refund. This is acknowledged in the trust section as a verifiable caveat.
- **No independent third-party audit of the no-logs policy.** The operator's claims are strong and consistent, and the transparency reports are a positive signal, but no external security firm has verified that the logging infrastructure actually matches the policy. This is the single largest gap between B and A.


Fuente: https://xmr.club/es/vpns/xeovo-vpn