You've mentioned that you use a VPN several times, and seem secure in the belief that they're protecting your privacy, but there are some things you should be aware of.
DNS leaks:
"A DNS leak may happen whenever a DNS query ‘bypasses’ the routing table and gateway pushed by the OpenVPN server. The trigger on Windows systems may be as simple as a slight delay in the answer from the VPN DNS, or the VPN DNS unable to resolve some name.
This means that rather than using the DNS servers provided by the VPN operator, it’s possible that the user’s default DNS servers will be used instead or otherwise become visible."
https://torrentfreak.com/how-to-make-vpns-even-more-secure-*204**/
The article I quoted goes on to talk about using more than one VPN at a time, or using TOR in addition to a VPN for added security, in addition to other related topics.
You can check for DNS leaks while using your VPN here:
https://www.dnsleaktest.com/
What if your nefarious exploits were discovered? Is your VPN keeping records, and if so, would they give them up if served with a subpoena? Some questions you need to ask are:
*. Do you keep ANY logs which would allow you to match an IP-address and a time stamp to a user of your service? If so, exactly what information do you hold and for how long?
2. Under what jurisdiction(s) does your company operate?
*. What tools are used to monitor and mitigate abuse of your service?
4. Do you use any external email providers (e.g. Google Apps) or support tools ( e.g Live support, Zendesk) that hold information provided by users?
5. In the event you receive a DMCA takedown notice or European equivalent, how are these handled?
6. What steps are taken when a valid court order requires your company to identify an active user of your service? Has this ever happened?
7. Does your company have a warrant canary or a similar solution to alert ********s to gag orders?
8. Is BitTorrent and other file-sharing traffic allowed on all servers? If not, why?
*. Which payment systems do you use and how are these linked to individual user accounts?
*0. What is the most secure VPN connection and encryption algorithm you would recommend to your users? Do you provide tools such as “kill switches” if a connection drops and DNS leak protection?
**. Do you use your own DNS servers? (if not, which servers do you use?)
*2. Do you have physical control over your VPN servers and network or are they outsourced and hosted by a third party (if so, which ones)? Where are your servers located?
https://torrentfreak.com/anonymous-vpn-service-provider-review-20*5-*50228/
It continues with interviews of several VPN providers and their answers to these questions.
Some other things you need to think about is the browser you're using and how it's configured. Do you have JavaScript enabled globally, or just for selected sites you visit? Consider using Firefox as your browser and the NoScript extension for an added layer of security. You can see what info your browser is giving away about you here:
https://www.browserleaks.com
You might want to consider disabling, or uninstalling Flash, as it's notoriously insecure and several Zero-Day exploits have been revealed in the past few weeks. The last site I referenced will also show you what info your browser gives away through Flash.