I have no idea how the 'privacy' is even allowed to be included as an advertisement point.

No end-to-end encryption no claims of privacy allowed.

We pinky promise not to tell anyone is not 'privacy' feature.

So what kind of setup do you suggest for low-maintenance personal / small business use?

For what purpose? If you need to access home services or company service while outside in the world a PERSONAL VPN, i.e. wireguard on your SOHO server at home/office is ok, because you own BOTH the server and the client and your traffic go through a domestic ISP under domestic laws of your countries, laws you know, your lawyer know, you can easy act as needed etc.

If you need a proxy on steroid to watch netflix from another country well, use any commercial VPN, but ONLY for the needed purpose, not for the rest of your traffic.

Your ISP can snoop on you LESS than a commercial VPN vendor, especially if such vendor is based in exotic places without privacy laws, while obviously claiming the contrary in advertisements. There is NO PRIVACY PURPOSE for using commercial VPNs.

Secret stuff, I guess. Appreciate the follow-up.

Secrets means not much: secrets from who? A commercial VPN meaning you just have the client, imply your ISP do not know much about your traffic (just data volume and when they pass) but your VPN provider know ANYTHING, with a far bigger access to your system since you typically have a proprietary client installed with high privileges. So you hide from a domestic ISP to be naked shown to a potentially unknown corporation oversee who can pick much more infos from you.

Let's say you are in countries where porn is forbidden, from Saudi Arabia to South Korea, and you want to hide from locals, ok, you knows your porn habits are known by an offshore unknown company but formally not to the local government, formally, because they might have agreements you do not know and typically VPN providers exists in countries with zero customer protections.

The only VPN you can trust is a FLOSS one, like WireGuard, OpenVPN etc, between hosts you own, and they just guarantee the channel, meaning if you have an Android/iOS device with a VPN link between the phone and you home, the phone itself is not trustable since it's a proprietary device remotely handled by it's OEM/third parties, some you might not even know.

A simple example: let's say you have a secure messaging system, your messages will travel hidden from third parties, but you type them with a virtual keyboard, witch is a typically connected application, who talk aside with their creator: who care about your secure messages since they can snoop them as you type them?

The whole point is the level of secrecy you want. Just downloading pirated materials (like most people do, even if formally it's illegal nearly everywhere) appearing from another country to avoid local laws like Hadopi well, essentially nobody care for real so you might feel safe enough. Being an activist in a dictatorship well, it's a far different thing and in that case the top security is not using integrated electronics at all, like exchanging manually encrypted and hand-sewn in some peer dress (an old but still valid WWII technique), when that's not an option you could trust a bit OLD desktop iron (little firmware's inside) running a FLOSS OS in fully FLOSS stack, like messaging via I2P.