Windscribe disclosed voluntarily that they had servers seized and a potential vulnerability. It's a misconception due to poor reporting that "no servers were encrypted" as no data was stolen or left unencrypted.
The fact remains it shouldn't have happened at all. They were running out dated software, they left some servers unencrypted, the stored private keys on those unencrypted servers. There were a number of pretty basic mistakes that all had to made to lead to this situation.
I don't trust free VPNs as a rule of thumb. Combine this with the fact that Windscribe have only very recently open sourced their desktop application and their mobile and router applications remain closed source, and they have never been subjected to an independent audit (please correct me if I'm wrong), means I would not use them and would not recommend them. I'd be happy to reconsider my position in the future if and when these issues are addressed.
best thing is to create a wallet then we write private manually on paper, make sure there is no internet connection then we take a photo and save the data.
Don't do this. As soon as you take a photo of your seed phrase, then you have opened it up to compromise. Your seed phrase should be written down on paper only, not stored electronically.