The antivirus: Used to be good, decent free (in price) tool if you’re in a situation where you need one. Otherwise, Windows Defender is good enough for your needs. (And just don’t install goofy ahh apps on Android, you also don’t need one there).

The VPN: Same as any other VPN company. Chances are you don’t need one, and all of them are based fully on trust. “Least bad” VPN award goes to Mullvad.

NordVPN (and their entire service stack) is not trustworthy at all.

https://ntfy.sh/

Easily set up, and easily attached to other things. Simple notifications about whatever is needed, like service health or updates, new posts on public platforms, etc. A simple curl is plenty to send and receive notifications, and it works on Android without requiring FCM (Google infrastructure).