Comparing VPN Providers’ Privacy Policies

VPN privacy policies hold key information about your data's security. But how many people actually take the time to read them? This post does the leg work for you, enabling side-by-side comparisons of the major VPN networks' policies so you can make informed decisions.

Analyzing VPN Privacy Policies

VPN network users care more about privacy than general internet users. Yet thanks to the perception of privacy policies as confusing, complex documents, many of the networks’ policies go unread. At vpnMentor, we want all internet users aware of their options and privacy rights. So, we’ll use the space below to analyze and compare major VPN providers’ privacy policies.

Why Do the Privacy Policies for VPN Providers Need a Closer Look?

First off: VPN networks have more discerning users when it comes to privacy matters. After all, private browsing is the number 1 motivation for using a VPN, according to a recent poll. By comparing the networks’ policies side-by-side, users can judge which policy they think will afford them the most privacy.

Another reason: the “anonymity debate” currently engulfs the VPN industry. Some services promise “no logging at all,” while others argue operating without logs is infeasible. By law, the service’s privacy policy must tell users about information collection and use, so it becomes the best source to find out the truth on this issue.

VPN Providers’ Privacy Policies – The Comparisons

Privacy policy detail varies widely among VPN services. The following analysis shows the policies for some of the top networks in our rankings.

Hide My Ass (HMA)

Hide My Ass’ policy is a long, detailed document that sacrifices scan-ability for information totality. Interestingly, HMA endured some negative publicity for its role in the capture of the Sony Pictures website hacker. This publicity helps explain why the company puts so much detail into their privacy and logging policies.

VPN Providers' Privacy Policies: HMA

VyprVPN

VyprVPN presents a scan-able, plain English policy that explains the information it logs:

VPN Providers' Privacy Policies: VyprVPN

Overplay

Overplay Inc, on the other hand, offers very little in terms of policy detail:

VPN Providers' Privacy Policies: Overplay

NordVPN

NordVPN takes the short-and-direct route:

VPN Providers' Privacy Policies: NordVPN

Private Internet Access (PIA)

This network presents a scan-able, easy-to-read page that highlights a firm “no logging” policy.

VPN Providers' Privacy Policies: PIA

The FBI recently put this VPN privacy policy to the test. In its case against Preston McWaters, law enforcement requested information from PIA’s corporate owner, London Trust Media, regarding McWaters’ activities while using PIA. Essentially, the FBI wanted to prove a series of bomb threat emails originated from McWaters’ IP address. Yet thanks to its lack of logs, the company could only show the cluster of IP addresses being used came from the east coast of the U.S., where McWaters lived. So, to prove its case, the FBI turned to alternate leads such as phone tracking, social media records, and bank records.

International Law and VPN Privacy Policies

Over 100 countries and independent jurisdictions and territories around the world have now adopted comprehensive data protection/privacy laws. Most of the information in this article pertains to U.S. rules and regulations. If the website and/or company is based elsewhere, the rules regarding privacy policy agreements may be different.

Map of countries with privacy laws

Credit: Banisar, David, National Comprehensive Data Protection/Privacy Laws and Bills 2016 Map (April 30, 2016).

NordVPN is a good example of how a provider’s location affects its privacy and information logging operations. It is registered out of Panama, where there are no data retention laws. As a result, NordVPN does not keep, monitor, or store time stamps, bandwidth usage, traffic logs, IP addresses, or any other kind of log records. Conversely, HMA is based out of London, UK. Their privacy policy, including their detailed logging policy, is partly a result of its location requirements.

Payment Methods as a Privacy Factor

VPN providers’ payment methods reveal valuable usage detail as well. If you pay for service with Paypal, a credit card, or a direct bank account withdrawal, you are leaving an important information trail. While a VPN’s privacy policy can promise data security, they also allow for the surrender of financial records under pressure of subpoena.

This makes services that accept bitcoin and other cryptocurrencies more appealing to many concerned users. They eliminate billing information requirements and make a user even more isolated from his/her online activity.

Privacy Policy Detail Will Be Key for VPN Providers Going Forward

Collecting sensitive consumer information is an increasingly vital part of daily business. As more e-commerce transactions occur, networks are exposed to more consumer data than ever before. Unfortunately, governments and 3rd parties, like the online advertising industry, can easily gain access without users’ knowledge. One of the biggest reasons they get away with it: no one reads online privacy policies. While the push for “plain English” privacy policies gains traction, there is so far no data to show that more people are reading the agreements.

As online privacy issues gain more momentum, we expect these VPN privacy policies to provide more detail while still considering scan-ability and readability. We hope they become detailed documents, written for general readers (i.e. no legalese), with strong protections for user privacy.

In the meantime, vpnMentor will continue monitoring the privacy policies for web services and VPNs, so you don’t have to.

Was this helpful? Share it!
Nord is offering 75% off for a limited time!