Private Internet Access Privacy Report

Private Internet Access has a high score due to its privacy policy and encryption methods. The VPN doesn’t log users’ web activity or IP addresses, and users can delete their data. However, the VPN lost points due to its lack of regular software updates and multi-factor authentication; only two-factor authentication is available.
Encryption
In Transit | Yes |
---|---|
At rest? | Yes |
All network communications and capabilities? | Yes |
Security Updates
Automatic, regular software/ firmware updates? | No |
---|---|
Product available to use during updates? | No |
Passwords
Mandatory password? | Yes |
---|---|
Two-Factor authentication? | Yes, but must opt in |
Multi-Factor authentication? | No |
Vulnerability Management
Point of contact for reporting vulnerabilities? | security@privateinternetaccess.com |
---|---|
Bug bounty program? | Yes |
Privacy Policy
Link | https://www.privateinternetaccess.com/pages/privacy-policy/ |
---|---|
Specific to device? | No |
Readable? | Yes |
What data they log | Payment method, login ID, date, time of registration, email address, payment data, cookies, state and zipcode |
What data they don’t log | Metadata logs regarding when a subscriber accesses the VPN service, how long a subscriber’s use was, and what IP address a subscriber originated from, IP addresses |
Can you delete your data? | Yes |
Third-party sharing policies | No, but might share data among subsidiaries and services used to improve PIA |
Surveillance
Log camera device/ app footage | n/a |
---|---|
Log microphone device/ app | n/a |
Location tracking device/ app | No |
Parental Controls
Are there parental controls? | Nothing beyond the service itself |
---|
Company History
Any security breaches/ surveillance issues in past? | Yes |
---|---|
Did they do anything to fix it? | Yes |
Additional Security Features
Anything like privacy shutters, privacy zones, etc.? | n/a |
---|