Like all VPNs, Tunnelbear must collect some information from users if only to charge them for the service, but they collect as little as possible. They feature strong privacy tools including encryption in transit, at rest, and across all network communications, as well as two-factor authentication. In addition, they have a spotless record of no breaches. A bug bounty program and automatic software updates, though, would’ve increased their score.
Encryption
In Transit |
Yes |
At rest? |
Yes |
All network communications and capabilities? |
Yes |
Security Updates
Automatic, regular software/ firmware updates? |
No |
Product available to use during updates? |
No |
Passwords
Mandatory password? |
Yes |
Two-Factor authentication? |
Yes |
Multi-Factor authentication? |
No |
Vulnerability Management
Privacy Policy
Link |
https://www.tunnelbear.com/privacy-policy |
Specific to device? |
No |
Readable? |
Yes |
What data they log |
Payment info, email, browser version, total data used in a month |
What data they don’t log |
IP addresses, DNS queries, information about the applications, services or websites users use while connected to the service. |
Can you delete your data? |
Yes |
Third-party sharing policies |
Shares with third parties that support for payment and email distribution |
Surveillance
Log camera device/ app footage |
n/a |
Log microphone device/ app |
n/a |
Location tracking device/ app |
No |
Parental Controls
Are there parental controls? |
No |
Company History
Any security breaches/ surveillance issues in past? |
No |
Did they do anything to fix it? |
n/a |
Additional Security Features
Anything like privacy shutters, privacy zones, etc.? |
n/a |