Private Internet Access Privacy Report
Private Internet Access has a high score due to its privacy policy and encryption methods. The VPN doesn’t log users’ web activity or IP addresses, and users can delete their data. However, the VPN lost points due to its lack of regular software updates and multi-factor authentication; only two-factor authentication is available.
Encryption
| In Transit | Yes |
|---|---|
| At rest? | Yes |
| All network communications and capabilities? | Yes |
Security Updates
| Automatic, regular software/ firmware updates? | No |
|---|---|
| Product available to use during updates? | No |
Passwords
| Mandatory password? | Yes |
|---|---|
| Two-Factor authentication? | Yes, but must opt in |
| Multi-Factor authentication? | No |
Vulnerability Management
| Point of contact for reporting vulnerabilities? | security@privateinternetaccess.com |
|---|---|
| Bug bounty program? | Yes |
Privacy Policy
| Link | https://www.privateinternetaccess.com/pages/privacy-policy/ |
|---|---|
| Specific to device? | No |
| Readable? | Yes |
| What data they log | Payment method, login ID, date, time of registration, email address, payment data, cookies, state and zipcode |
| What data they don’t log | Metadata logs regarding when a subscriber accesses the VPN service, how long a subscriber’s use was, and what IP address a subscriber originated from, IP addresses |
| Can you delete your data? | Yes |
| Third-party sharing policies | No, but might share data among subsidiaries and services used to improve PIA |
Surveillance
| Log camera device/ app footage | n/a |
|---|---|
| Log microphone device/ app | n/a |
| Location tracking device/ app | No |
Parental Controls
| Are there parental controls? | Nothing beyond the service itself |
|---|
Company History
| Any security breaches/ surveillance issues in past? | Yes |
|---|---|
| Did they do anything to fix it? | Yes |
Additional Security Features
| Anything like privacy shutters, privacy zones, etc.? | n/a |
|---|