What Do VPNs Collect at Sign Up? How Is Your Data Used? 57 VPNs Reviewed

The software market is overflowing with virtual private network services, and it can be challenging to find the right VPN for you. It comes down to security, speed, and trust.

The last part is particularly important because any VPN provider can make big promises, but few are able to uphold them. Many VPNs say it loud and proud that they can protect your online privacy and anonymity. But that does not always happen.

In this article, we are taking a look at VPN providers to see what type of information they collect about you during registration and what they need it for. We also recommend checking out the best VPN services of this year, which we compared by taking multiple aspects into account, including the logging policy.

Check out the very long list of topics below (click to jump).

• VPN presentation vs. privacy policy
• Types of user identifiable information
  • 1. Personally identifiable information
  • 2. Non-personally identifiable information
• What type of data is collected by VPNs?
  • Browser info
  • Email address
  • Password (encrypted)
  • Payment data
    • Anonymous payments
    • Non-anonymous payments
    • About third-party payment processors
  • Other information
• VPN jurisdiction and logging policy
• A Note About Other Payment Methods and Their Availability in Different Countries
• 32 Out of 57 VPNs Keep Your Identity Secret While Purchasing a Subscription
• 25 Out of 57 VPNs Do Not Keep Your Identity Secret While Purchasing a Subscription
• 57 VPN privacy policies reviewed
  • 1. ExpressVPN
  • 2. NordVPN
  • 3. IVPN
  • 4. CyberGhost VPN
  • 5. Mullvad VPN
  • 6. Surfshark
  • 7. Private Internet Access
  • 8. VPNArea
  • 9. Ivacy
  • 10. SaferVPN
  • 11. Hotspot Shield
  • 12. VPNSecure
  • 13. Speedify
  • 14. PrivateVPN
  • 15. StrongVPN
  • 16. FastestVPN
  • 17. CactusVPN
  • 18. FrootVPN
  • 19. tigerVPN
  • 20. Avast SecureLine VPN
  • 21. VyprVPN
  • 22. Namecheap VPN
  • 23. TunnelBear
  • 24. IPVanish
  • 25. VeePN
  • 26. ProtonVPN
  • 27. TorGuard
  • 28. ZenMate VPN
  • 29. Hide ALL IP
  • 30. Perfect Privacy VPN
  • 31. AnonymousVPN
  • 32. PureVPN
  • 33. Avira Phantom VPN
  • 34. HideMyAss! VPN
  • 35. SwitchVPN
  • 36. IronSocket
  • 37. F-Secure Freedome VPN
  • 38. Unlocator
  • 39. GOOSE VPN
  • 40. SurfEasy
  • 41. Kaspersky Secure Connection
  • 42. Astrill VPN
  • 43. RUSVPN
  • 44. Encrypt.me
  • 45. VPN Unlimited
  • 46. Getflix
  • 47. BeeVPN
  • 48. Bitdefender Premium VPN
  • 49. BolehVPN
  • 50. BTGuard
  • 51. Hola VPN
  • 52. ibVPN
  • 53. RitaVPN
  • 54. Trust.Zone VPN
  • 55. VPN.AC
  • 56. WARP
  • 57. Windscribe
• In conclusion

VPN Presentation vs. Privacy Policy

If you are concerned about the type of information you share with a VPN provider when purchasing a premium subscription plan, then you have to dig into the matter a little bit. Setting your eyes on the VPN’s homepage and list of features is not enough, because the company can say anything there.

Instead, you should look into the privacy policy or terms of service since these are actual legally-binding documents. Most VPN providers who go through the trouble of explaining how they operate to reveal the exact kind of data they collect when you visit their site, place an order and use their services.

You should pay attention to how the offer is phrased because there are usually distinct conditions for each of the three activities (site, shop, user). But we completely understand how legal and technical terms can be confusing for most casual users. Therefore, we did all the hard work on your behalf and reviewed 57 VPN privacy policies to see what data they collect at sign-up and how they use it.

Types of User Identifiable Information

The truth is that there is no way to sign up for a VPN provider without giving out some details about yourself and your online activities. But it depends on how sensitive the data is. It can be grouped into two categories:

1. Personally identifiable information

Personally identifiable information (PII) represents any kind of data that could be used to target and track down a specific person by pointing them out from a pool of multiple persons. When it comes to VPN, PII represents your email address, home or company address, phone number, or credit card number.

Usually, you are responsible for the PII you provide to your VPN service when signing up since you must enter form data to place an order. Some fields are mandatory, while others are optional. But it becomes a privacy issue if your VPN provider also collects your IP address and/or current location at registration.

2. Non-personally identifiable information

On the other hand, non-personally identifiable information (Non-PII) is wide spectrum information, which cannot be used to find out who you are. It is typically processed automatically by the VPN provider, analytics engine, payment processor, or any other third party employed by the VPN provider to gather necessary for service improvements.

It usually includes browser information, such as the device type, User-Agent, language, referring website, screen resolution, battery charge, date and time of visit, Google Advertising ID, connectivity mode, and mobile service provider.

Non-PII is harmless, especially if there are numerous people using the same VPN service. At the same time, it associates you with a certain pool of Internet users who have identical preferences. This is why it is recommended to reduce your browser fingerprint and help improve your online privacy.

What Type of Data Is Collected by VPNs?

What follows are pieces of information that you must share with your VPN provider in order to obtain a premium subscription. But there are also exceptions, such as personal information that is not actually mandatory but helps a VPN service work against you.  Let us explain why:

Browser info

Usually, automated services gather your browser information to help improve the quality of service.

How it is used:

• Remember past visits and shopping cart items (safe);
• Create better offers tailored for your experience (safe);
• Personalize discounts based on your online activity (safe);
• Automatically set the site language and currency to your location (safe);
• Generate statistics for marketing channels and advertising partners (safe);
• Learns your IP address when you visit the VPN website (not safe);

All VPN providers collect data from your web browser, but it should be harmless. For example, a VPN provider learns your IP address as soon as you visit their site.

You might have noticed that some reveal your true IP address on the top side of the screen, saying that you are not protected. But most of them have common sense and do not store your IP address to their system.

It becomes a privacy breach if the VPN continues to monitor your true IP address after leaving their site, or worse – when connecting to a VPN server to browse the Internet and see the exact sites you are viewing.

Needless to say, you should never use such a service (we cannot call it a virtual private network since it is not private). Nevertheless, sharing your real IP with your VPN is unavoidable when visiting their site unprotected.

Alternate solutions are to join the Tor network, use another VPN service and connect to obfuscated servers to bypass VPN blocks, or use the Tails operating system to hide your IP address when visiting the website.

You should also consider using a public computer from another country or city, or at least another ISP when signing up for a VPN subscription. But it only works if the service does not monitor your IP address when connecting to a server, which means that you are still at the mercy of the VPN provider.

Email address

On rare occasions, your email address is accompanied by a unique username required for logging into your site account, VPN client account, or both.

How it is used:

• Log you in to your premium VPN account (must be paired with a password) – safe;
• Manage your user subscription (safe);
• Identify your account and troubleshoot issues via customer support (safe);
• Recover your forgotten account password (safe);
• Send you service updates and various announcements (safe);
• Send marketing information, including new offers, invitations, and surveys (safe);
• Could share it with law enforcement agencies or DMCA notices (not safe);

In most circumstances, VPN providers do not say that you are not allowed to use an email address with zero information, which could be tied to you. So, if you are a privacy-concerned user, you can create a separate email account using a secure email service, which you will only use to manage your VPN subscription.

Some VPN providers like Perfect Privacy VPN encourage using an anonymous email address.  We have also discovered one service (Unlocator) that silently rejects temporary email addresses.

Password (encrypted)

How is it used:

• Log you into your premium VPN account (must be paired with an email address or username) – safe;
• Make sure that no one else will be able to access your account (safe);

Password protection has to do with online security, not privacy. And, if the password is encrypted, then you will not risk any leaks that could be used to hack into your account, use your VPN to perform illegal activities, or renew your subscription without your consent.

Payment data

How is it used:

• Process your payment to the premium VPN service (safe);
• Issue refunds if you wish to benefit from a money-back guarantee (safe);
• Could share your personal information with other parties or members of the same parent company (not safe);

Essentially, there are two ways to place an order: anonymously and non-anonymously. Additionally, a VPN provider can choose to personally process payments (like Mullvad VPN) or resort to third-party payment processors.

Anonymous payments

Privacy-oriented users should always pick an anonymous payment mode (safe), even if it feels somewhat inconvenient to go through the trouble of setting it up (e.g., not everyone is familiar with cryptocurrencies).

Many VPN services support cryptocurrency payment (like Bitcoin), which does not associate you with the money transfer. Other anonymous payment methods involve gift cards, prepaid cards, vouchers, and cash. For instance, you can buy NordVPN in cash at retail stores.

Non-anonymous payments

On the other hand, non-anonymous payment modes (not safe) involve sharing your personal information with a bank or online banking service, and there is no way to conceal your online identity.

It includes wire transfers, all types of credit cards, and online payment services like Paypal, Amazon Pay, Google Pay, and OneCard, which are linked to your credit cards.

Other payment modes are non-anonymous, too. For example, Alipay requires a password, photo, and mobile phone verification. Mercado Pago needs proof of identity, too.

The following names must be connected with bank accounts in order to work: UnionPay, iDEAL, Klarna, WebMoney, GiroPay, Yandex Money, Swish, PerfectMoney, SOFORT Banking, Skill Wallet, Neteller, FasterPay.

About third-party payment processors

Most VPN providers turn to third-party payment processors, which means that they are not responsible for the behavior of these third parties. Therefore, if you want to know how they manage your payment data, you must check out their own privacy policies or terms of service.

These are also considered non-anonymous payment methods if you must share too much personal information with them. A popular example on this list is Paymentwall. But other third-party payment processors, like BitPay and CoinPayments, are considered safe because they do not ask for too much private data.

Other information

Some VPNs ask for additional information when placing an order, which they obtain from you or automatically. The info can include:

• License key – to activate your premium VPN account (safe);
• Country – to calculate VAT and generate demographics (safe);
• First and last name – to personalize emails (safe);
• Billing info – for accounting purposes (safe);
• Date and time of registration – to keep track of subscriptions (safe);
• Account expiration date – to manage your subscription (safe);
• Subscription renewal date – to manage your subscription (safe);
• Trial user – to manage your subscription (safe);
• Referral or coupon codes – to keep track of affiliates and apply discounts (safe);
• Business customer info – to generate demographics (safe);
• Verified phone number – to prevent spam (not safe);
• Extra info when signing up via social media profiles – for advertising (not safe);

Billing info could also be obtained from third-party payment processors. We marked full names, countries, and billing info as safe for two reasons. Firstly, those fields might be optional, so you can just leave them blank to protect your privacy. Secondly, if the fields are mandatory, there is nothing stopping you from writing whatever you want, unless the VPN service urges you to write accurate information.

But a fake phone number that must be verified is harder to obtain. For example, Astrill VPN requires a verified phone number when you pay with a credit card.

Lastly, if you sign in to a VPN service using a personal social media account, you can rest assured that all your associated information is compromised since all data is synced.

VPN Jurisdiction and Logging Policy

In this list, we also mentioned the jurisdiction of a VPN provider, in addition to its official stand toward data logging. If you are preoccupied with your online privacy when paying for a premium VPN service, then you are surely interested in its overall attitude toward privacy.

Jurisdiction is essential because the country where the VPN company operates must abide by certain laws, like EU data retention legislation. It is legal to use VPN in some countries but illegal in others. In Russia, only VPNs approved by the government are legal. And, if the country is a member of the 5, 9, or 14 Eyes mass surveillance groups, then it is a red flag.

The logging policy is even more important because some virtual private network providers like Mullvad VPN go to great lengths to protect your privacy and compensate for the fact that they are unfortunately based in a country with unsafe jurisdiction (Sweden, in Mullvad’s case).

Moreover, it is one thing to claim zero logs on the site presentation, and it is another to start listing the exact type of collected data in a legally binding document like the privacy policy or terms of service. And, if this information is incomplete or missing from the legal document, it becomes a huge sign that you are better off looking into alternate VPN solutions.

A Note About Other Payment Methods and Their Availability in Different Countries

Before listing the VPNs that provide you with anonymous payment options, it’s worth mentioning that there are quite a few special payment options available in certain cases, such as AliPay, UnionPay, and a few others that are usually provided through the PaymentWall service. In the case of NordVPN, this also applies to PayPal, which is not available in every country.

However, these payment methods won’t be available in every country, which means that you have to check for yourself to see if that’s the case. On the other hand, this does not affect anonymous methods like Bitcoin or other cryptocurrencies, which means that your country of origin should not affect your ability to remain anonymous while paying.

32 Out of 57 VPNs Keep Your Identity Secret While Purchasing a Subscription

The most important thing about keeping your privacy intact while choosing a VPN is to be able to purchase a subscription without giving out too much information in the process. Otherwise, even if you are truly anonymous while actually using the VPN to browse the web, the VPN in question has all the details regarding your true identity, including name, credit card information, and possibly your IP address.

In essence, the best solution is to be able to use Bitcoin, or any other type of cryptocurrency available on the market. While these too can be tracked with enough effort sometimes, it is much harder to do so than if you simply give out your data when you purchase a subscription.

There are other methods that come in handy as well, such as the ability to use gift cards, cash, or a few other services that rely on prepaid cards, which can be purchased anonymously. Thus, we definitely recommend going for a service that offers these possibilities.

Without further ado, here are the VPNs that keep your identity secret while creating an account and purchasing a subscription plan.

• ExpressVPN
• NordVPN
• IVPN
• CyberGhost VPN
• Mullvad
• Surfshark
• Private Internet Access
• VPNArea
• Ivacy
• SaferVPN
• VPNSecure
• PrivateVPN
• FrootVPN
• CactusVPN
• tigerVPN
• VeePN
• TorGuard
• Hide ALL IP
• Perfect Privacy VPN
• PureVPN
• SwitchVPN
• IronSocket
• Astrill VPN
• RUSVPN
• VPN Unlimited
• BeeVPN
• BolehVPN
• BTGuard
• ibVPN
• Trust.Zone VPN
• VPN.AC
• Windscribe

25 Out of 57 VPNs Do Not Keep Your Identity Secret While Purchasing a Subscription

Unfortunately, there are also some VPNs out there that do not really care about your privacy, and which are also quite keen on collecting data about you. Thus, they do not really provide you with a way to pay for a subscription anonymously, which can leave you exposed in case someone tries to track you.

Not only that, but some of these services also take some major liberties when it comes to collecting other types of data, such as IP addresses, device information, as well as a few other types that can lead back to you. This is definitely not what you want to hear from your VPN provider, given the fact that it’s supposed to keep you safe from these kinds of things.

As such, here are the VPNs that do not keep your identity secret during the account creation process:

• Hotspot Shield
• Speedify
• StrongVPN
• FastestVPN
• Avast SecureLine VPN
• VyprVPN
• Namecheap VPN
• TunnelBear
• IPVanish
• ProtonVPN
• ZenMate VPN
• AnonymousVPN
• Avira Phantom VPN
• HideMyAss! VPN
• F-Secure Freedome VPN
• Unlocator
• GOOSE VPN
• SurfEasy
• Getflix
• Kaspersky Secure Connection
• Encrypt.me
• Bitdefender Premium VPN
• Hola VPN
• RitaVPN
• WARP

57 VPN Privacy Policies Reviewed

Without further ado, here are the 57 virtual private network providers we took into account when checking their privacy policy to find out what type of data they collect at registration.

What we mentioned:

• Where the VPN company is located to determine whether or not it comes with a safe jurisdiction;
• The logging policy presented on the VPN site vs. legal meaning in the privacy policy and/or terms of use;
• Any controversies or signs of troubled history we found in our research;
• What data is collected at sign-up + anonymous payment methods (if any);
• Our tips for privacy-concerned users;

1. ExpressVPN (privacy policy, last update unspecified)

The company behind ExpressVPN is based in the British Virgin Islands (safe jurisdiction). It specifically mentions that it does not sell your personal information to third parties.

Here are the three types of information it collects about users when they sign up:

• Email address (safe)
• Encrypted password (safe)
• First and last name (required only for Credit Card payments, not safe)
• Payment mode
  • Credit cards (not safe)
  • PayPal (not safe)
  • Bitcoin (safe)
  • Others through Paymentwall
    • Alipay (not safe)
    • UnionPay (not safe)
    • iDEAL (not safe)
    • WebMoney (not safe)
    • Giropay (not safe)
    • Yandex Money (not safe)
    • Qiwi Wallet (safe with prepaid cards)
    • Mercado Pago (not safe)
    • OneCard (not safe)
    • Mint (safe with prepaid cards)

Our privacy tip: To remain anonymous when signing up for ExpressVPN, you can pay with Bitcoin or prepaid cards using Qiwi Wallet or Mint. When the company was requested to help in an assassination investigation, it disclosed that it did not have user logs to share.

2. NordVPN (privacy policy, last updated on January 22, 2019)

NordVPN is located in Panama (safe jurisdiction). It guarantees a strict no-logging policy and that it does not pass your data to third parties. However, it stores your info for 2 years after you stop using its services.

The VPN provider gathers three kinds of information at sign-up:

• Email address (safe)
• Encrypted password (safe)
• First and last name (required only for Credit Card payments, not safe)
• Payment data
  • Credit cards (not safe)
  • Amazon Pay (not safe)
  • Cryptocurrencies through CoinPayments (safe)
  • Cash in retail stores (safe)

Our privacy tip: You can protect your anonymity when signing up for NordVPN by paying with crypto or by purchasing the security box in cash at retail stores. The VPN service was hacked earlier in 2019, but customer data was not affected.

3. IVPN (privacy policy, last update unspecified)

Based in Gibraltar (safe jurisdiction), IVPN adopts a logless policy. It says that it collects the minimum amount of user information during registration, and it is continuously looking into ways to reduce personal footprint.

Here is what it collects about you at registration:

• Email address (safe)
• Encrypted password (safe)
• First and last name (required only for Credit Card payments, not safe)
• Payment details
  • Credit cards (not safe)
  • Paypal  (not safe)
  • Bitcoin through BTCPay (safe)
  • Cash (safe)

Our privacy tip: To keep your anonymity intact when getting an IVPN subscription plan, you can pay in crypto through BTCPay or CoinPayments.

4. CyberGhost VPN (privacy policy, last updated on December 19, 2019)

CyberGhost VPN officially operates in Romania (safe jurisdiction), but it is owned by an Israeli company with a troubling past. In its privacy policy, it says that it is 100% committed to a no-logs policy. It also mentions that it does not share your personal information with third parties.

This is the information it collects about you at sign-up:

• Email address (safe)
• Encrypted password (safe)
• First and last name (required only for Credit Card payments, not safe)
• Payment data
  • Credit cards (not safe)
  • Paypal  (not safe)
  • Bitcoin through BitPay (safe)

Our privacy tip: To remain anonymous when signing up for CyberGhost VPN, make sure to pay with Bitcoin.

5. Mullvad VPN (privacy policy, last updated on December 3, 2019)

Mullvad VPN is based in Sweden (member of 14 Eyes, not safe). It begins its privacy policy by saying it does not keep activity logs of any kind. The company is extremely transparent about how it handles registrations and how it processes payments.

This is what it stores when you sign up for a premium account:

• Account number (safe)
• First and last name (required only for Credit Card payments, not safe)
• Payment info
  • Credit cards (not safe)
  • Paypal  (not safe)
  • Bank wire (not safe)
  • Swish (not safe)
  • Bitcoin (safe)
  • Bitcoin cash (safe)
  • Cash (safe)
  • Voucher (safe)

Our privacy tip: To compensate for the fact that Sweden has mandatory data retention laws and to earn the trust of their users, Mullvad VPN adopts a unique approach to protect your privacy by default during registration: it generates a random account number. You need only this number to renew your subscription plan and log into your account, without an email address or password. Nevertheless, we still recommend maximizing your privacy by opting for a safe payment method using Bitcoin, Bitcoin Cash, cash, or a voucher.

6. Surfshark (privacy policy, last updated on August 22, 2019)

Based in the British Virgin Islands (safe jurisdiction), the company behind Surfshark says that it does not sell or trade your data with anyone. It comes with a no-logging policy.

Here is what it collects when you register for a premium account:

• Email address (safe)
• Encrypted password (safe)
• First and last name (required only for Credit Card payments, not safe)
• Payment data
  • Credit cards (not safe)
  • Paypal (not safe)
  • Google Pay (not safe)
  • Amazon Pay (not safe)
  • Cryptocurrency through CoinGate or CoinPayments (safe)

Our privacy tip: You can keep your identity safe by using cryptocurrency to pay for a Surfshark subscription plan.

7. Private Internet Access (privacy policy, last updated on May 30, 2018)

Although it is located in the United States (member of the 5 Eyes, not safe), Private Internet Access comes with a no-logging policy. It keeps all account information until you specifically request to be removed from their database after no longer using their product.

However, when this happens, the company does not delete information about your activity but only removes your association with your information. This is what it collects during registration:

• Email address (safe)
• Encrypted password (safe)
• First and last name (required only for Credit Card payments, not safe)
• Payment data
  • Credit cards (not safe)
  • Paypal (not safe)
  • Amazon Pay (not safe)
  • Bitcoin (safe)
  • Bitcoin cash (safe)
  • Zcash (safe)
  • Zcash z-address (safe)
  • Etherum (safe)
  • Litecoin (safe)
  • BEAM (not safe)
  • Bitpay (safe)
  • Mint (safe with prepaid cards)
  • Gift cards through cash (safe)

Our privacy tip: To hide your identity during registration, make sure to pay for a subscription plan to Private Internet Access using Bitcoin, Bitcoin cash, Zcash, a Zcash z-address, Etherum, Litecoin, Bitpay, Mint, and prepaid gift cards.

8. VPNArea (privacy policy, last updated on May 25, 2018)

Operating in Bulgaria (safe jurisdiction), VPNArea comes with a zero-logging policy and says that it does not sell or disclose your personal information with others.

Here is what it collects when you sign up for a premium account:

• Email address (safe)
• Username (safe)
• Encrypted password (safe)
• Country (to calculate VAT, safe)
• First and last name (required only for Credit Card payments, not safe)
• Payment info
  • Credit cards (not safe)
  • Paypal (not safe)
  • Bitcoin (safe)
  • Ethereum (safe)
  • Others through Paymentwall
    • Alipay (not safe)
    • Giropay (not safe)
    • WebMoney (not safe)
    • Bank transfer (not safe)

Our privacy tip: The only way to remain anonymous when signing up for a VPNArea subscription plan is by paying with Bitcoin.

9. Ivacy (privacy policy, last update unspecified)

The VPN provider is located in Singapore (supporter of the Eyes alliances, not safe). But Ivacy claims to have strict rules against logging or monitoring information related to your VPN activity.

This is what it requests at registration:

• Name (safe)
• Email address (safe)
• Encrypted password (safe)
• First and last name (required only for Credit Card payments, not safe)
• Payment details
  • Credit cards (not safe)
  • Paypal (not safe)
  • BitPay (safe)
  • Alipay (not safe)
  • PerfectMoney (not safe)
  • Others through Paymentwall
    • Alipay (not safe)
    • Mobiamo (not safe)
    • Mint (safe)
  • Cryptocurrencies through CoinPayments (safe)

Our privacy tip: To protect your anonymity from the VPN provider, make sure to buy a subscription plan using BitPay, Mint, or cryptocurrencies.

10. SaferVPN (privacy policy, last updated on December 11, 2019)

SaferVPN operates in Israel, a country that supports the Eyes mass surveillance groups (not safe). Even so, the VPN provider guarantees that it will never log your browsing activity, IP addresses or other data.

This is what it collects at sign-up:

• Email address (safe)
• Encrypted password (safe)
• First and last name (required only for Credit Card payments, not safe)
• Payment data
  • Credit cards (not safe)
  • Paypal (not safe)
  • Cryptocurrencies through CoinGate (safe)

Our privacy tip: The only way to keep your anonymity intact during registration is by paying with cryptocurrencies.

11. Hotspot Shield (privacy policy, last updated on January 1, 2020)

Although it is based in the United States (member of 5 Eyes, not safe), Hotspot Shield takes a no-logging approach. Here is what type of data it collects during registration:

• Email address (safe)
• Encrypted password (safe)
• First and last name (required only for Credit Card payments, not safe)
• Payment data
  • Credit cards (not safe)
  • Paypal (not safe)

Our privacy tip: Unfortunately, it is impossible to protect your identity when signing up for Hotspot Shield since it does not offer any anonymous payment methods. It also collects personal information from third-party processors. Coupled with the fact that the United States shares its information with other 5 Eyes members, it is quite dangerous to use this VPN service as far as your data privacy is concerned. In 2018, a security researcher discovered a bug that caused user data leaks, including country and Wi-Fi network name. Furthermore, the Center for Democracy & Technology issued a press release in 2017, where it pointed out some facts about Hotspot Shield’s misleading privacy policy.

12. VPNSecure (terms of service, last update unspecified)

The company that owns VPNSecure is based in Hong Kong (safe jurisdiction). It actually moved from Australia due to an encryption busting law, and it adopts a no-logging policy.

This is what type of information it collects at sign-up:

• Email address (safe)
• Username (safe)
• Encrypted password (safe)
• First and last name (required only for Credit Card payments, not safe)
• Payment data
  • Credit cards (not safe)
  • Paypal (not safe)
  • Cryptocurrencies through CoinPayments (safe)
  • PerfectMoney (not safe)
  • Mint prepaid cards through Paymentwall (safe)

Our privacy tip: The fact that VPNSecure decided to move its base from Australia as soon as the anti-encryption law passed shows how committed it is to protecting user privacy. Nevertheless, you can do more to protect your anonymity at registration by paying for a VPN subscription plan using cryptocurrencies or Mint prepaid cards.

13. Speedify (privacy policy, last updated on March 20, 2020)

Speedify operates in the United States (member of the 5 Eyes, not safe). Although it advocates against logging your VPN activity, IP addresses, or visited websites, a close inspection of its privacy policy reveals that it basically collects whatever it can.

This is the kind of data it gathers from you at registration:

• Email address (safe)
• Encrypted password (safe)
• Name (not safe, auto-collected from Fastspring)
• Phone number (not safe, auto-collected from Fastspring)
• Personal address (not safe, auto-collected from Fastspring)
• Company name (not safe, auto-collected from Fastspring)
• Payment data
  • Credit cards (not safe)
  • Paypal (not safe)

Our privacy tip: Speedify’s privacy policy says that it receives all contact info processed through the Fastspring store when you pay with a credit card or Paypal. This includes your name, phone number, the email address associated with your Paypal account, home address, and company name associated with the credit card. There is no way to make anonymous payments to Speedify. Adding the fact that it is based in the United States forces privacy-concerned users to steer away from this VPN service.

14. PrivateVPN (privacy policy, last updated on February 23, 2019)

Located in Sweden (member of 14 Eyes, not safe), PrivateVPN says that it does not collect or log any traffic when using its service. But it also says that it sometimes shares site usage data with third-party services for general improvements.

Marketing purposes are explicitly excluded, but your data is still being shared with others to some degree, and it does not exactly explain how.

This is what PrivateVPN collects about you when you sign up:

• Email address (safe)
• Username (safe)
• Encrypted password (safe)
• First and last name (required only for Credit Card payments, not safe)
• Payment data
  • Credit cards (not safe)
  • Paypal (not safe)
  • Bitcoin (safe)

Our privacy tip: PrivateVPN comes with a questionable logging policy. Nevertheless, you can help improve your anonymity by paying for a subscription plan with Bitcoin.

15. StrongVPN (privacy policy, last updated on February 10, 2020)

The company that operates StrongVPN is located in the United States (member of the 5 Eyes, not safe). Its privacy policy explicitly says that it is a zero-logging VPN service, does not sell your data to third parties, and the only information it collects is the one you provide at registration:

• Email address (safe)
• Encrypted password (safe)
• Full name (not safe, when paying with a credit card)
• Credit card details (not safe, when paying with a credit card)
• Billing address (not safe, when paying with a credit card)
• Payment methods
  • Credit cards (not safe)
  • Paypal (not safe)
  • Alipay (not safe)

Our privacy tip: Sadly, we must give a poor review to StrongVPN due to the way it approaches privacy during registration. There is no way to make anonymous payments and protect your online identity from the VPN provider. To make matters worse, the United States is against net neutrality.

16. FastestVPN (privacy policy, last updated on August 19, 2019)

FastestVPN is located in the Cayman Islands (safe jurisdiction) and claims that it does not store any logs. But the privacy policy does not include as much information as other VPN providers on this list.

It says that it removes your email address from their database as soon as you stop using their service. FastestVPN also mentions that it uses analytics and live chat tools but does not mention what information it shares with these third parties.

Here is what it collects during registration:

• Email address (safe)
• Encrypted password (safe)
• First and last name (required only for Credit Card payments, not safe)
• Payment data
  • Credit cards (not safe)
  • Paypal (not safe)

Our privacy tip: Unfortunately, it is not possible to protect your identity from FastestVPN by making anonymous payments.

17. CactusVPN (terms of service, last update unspecified)

CactusVPN is based in Moldova (safe jurisdiction) and guarantees a no-logs policy for its service, as well as the fact that it will not share your data with a third party.

At the same time, the privacy policy says that it may send personally identifiable information about you to third parties in certain events, so the two statements are contradictory.

It also rejects orders from proxy or VPN IP addresses, making it quite difficult to remain anonymous when previously concealing your identity to visit the CactusVPN site. All of this results in a questionable logging policy that risks the privacy of users.

Here is what the VPN service collects during registration:

• Email address (safe)
• Encrypted password (safe)
• Country + state for Canada (not safe)
• City, address, ZIP code, full name from credit cards (not safe)
• Payment data
  • Credit cards (not safe)
  • Paypal (not safe)
  • Cryptocurrency through CoinGate (safe)
  • Others through PayPro (not safe). Note: At the time of writing this article, the PayPro option does not work as intended.

Our privacy tip: The only way to protect your privacy while registering for CactusVPN is to pay with cryptocurrency.

18. FrootVPN (privacy policy, last update unspecified)

Located in Seychelles (safe jurisdiction), FrootVPN is committed to protecting your online privacy and adopts a no-logging policy. Moreover, it says that it will never save personal information obtained from your payment data.

Here is what it collects about you during sign-up:

• Email address (safe)
• Username (safe)
• Encrypted password (safe)
• Payment data
  • Credit cards (not safe)
  • Paypal (not safe)
  • Bitcoin, Bitcoin Cash, Etherum, or others through Bitpay (safe)
  • PerfectMoney (not safe)

Our privacy tip: To remain anonymous when signing up for FrootVPN, we recommend paying with cryptocurrency, Bitcoin, Bitcoin Cash, or Etherum.

19. tigerVPN (privacy policy, last updated on May 24, 2018)

The company that operates tigerVPN resides in Slovakia (safe jurisdiction). It features a zero-logging policy and promises to not sell, share or give away your data to third parties.

The privacy policy mentions that it uses your IP address at the time of the order, which necessary to determine your country and calculate VAT. After the order, it erases your IP address from its database but retains the country for accounting and tax purposes. The VPN service is not against using fake or disposable email addresses.

This is the type of data is stores about your at registration:

• Email address (safe)
• Encrypted password (safe)
• Country (not safe, to calculate VAT)
• First and last name (required only for Credit Card payments, not safe)
• Payment information
  • Credit cards (not safe)
  • Paypal (not safe)
  • Bitcoin (safe)
  • Mobiamo through Paymentwall (not safe)
  • Mint through Paymentwall (safe)
  • License code (safe)

Our privacy tip: If you want to protect your privacy when registering for tigerVPN, make sure to select the Bitcoin, Mint, or license code payment mode at checkout.

20. Avast SecureLine VPN (privacy policy, last updated on February 3, 2020)

Located in the Czech Republic (safe jurisdiction), Avast SecureLine VPN advertises itself as a no-logs virtual private network service. Here is what it collects about you at sign-up:

• Email address (safe)
• Username (safe)
• Encrypted password (safe)
• License key (safe)
• Subscription renewal date (safe)
• Trial user (safe)
• Date of expiration (safe)
• Billing Address (not safe)
• IP address (not safe)
• Phone number (not safe)
• First and last name (required only for Credit Card payments, not safe)
• Payment information
  • Credit cards (not safe)
  • Paypal (not safe)

Our privacy tip: To the disappointment of privacy-concerned individuals, Avast SecureLine VPN does not offer an anonymous payment method. In addition, the registration and payment process may require too much personal information in some cases.

21. VyprVPN (privacy policy, last updated on November 26, 2018)

VyprVPN is located in Switzerland (safe jurisdiction) and claims to be a zero-log virtual private network service that does not record or retain any personal data about your VPN activities.

This is what it collects about you when you register for a subscription plan:

• Email address (safe)
• Encrypted password (safe)
• Billing country + postal code (not safe)
• First and last name (required only for Credit Card payments, not safe)
• Payment information
  • Credit cards (not safe)
  • Paypal (not safe)
  • UnionPay (not safe)

Our privacy tip: Although the company’s country has safe jurisdiction, there is no way to protect your privacy by making anonymous payments. Moreover, VyprVPN asks for too much personal information at sign-up.

22. Namecheap VPN (privacy policy and terms of use, last update unspecified)

The company that owns Namecheap VPN is based in the United States (member of the 5 Eyes, not safe). On the homepage, it says that it does not collect traffic logs with data and browsing history.

However, if you take a look at its privacy policy, you will see that it does log and share activity details with third parties, except for personally identifiable info. It does little to clarify what personally identifiable information means, so it does not help build its case as a strong pro-privacy VPN tool.

Here is what it collects during sign-up:

• Email address (safe)
• Username (safe)
• Encrypted password (safe)
• First + last name (not safe)
• Address from payment mode (not safe)
• Phone number from payment mode (not safe)
• Fax number from payment mode (not safe)
• Billing information from payment mode (not safe)
• IP address (not safe)
• Payment details
  • Credit cards (not safe)
  • Paypal (not safe)
  • Namecheap Account Funds (not safe)

Our privacy tip: Unfortunately, Namecheap VPN has a questionable logging policy and the downside of residing in the United States, which is against net neutrality. On top of that, it does not offer an anonymous payment method, making it impossible to retain your anonymity at VPN registration.

23. TunnelBear (privacy policy, last updated on January 06, 2020)

TunnelBear operates in Canada, but the company was acquired by McAfee, which is located in the United States. Both countries are members of the 5 Eyes, which is definitely not safe.

On the bright side, it has a no-logging policy and agrees to never sell your data to third parties. It shows the exact data format it collects about free and paying customers.

Here is what it collects about you at registration:

• Email address (safe)
• Encrypted password (safe)
• First and last name (required only for Credit Card payments, not safe)
• Payment details
  • Credit cards (not safe)

Our privacy tip: TunnelBear offers only credit card payments, which means that there’s now way to remain anonymous while signing up for their services.

24. IPVanish (privacy policy, last updated on December 17, 2019)

Based in the United States (member of the 5 Eyes, not safe), IPVanish presents itself as a zero-logs virtual private network service provider. It says that it will not sell or rent your personal information with third parties, regardless of circumstances.

This is what it collects about you during registration:

• Email address (safe)
• Encrypted password (safe)
• First and last name (required only for Credit Card payments, not safe)
• Payment details
  • Credit cards (not safe)
  • Paypal (not safe)

Our privacy tip: Concerning is not only that the United States is against net neutrality and pro data retention, but also that IPVanish does not provide you with any anonymous payment options. Thus, it is not possible to protect your online identity when signing up for this VPN service. In 2016, IPVanish helped Homeland Security track down a suspect by sharing all related data, including name, email address, real IP address, and connection timestamps, although the company had a zero-logging policy at the time, too.

25. VeePN (privacy policy and terms of service, last update unspecified)

Located in the United States (member of the 5 Eyes, not safe), VeePN commits itself to protect your privacy by promising not to monitor and collect any activity or connection logs.

Here is what it gathers about you at sign-up:

• Email address (safe)
• Encrypted password (safe)
• First and last name (required only for Credit Card payments, not safe)
• Payment details
  • Credit cards (not safe)
  • Paypal (not safe)
  • Paymentwall
    • Alipay (not safe)
    • MINT (safe with prepaid)
    • Neosurf (safe with prepaid)
    • WebMoney (not safe)
    • Giropay (not safe)
    • iDEAL (not safe)
    • SOFORT Banking (not safe)
  • Cryptocurrencies through CoinPayments (safe)

Our privacy tip: To remain anonymous when signing up for a subscription plan to VeePN, select the cryptocurrency payment method at checkout.

26. ProtonVPN (privacy policy, last updated on March 11, 2020)

The company behind ProtonVPN resides in Switzerland (safe jurisdiction) and dedicates itself to protecting your privacy. It prides itself in being a no-logs VPN service that does not share your personal data with third parties.

This is what ProtonVPN collects during registration:

• Email address (safe)
• Username (safe)
• Encrypted password (safe)
• First and last name (required only for Credit Card payments, not safe)
• Payment details
  • Credit cards (not safe)
  • Paypal (not safe)
  • Cash (not safe, only for existing customers)
  • Bitcoin (not safe, only for existing customers)

Our privacy tip: The privacy policy of ProtonVPN mentions Bitcoin and anonymous payment methods, but these options become available only after making an initial purchase with a credit card or Paypal. Therefore, it is redundant. In the current form, it is not possible to retain your privacy when buying a subscription plan for this virtual private network service.

27. TorGuard (privacy policy, last update unspecified)

The company that owns TorGuard is based in the United States (member of the 5 Eyes, not safe). It claims that it does not collect or log any data from its virtual private network service.

It will show you the exact personal info it has stored on you, and you can request to modify or remove it from their database. Also, it does not share your information with third parties unless it is required by law. At checkout, it displays a message saying that your order might not be processed if you are connected to a VPN, making it difficult to conceal your identity.

Here is the personal information it collects about you at registration:

• Email address (safe)
• Date and time of sign-up (safe)
• Username (safe)
• Encrypted password (safe)
• First and last name (required only for Credit Card payments, not safe)
• Payment details
  • Credit cards (not safe)
  • Paypal (not safe)
  • Bitcoin (safe)
  • Litecoin (safe)
  • CoinPayments (safe)
  • Gift card (safe)
  • Amazon Pay (not safe)
  • Alipay through Paymentwall (not safe)
  • Mint through Paymentwall (safe)

Our privacy tip: To enhance your online anonymity, make sure to select the Bitcoin, Litecoin, CoinPayments, Mint, or gift card option at checkout.

28. ZenMate VPN (privacy policy, last updated on November 21, 2019)

ZenMate VPN operates under the Germany jurisdiction (member of the 14 Eyes, not safe). But it was acquired by the same Israeli company with a troubling history that currently owns CyberGhost VPN.

Most VPN services have a straightforward link to their privacy policies on the homepage, but the one of ZenMate VPN is a bit harder to find. Only the German document is legally binding, so the English translations (even the ones made by the company) are legally irrelevant.

Even so, the VPN provider claims a 100% guaranteed no-log policy. Here is the personal information it collects at registration:

• Email address (safe)
• Encrypted password (safe)
• First and last name (required only for Credit Card payments, not safe)
• Payment details
  • Credit cards (not safe)
  • Paypal (not safe)

Our privacy tip: Unfortunately, ZenMate VPN hits too many wrong notes from the start: jurisdiction, suspicious logging policy, and no anonymous payment methods. It is not possible for users to protect their anonymity when using this VPN service.

29. Hide ALL IP (privacy policy, last update unspecified)

Located in Hong Kong (safe jurisdiction), Hide ALL IP has a 250-word privacy policy that says nothing about the logging policy aside from the fact that the company commits to protecting the privacy of site visitors (no mention about VPN users, though).

A quick trip to the FAQ page reveals that Hide ALL IP claims to be 100% anonymous and that it does not keep any logs, which still does not clarify things and mentions nothing about sharing your data with third parties. Besides, the FAQ page is not legally binding, anyway.

Here is what the VPN service collects about you during registration:

• Email address (safe)
• All billing info made with non-anonymous payments (not safe)
• Payment details
  • Credit cards (not safe)
  • Paypal (not safe)
  • Bank transfer (not safe)
  • UnionPay (not safe)
  • Skrill Wallet (not safe)
  • Neteller (not safe)
  • Bitcoin (safe). Note: In order to pay with Bitcoin, you will have to contact support, since there is no readily available payment option in the sign-up screen.

Our privacy tip: It is impossible to take the privacy policy of Hide ALL IP serious when it says so little about how the virtual private network service operates, especially when the company refers to it as “comprehensive.” It is also worrying that it says the VPN provider has access to all processed order data. On the plus side, you can protect your identity by contacting the website to request a BTC receive address for Bitcoin anonymous payments.

30. Perfect Privacy VPN (privacy policy, last updated on June 7, 2018)

The company that operates Perfect Privacy VPN resides in Switzerland (safe jurisdiction). It prides itself with a no-logging policy, saying that it is technically impossible to share such data with third parties.

Its terms of service also mention that anonymous email providers are allowed at registration, which is a welcome bonus for privacy-concerned users. Only the German version of the privacy policy has legal value.

Here is what the VPN service collects at sign-up:

• Email address (safe)
• Username (safe)
• Encrypted password (safe)
• Account expiration date (safe)
• First and last name (required only for Credit Card payments, not safe)
• Payment details
  • Credit cards (not safe)
  • Paypal (not safe)
  • Others through BitPay
    • Bitcoin (safe)
    • Bitcoin Cash (safe)
  • Others through Paymentwall
    • Mint prepaid cards (safe)
    • Neosurf prepaid cards (safe)
    • Alipay (not safe)

Our privacy tip: To retain your anonymity when purchasing a subscription plan to Perfect Privacy VPN, make sure to select the Bitcoin, Bitcoin Cash, Mint, or Neosurf payment method at checkout.

31. AnonymousVPN (privacy policy, last updated on May 29, 2018)

Based in Seychelles (safe jurisdiction), AnonymousVPN claims that it is dead serious about storing no logs of your online activity so that it has nothing to share with the government.

It stores whatever personal information it collects about you for as long as the company needs it (unspecified duration). However, you can send an email and request to be removed from their database.

Here is the type of information it collects about you during registration:

• Email address (safe)
• Encrypted password (safe)
• First and last name (required only for Credit Card payments, not safe)
• Payment details
  • Credit cards (not safe)

Our privacy tip: It is a bit ironic that the virtual private network service is called AnonymousVPN since there is no way to protect your online privacy by using any other payment method than credit cards when subscribing.

32. PureVPN (privacy policy, last updated on August 31, 2019)

Located in Hong Kong (safe jurisdiction), PureVPN claims that it does not keep any logs that can identify or help monitor your activity so that it cannot share your information with law enforcement.

Nevertheless, we cannot overlook the fact that PureVPN’s logs helped the FBI track down an alleged Internet stalker, although the company claimed a no-logging policy at the time as well.

Here is what information it collects when you sign up:

• Email address (safe)
• Name (safe)
• Encrypted password (safe)
• First and last name (required only for Credit Card payments, not safe)
• Payment details
  • Credit cards (not safe)
  • Paypal (not safe)
  • Alipay (not safe)
  • Others through BlueSnap
    • Skrill (not safe)
    • eNETS (not safe)
    • UnionPay
  • Others through PaymentWall
    • WebMoney (not safe)
    • iDEAL (not safe)
    • GiroPay (not safe)
    • Mint prepaid cards (safe)
  • Gift cards through PayGarden (safe)
  • Cryptocurrencies through CoinGate (safe)

Our privacy tip: The company’s logging policy remains questionable due to its history. But you can remain anonymous when subscribing for the PureVPN service by selecting the Mint, gift card, or cryptocurrency payment method at checkout.

33. Avira Phantom VPN (privacy policy, terms of use last updated on December 11, 2019, September 17, 2013)

The company that operates Avira Phantom VPN is in Germany (member of the 14 Eyes, not safe). It has an 85-word logging policy that does not say anything specific about the VPN service. However, the terms of use mention that Avira “may” collect what basically translates to all personally identifiable information, including IP address, name, credit card info, and phone number.

It might not apply to Phantom VPN because the terms of service were last updated in 2013 before Phantom VPN was even conceived. Nevertheless, it’s Avira’s own fault for not creating a separate privacy policy for its VPN service, so we have no other choice than accept what the terms of use say.

Here is what it collects at registration:

• Email address (safe)
• Encrypted password (safe)
• IP address (not safe)
• Name (not safe)
• Credit card info (not safe)
• Phone number (not safe)
• Payment details
  • Credit cards (not safe)
  • Paypal (not safe)

Our privacy tip: Unfortunately, Avira Phantom VPN does not offer an anonymous payment method, making it impossible to users to protect their online privacy when signing up for a subscription plan. Not only that, but they also play pretty fast and loose with your sign up data.

34. HideMyAss! VPN (privacy policy, last updated on May 23, 2019)

Located in the United Kingdom (member of the 5 Eyes, not safe), HideMyAss! VPN says that it does not collect your IP address, DNS requests, used applications or online services, nor visited websites.

But it does store some information for 30 days, including your VPN IP addresses, connection timestamps, and the subnet of your true IP address. It also retains your billing data for up to 10 years after you stop using their VPN service (even longer than that, in certain scenarios).

It is also worth noting that the company that owns HideMyAss! VPN also owns Avast SecureLine VPN, and the privacy policy discloses that it may share information with other members of the same company.

This is the data it gathers about you at sign-up:

• Email address (safe)
• Paypal email address (not safe)
• Username (safe)
• Encrypted password (safe)
• Home address from billing data (not safe)
• Country (not safe)
• License key (safe)
• Subscription renewal date (safe)
• Trial user (safe)
• Payment details
  • Credit cards (not safe)
  • Paypal (not safe)

Our privacy tip: Regrettably, it is not possible to purchase a HideMyAss! VPN subscription plan using an anonymous payment method. Therefore, users cannot protect their privacy at registration.

35. SwitchVPN (privacy policy, last updated on June 5, 2019)

SwitchVPN operates in the United States (member of the 5 Eyes, not safe). It promotes itself as a truly anonymous VPN that does not collect or log any VPN traffic. The privacy policy does not go into too many details, though.

Here is what it collects about you when signing up:

• Email address (safe)
• Username (safe)
• Encrypted password (safe)
• First and last name (optional, safe)
• Country (not safe)
• Postal code (optional, safe)
• Payment information
  • Credit cards (not safe)
  • Paypal (not safe)
  • Alipay (not safe)
  • Bitcoin (safe)

Our privacy tip: The only way to protect your online privacy while signing up for a SwitchVPN account is to select the Bitcoin payment method at checkout.

36. IronSocket (privacy policy, last updated on August 8, 2014)

Based in Hong Kong (safe jurisdiction), IronSocket claims that it does not collect any activity logs, including traffic, file transfers, and DNS.  It also says that it does not sell or trade your information for commercial purposes. However, the privacy policy has not been updated for a long time.

If you want to see what info it has on you, you might have to pay a $20 fee. Furthermore, it does not specify what data it collects from third-party payment processors.

This is the kind of data we know for sure that it gathers at registration:

• Email address (safe)
• Username (safe)
• Encrypted password (safe)
• Referral or coupon codes (safe)
• Subscription choice details (safe)
• First and last name (required only for Credit Card payments, not safe)
• Payment information
  • Credit cards (not safe)
  • Paypal (not safe)
  • Bitcoin, Bitcoin Cash or Etherum through BitPay (safe)
  • Gift cards through PayGarden (safe)

Our privacy tip: To keep your online identity anonymous when signing up for an IronSocket subscription plan, make sure to select any BitPay option or the gift card payment mode at checkout.

37. F-Secure Freedome VPN (privacy policy, last updated on February 2019)

Operating in Finland (safe jurisdiction), F-Secure Freedome VPN advertises itself as a VPN online privacy app that respects your right to privacy. At the same time, the terms of use disclose that the VPN service retains temporary logs for 90 days with various info, including your device ID, public IP address, and hostname.

The company will also share your information to help authorities in case of court orders and lawful warrants. Here is what it collects at registration:

• Email address (safe)
• Encrypted password (safe)
• Business customer info (optional, safe)
• Subscription code (safe)
• IP address (not safe)
• Country (not safe)
• Zip/Postal Code (not safe)
• First and last name (not safe)
• Payment information
  • Credit cards (not safe)
  • Paypal (not safe)
  • Wire Transfer (not safe)

Our privacy tip: Unfortunately, F-Secure Freedome VPN does not provide you with any anonymous payment options, which means that you have to provide your personal info in order to get a subscription.

38. Unlocator (privacy policy, last updated on May 24, 2018)

The company behind Unlocator is based in Denmark (safe jurisdiction). The privacy policy stipulates that Unlocator does not store logs on individual accounts. At the same time, it keeps a no-backup log at a personally identifiable level, which is automatically deleted after 24 hours.

It is necessary to sign up for a site account to purchase the VPN service, which rejects temporary email addresses and asks you to use your real email. This is a red flag for privacy-concerned users who must resort to creating a real email address with anonymous information. Here is what Unlocator collects at registration:

• Email address (safe)
• Name (optional, safe)
• Encrypted password (safe)
• Invoice info: country, city, street (not safe)
• Possible IP Address
• Payment information
  • Credit cards (not safe)
  • Google Pay (not safe)

Our privacy tip: Unfortunately, it is not possible to retain your anonymity when purchasing a subscription plan for Unlocator since the virtual private network service does not offer anonymous payment methods, like cryptocurrencies, cash, gift cards, or prepaid cards. Furthermore, while there is no information about collecting your IP address, Unlocator detects your IP while processing your payment and won’t let you choose a different country.

39. GOOSE VPN (privacy policy, last update unspecified)

GOOSE VPN operates in the Netherlands (member of the 9 Eyes, not safe) and claims a no-logs policy, stipulating that it does not sell, rent or trade your personal info with third parties.

The privacy policy also says that it does not register your IP address when you sign up or log into your VPN account. But it is immediately followed by a new line saying that it does actually record your IP address once when you sign up. No mentions after deleting your IP afterward, though.

Needless to say, these two affirmations are contradictory. Here is what it collects at registration:

• Email address (safe)
• Encrypted password (safe)
• Possible IP address (not safe)
• First and last name (required only for Credit Card payments, not safe)
• Payment information
  • Credit cards (not safe)
  • Paypal (not safe)

Our privacy tip: The logging policy of GOOSE VPN is questionable due to conflicting statements. Not only that, but can also only pay for a subscription using either a credit card or a PayPal account, neither of which are safe.

40. SurfEasy (privacy policy, last update unspecified)

SurfEasy operates in Canada, but it is owned by the Symantec American security company. Either way, Canada and the United States are both members of the 5 Eyes (not safe).

It claims to be a no-log VPN that does not sell your data to third parties. However, SurfEasy’s privacy policy applies in conjunction with Symantec’s global privacy statement. And Symantec says that it might collect personal data about your device, including IP address and traffic data.

By also taking Symantec’s global privacy statement into account, here is what SurfEasy collects at registration:

• Email address (safe)
• Name (not safe)
• IP address (not safe)
• Phone number (not safe)
• Shipping and billing data (not safe)
• Encrypted password (safe)
• Payment information
  • Credit cards (not safe)
  • Paypal (not safe)

Our privacy tip: The logging policy of SurfEasy is definitely sketchy because it contradicts with the company’s global privacy statement. Also, there is no way to make anonymous payments.

41. Kaspersky Secure Connection (privacy policy, data provision, last updated on March 06, 2020, April 09, 2018)

Based in Russia (not safe), Kaspersky Secure Connection lists a zero-logs policy on its homepage and reasonable exceptions in its privacy policy. But the privacy policy makes no mention of Secure Connection but only other Kaspersky products.

However, a data provision page we managed to track down on the official website reveals what data is collected about you when using Kaspersky Secure Connection. Furthermore, a document found deep within the installation files, called “Application usage restriction,” says that Kaspersky Lab is not really a VPN provider and that you will not be able to access sites blocked by the Russian government. Therefore, we should probably refrain ourselves from calling it a VPN.

Here is what information it gathers on you during registration:

• Email address (safe)
• Encrypted password (safe)
• Mobile phone number (not safe)
• DHCP settings, including IP address (not safe)
• Wi-Fi network name + nearby Wi-Fi connections (not safe)
• Checksum of the MAC address (safe)
• Billing info: full name, address, city, postal code, country (not safe)
• Payment data
  • Credit cards (not safe)
  • Paypal (not safe)

Our privacy tip: The “Application usage restriction” document was clearly designed to obey Russian laws about allowing only VPN services approved by the government. Furthermore, the data provision page lists a concerning amount of personal data automatically submitted to the tool. That does not matter anyway since there is no anonymous payment method, making it impossible for privacy-concerned users to resort to Kaspersky Secure Connection.

42. Astrill VPN (privacy policy, last updated on May 2018)

Located in Seychelles (safe jurisdiction), Astrill VPN says that it is committed to protecting your digital privacy. It adopts a strict no-logs policy. By its definition, it means that logs are deleted automatically after you terminate the VPN session.

However, it does hold some personally identifiable information during the active session, such as IP address, device type, and connection time.

Here is what it collects about you at sign-up:

• Email address (safe)
• Encrypted password (safe)
• Name (safe)
• IP address (not safe)
• Verified phone number if you pay with a credit card (not safe)
• Billing info: full name, address, city, postal code, country (not safe)
• Payment data
  • Credit cards (not safe)
  • Paypal (not safe)
  • Alipay (not safe)
  • UnionPay (not safe)
  • PerfectMoney (not safe)
  • Bitcoin through BitPay (safe)

Our privacy tip: Astrill VPN’s logging policy is suspicious. However, you can increase your chances of retaining your anonymity by paying for a subscription plan with Bitcoin.

43. RUSVPN (privacy policy, last updated on January 22, 2019)

The company that runs the virtual private network service is based in Dominica (safe jurisdiction). But its payment processing service is licensed in the United Kingdom (member of the 5 Eyes, not safe).

RUSVPN presents itself as an anonymous VPN service and says that that one of its advantages is the fact that it monitors and stores no logs. The privacy policy reinforces that any collected user information cannot be tied to an individual and that it would not have anything to share if it receives DMCA notices about copyright infringement.

This is what it collects at registration:

• Email address (safe)
• Encrypted password (safe)
• First and last name (required only for Credit Card payments, not safe)
• Payment data
  • Credit cards (not safe)
  • Paypal (not safe)
  • WebMoney through Accentpay (not safe)
  • Qiwi with a phone number through Accentpay (not safe)
  • Bitcoin through CoinPayments (safe)

Our privacy tip: To remain anonymous when registering for a RUSVPN subscription plan, make sure to select the Bitcoin payment option when checking out.

44. Encrypt.me (policies, last updated on February 10, 2020)

Encrypt.me is a virtual private network service that operates in the United States (member of the 5 Eyes, not safe). Surprisingly, this is a VPN that does not claim a zero-logging policy.

On the contrary, it admits to collecting your IP address when registering for a paid account through an affiliate and when connecting to a VPN server. It also stores your VPN IP address, session time, traffic amount, along with the source port of the outgoing connection (including start and end time).

All this information is supposedly deleted permanently after no longer than 16 days, but it does not say anything about how long it keeps your account info. Further, it does not share your personal data with third parties unless there are legally binding requests made by US authorities.

Here is what it collects about you at sign-up:

• Email address (safe)
• Name (safe)
• Encrypted password (safe)
• IP address (not safe)
• Mobile number for app sign-up (optional, not safe)
• Billing address: street address, postal code, country, full name (not safe)
• Payment data
  • Credit cards (not safe)

Our privacy tip: There is no way to protect your anonymity when registering for this VPN service since there is no anonymous payment method available. And the help page reveals that Encrypt.me does not plan to implement Bitcoin, cash or prepaid card payments, not even Paypal (ever). It seems that Encrypt.me is not built for privacy-concerned users.

45. VPN Unlimited (privacy policy, last updated on June 21, 2019)

The company that operates this virtual private network service resides in the United States (member of the 5 Eyes, not safe). VPN Unlimited promises absolute privacy and that it does not monitor, save or log your VPN activity.

It explicitly mentions that it does not share, transfer, sell, rent or disclose your personal information with third parties. Although it is aware of your true IP address when you connect to a VPN Unlimited server, it removes it after the session is terminated.

However, it stores personal data that you provide for up to 7 years. Here is what the VPN service collects about you upon registration:

• Email address (safe)
• Encrypted password (safe)
• First and last name (optional, safe)
• Company name (optional, safe)
• Contact info of team members (optional, safe)
• Mobile number for app sign-up (optional, not safe)
• IP address (temporarily, not safe)
• Billing address: street address, postal code, country (not safe)
• Payment data
  • • Credit cards (not safe)
    • Paypal (not safe)
    • Amazon Pay (not safe)
    • Bitcoin (safe)
    • FasterPay through Paymentwall (not safe)
  • Mint prepaid card through Paymentwall (safe)

Keep in mind that during our tests, the alternative payment solutions (other than credit cards or PayPal) did not work as intended.

Our privacy tip: To increase your chances of protecting your online privacy, make sure to select the Bitcoin or Mint payment option when buying a subscription plan for VPN Unlimited.

46. Getflix (privacy policy, last updated on July 1, 2013)

Getflix says that it operates in Seychelles (safe jurisdiction). But, when it comes to the governing law, the terms of use mention Canada (member of the 5 Eyes, not safe).

Either way, Getflix is more concerned with unlocking streaming services than protecting user privacy. The privacy policy mentions that it does not sell, trade or rent personal identification data with other parties.

It implies that non-personal data is, indeed, shared with others, which includes your browser name, device type, OS, ISP, and other similar information (unclear what it actually is).

There is no mention of logging, though. Here is the type of personal identification data required for registration:

• Email address (safe)
• Encrypted password (safe)
• Name (safe)
• Mailing address (safe)
• More info if you sign up with Facebook, Google, Yahoo!, or Windows Live ID accounts (optional, not safe)
• Payment data
  • Credit cards (not safe)
  • Paypal (not safe)

Our privacy tip: Getflix does a poor job at protecting user privacy, probably because it is focused with its Smart DNS tool and considers the VPN service to be an added bonus at no cost. It does not provide you with any anonymous payment methods.

47. BeeVPN (legal terms, last update unspecified)

The company of this VPN service operates in Denmark (member of 9 Eyes, not safe), although it is associated with Spain on Google and on its Facebook page. BeeVPN mentions that its key feature is to secure your privacy.

It does not log VPN traffic, except for some non-personally identifiable details, such as time of connection, session duration, and the total amount of traffic. But the company will help authorities by sharing customer information if presented with a court order.

The legal terms page is not completely explicit. Here is what it collects about you when you sign up:

• Email address (safe)
• Encrypted password (safe)
• Username (safe)
• More info if you sign up with Facebook, Google, Yahoo!, or Windows Live ID accounts (optional, not safe)
• Payment data
  • Paypal (not safe)
  • Bitcoin (safe)

Our privacy tip: To boost your online privacy when subscribing to BeeVPN, make sure to pick the Bitcoin payment method at checkout.

48. Bitdefender Premium VPN (terms of service, last updated unspecified)

Based in Romania (safe jurisdiction), the company does not have a privacy policy solely dedicated to the Bitdefender Premium VPN service. However, it mentions that you must comply to the terms of service and privacy policy of Hotspot Shield, another VPN service owned by Pango (previously AnchorFree).

Therefore, by recalling the details we previously listed for Hotspot Shield,  here is the personal data collected by Bitdefender Premium VPN when you sign up:

• Email address (safe)
• Username (safe)
• Encrypted password (safe)
• Phone number (not safe)
• Name and Address (not safe)
• Country (not safe)
• Payment data
  • Credit cards (not safe)
  • Paypal (not safe)
  • Bank or wire transfer (not safe)

Our privacy tip: Unfortunately, Bitdefender loses points for associating itself with Hotspot Shield as far as the privacy policy is concerned. Since it does not have an anonymous payment method, there is no way to protect your privacy when signing up for its VPN service.

49. BolehVPN (privacy policy, last update unspecified)

Based in Malaysia and operating under Seychelles laws (safe jurisdiction), BolehVPN says on its homepage that it does not collect any logs. However, if you take a closer look at its privacy policy, you will find out that it may actually turn on logging temporarily to identify abusing users.

This means that it has the technology to do it but it chooses not to unless special circumstances are met. The point is that BolehVPN has the technology required to identify any customer. Here is what it collects during registration:

• Email address (safe)
• Username (safe)
• Encrypted password (safe)
• First and last name (required only for Credit Card payments, not safe)
• Payment data
  • Credit cards (not safe)
  • Paypal (not safe)
  • Bitpay (safe)
  • CoinPayments (safe)
  • MEPS manual payment proof (safe)

Our privacy tip: To protect your online identity when signing up for BolehVPN, make sure to select the Bitpay, Coinpayments or MEPS method at checkout.

50. BTGuard (privacy policy and terms of service, last updated on November 15, 2011)

Located in Canada (member of 5 Eyes, not safe), BTGuard claims to provide anonymous BitTorrent services. Upon closer inspection, though, you will come across a 235-word policy that is incredibly vague.

It does not say anything specific, except that the company does not collect your IP address. It is also severely outdated. Here is the info requested at registration:

• Email address (safe)
• Username (safe)
• Encrypted password (safe)
• Payment data
  • Paypal (not safe)
  • Bitcoin (safe)

Our privacy tip: To help maintain your online privacy, make sure to pay with Bitcoin for a BTGuard subscription plan. However, it has a questionable privacy policy.

51. Hola VPN (privacy policy, last updated on December 26, 2019)

Hola VPN is located in Israel, which is a supporter of the 5, 9, 14 Eyes (not safe). The privacy policy mentions that it processes your data for as long as necessary, but it is not more specific than that.

Regarding data retention, the VPN service chooses to be vague and says that it keeps your personal data, account opening documents, and anything else related to your VPN account for as long as necessary.

Here is what Hola VPN Plus collects about you during signup:

• Email address (safe)
• Username (safe)
• Encrypted password (safe)
• IP address (not safe)
• Payment data
  • Credit cards (not safe)
  • Paypal (not safe)
  • Alipay (not safe)
  • GPay (not safe)
  • Skrill (not safe)
  • SOFORT Banking (not safe)
  • iDEAL (not safe)

Our privacy tip: Unfortunately, it is not possible to protect your online identity when signing up for Hola VPN Plus because it has no anonymous payment methods. On top of that, it is impossible to overlook Hola VPN’s shady practices. To be more specific, it revealed back in 2015 that it turned free VPN clients into exit nodes by sharing the idle resources of their systems with premium Luminati customers, which is Hola’s sister service. Anyone who wanted to get rid of this had to either give up Hola VPN or start paying for Hola VPN Plus. In fact, a website named Adios, Hola! was created to warn people about the dangers of Hola.

52. ibVPN (privacy policy, last updated on April 2, 2019)

Located in Romania (safe jurisdiction), ibVPN claims a no-logs policy on its homepage. Upon closer inspection, the privacy policy goes on to describe what that means, and it does a pretty good job at it.

The company behind this VPN tool retains your personal data for as long as it facilitates its services to you, but it does not say when it deletes your data after you stop using the service.

When it comes to site visitors, it keeps data for as long as 1 year. Payment info is not collected. Here is what ibVPN requests during signup:

• Email address (safe)
• Encrypted password (safe)
• First and last name (required only for Credit Card payments, not safe)
• Payment method
  • Paypal via FastSpring (not safe)
  • Credit cards, Alipay, iDEAL via 2Checkout/Avangate (not safe)
  • Bitcoin via Bitpay (safe)
  • Bitcoin, Litecoin, Blackcoin, Dogecoin, Ripple and other cryptocurrencies (safe)
  • Perfect Money (not safe)
  • Webmoney, credit cards, iDEAL, Alipay, and others via PaymentWall (not safe)

Our privacy tip: To keep your privacy and hide your online identity when signing up for ibVPN, you can select Bitcoin or another cryptocurrency at checkout.

53. RitaVPN (privacy policy, last update unspecified)

Located in Hong Kong (safe jurisdiction), RitaVPN does not boast a strict no-logging policy on its homepage. It only subtly mentions it on the download page.

The virtual private network provider does not specify for how long it keeps your data, other than “as long as needed.” However, the privacy policy explicitly mentions that it does not collect IP addresses, not even of site visitors and that it has no way of matching VPN activity to a specific IP address.

Here is what RitaVPN asks for during registration:

• Email address (safe)
• Encrypted password (safe)
• First and last name (required only for Credit Card payments, not safe)
• Payment method
  • Credit cards (not safe)
  • Paypal (not safe)

Our privacy tip: Although RitaVPN has a solid privacy policy and comes with a safe jurisdiction, it does not offer anonymous payment methods for privacy-concerned users.

54. Trust.Zone VPN (privacy policy, last update unspecified)

Located in Seychelles jurisdiction (safe), Trust.Zone VPN uses a payment processor based in Estonia (safe jurisdiction). Unfortunately, the privacy policy is very barren and devoid of any useful information, but they do tell us that they collect your email address for login purposes. Not only that, but the third-party payment processors might also collect some additional information, so keep that in mind as well.

Here is what the VPN service requests when signing up:

• Email address (safe)
• Encrypted password (safe)
• First and last name (required only for Credit Card payments, not safe)
• Payment method
  • Credit cards (not safe)
  • Paypal (not safe)
  • PayPro Global (not safe) – the available of these methods depend on your country.
  • Bitcoin and other cryptocurrencies (safe)

Our privacy tip: To maintain your privacy when signing up for Trust.Zone VPN, make sure to select Bitcoin or another cryptocurrency at checkout.

55. VPN.AC (terms of service, last update unspecified)

Located in Romania (safe jurisdiction), VPN.AC mentions on its homepage that it does not collect any activity logs. On the other hand, it logs the IP address of its customers, along with the VPN session connect and disconnect time, and amount of transferred traffic.

The terms of service also specify that your data is not shared with third parties at any point. However, it does not say anything about the type of data collected at registration.

Here is what it asks for when you sign up and make a purchase:

• Email address (safe)
• Encrypted password (safe)
• Country (not safe)
• First and last name (required only for Credit Card payments, not safe)
• Payment method
  • Paypal (not safe)
  • Credit card (not safe)
  • PaymentWall (not safe)
  • BitPay (safe)
  • Cryptocurrencies (safe)

Our privacy tip: If you want to protect your anonymity when getting a subscription plan for VPN.AC, make sure to select the BitPay or cryptocurrency payment method.

56. WARP (privacy policy, last updated on August 2, 2019)

Designed by Cloudflare, the company behind the popular free and public DNS servers (1.1.1.1), WARP is a VPN service that operates under United States jurisdiction (member of 5 Eyes, not safe).

According to its privacy policy, WARP does not collect your IP address, name, phone number, or credit card details. It also does not disclose your data to third parties. Your info is retained for up to 2 years after you stop using its services.

Because WARP cannot be used independently from 1.1.1.1, you can only access it from your Android or iOS app. And, when upgrading to WARP+ Unlimited, the payment is processed by Google or Apple.

Therefore, here is what you need to use WARP:

• Google account (not safe)
• Apple account (not safe)
• Credit card validated by Google or Apple (not safe)

Our privacy tip: Even if Cloudflare cannot match VPN activities to IP addresses, there is still no way to hide from Google or Apple when using this VPN service.

57. Windscribe (privacy policy, last updated on November 1, 2018)

Operating in Canada (member of 5 Eyes, not safe), Windscribe has a straightforward privacy policy that clearly defines what it collects and does not collect. Payments are only processed through third parties.

It periodically purges inactive accounts so that you will not have to worry about data retention. It is also possible to manually delete your account from the site if you signed up using an email address.

Here is what Windscribe collects at registration:

• Username (safe)
• Encrypted password (safe)
• Email is optional (safe)
• Payment transaction ID for 30 days (safe)
• Payment method
  • Credit cards (not safe)
  • Paypal (not safe)
  • AliPay (not safe)
  • Mobiamo (not safe)
  • MINT (safe)
  • Cryptocurrency (safe)

Our privacy tip: You can hide your identity from Windscribe and other parties by paying with cryptocurrency or MINT for a premium subscription plan.

In conclusion

This has been a long read and we are happy if you made it all the way through. The logging policy of a VPN provider is no joke because you never know when you might end up receiving a DMCA notice for accidentally downloading a torrent file you should not have.

A serious and trustworthy VPN service with a healthy attitude toward its customers should protect your privacy, no matter what. Out of this list, we think that Mullvad VPN takes the best approach toward ensuring your anonymity, at least at sign-up.

Would you like us to review the privacy policy of other VPN services, find out what data they collect at registration, and add them to this list? Let us know by writing a comment in the section below, and we will gladly take your suggestion into account.