Does a VPN store your personal information?

If you are familiar with VPNs, you will know that their main purpose is to encrypt your online data and hide your IP address. But your VPN provider may still collect some information about you, and some of the more shady services even conduct excessive data collection.

So, what kind of user data do VPNs typically collect, and how do you know if your provider is collecting too much?

Data VPNs typically collect

If you're using a subscription-based VPN, such as ExpressVPN or NordVPN, the provider will collect your payment details if you pay monthly. This is so the provider can collect your monthly payments automatically. Your country and billing address will also be collected here.

If you don't want your chosen VPN service to have your payment card information, many popular providers allow you to pay for your subscription via PayPal.

Other data your VPN provider may collect includes your full name and email address. However, some VPNs don't even need these details. Many free VPNs don't ask for your email address but will give you additional perks if you provide it. For example, Windscribe offers users a free version with a higher monthly data limit if they provide and confirm their account email address.

When creating a VPN account, you will usually be asked to set a password along with your email address. However, trustworthy VPN providers encrypt your password, meaning it can't be viewed even by the service itself. This password can only be accessed by you. Surfshark and NordVPN both encrypt your login passwords.

Certain VPNs may want to know a little more about you. You may be asked to provide your phone number, but this is quite rare. Since a VPN is designed to keep you anonymous, it's unlikely that a reputable provider will ask for much of your personal information.

VPN data should not be collected

You might think that most VPN providers have good intentions because the entire service is based on protecting you online. But as VPNs become more and more popular, more shady parties are looking to profit from your data.

This often happens with free VPNs. You may have noticed that the most popular and reputable VPNs are currently only accessible through a paid subscription. Of course, this fee allows the VPN provider to profit from their service. Free VPN providers cannot make a profit through user fees. Don't be naive to think that these free services are purely non-profit and just want to give people access to a mere VPN.

So how do free VPN providers make money? There are a number of ways a given company can do this, the first being advertising.

Some free VPN apps come with pop-up ads, like most free apps these days. These ads can be very infrequent, appearing only on certain occasions.

But unfortunately, you will probably face these ads often. When changing the server location, activating or deactivating the VPN, or even opening the VPN client, you may encounter annoying ads. By running ads through the app, the VPN provider can receive payments from the companies shown.

Pop-ups are annoying, but worse can happen. Instead of just showing ads, a VPN can also sell your private data.

This is done through a database known as the VPN log. VPN logs are designed to record certain types of user data. Each log can vary in the type of data collected, but search history, frequently visited websites, and IP addresses are among the most sought-after types of information.

But why collect this data? Are these VPNs intended to hack you?

Not necessarily. Malicious VPN providers cannot collect your sensitive data for hacking or phishing. But most sophisticated VPN providers use data logging for one of two reasons: Data sales and surveillance.

In countries with strict laws regarding Internet use, such as China, many legal VPNs are forced to provide the government with a backdoor for surveillance. Stricter governments may also require domestic legal VPNs to keep VPN logs.

In short, your VPN provider should never collect the following information:

1. Your IP address.
2. Websites you visit.
3. Data you enter online.
4. Connection time.
5. Session duration.

The whole purpose of a VPN is to make the data inaccessible to anyone except you. This includes your Internet service provider, government organizations, malicious actors, and the VPN provider itself.

Does the VPN you use collect your personal information?

Does a VPN store your personal information? Picture 1

A shady VPN will never reveal your data collection. However, the law requires companies to outline what data they collect and how they use it. This is usually explained in the VPN's privacy policy, which you can find on the official website.

The VPN's privacy policy should also state whether any of your data is shared and, if so, with whom it is shared.

If your VPN provider doesn't have a privacy policy, be careful with this. Even non-security-focused platforms like Instagram, Walmart, Youtube, and CNN all have privacy policies, so you should expect this to be the bare minimum from a VPN service.

If the VPN's privacy policy is very short or vague, there could also be something wrong. A legitimate company must clearly state how it collects, uses, and shares your data, especially if that company's purpose is to protect you and your data online.

ExpressVPN provides a prime example of a VPN's privacy policy, which covers a wide range of important topics. This includes data collection and use, user privacy, third-party cookies and analytics, child users, and data protection.

If you're concerned that your VPN's privacy policy may not be fact-based, make sure the company has been independently audited. That way, you know that any false claims have been dropped.

David Pac

Update 30 August 2023