Private Internet Access Transparency Report Q3 2025

Every quarter, we publish a transparency report to show exactly how many legal requests we receive and what we do with them. It’s part of how we stay accountable to the people who trust us to protect their privacy.

Between July and September 2025, our legal team received 19 requests from domestic and international authorities. These included subpoenas, government or civil notices, and informal foreign requests. As in every previous quarter, none of these resulted in the disclosure of user data. PIA’s systems are engineered not to log user activity, meaning there’s nothing to provide when requests come in.

We’ve kept the same simplified structure introduced earlier this year, grouping all non-subpoena and non-warrant requests under one category for clarity. Foreign and informal requests continue to be listed separately to reflect our international footprint.

You can find a summary of the figures below, along with updates from our bug bounty program and a look at recent developments in digital privacy across the United States. You can also read more on our dedicated Transparency Report page. 

PIA’s Q3 2025 Transparency Report

This report covers the data requests our legal team received between July 1 and September 30. Before we get into the numbers, here’s a quick look at the types of legal notices we track.

Legal processes Subpoenas: Legal orders compelling the production of testimony, documents, or other evidence relevant to a legal matter. These are specific to U.S. legal proceedings and often used during investigations or litigation. Warrants: Court-authorized directives permitting law enforcement to search or seize property. Warrants require probable cause and are typically issued in relation to a suspected crime. Other government, law enforcement, and civil requests: This covers additional official requests, such as federal, state, or international inquiries, that don’t fall under subpoenas or warrants. These include requests from courts, police departments, or other government bodies. Foreign and informal requests: These are requests from foreign governments or law enforcement agencies that don’t carry formal legal weight under U.S. law. These are typically non-binding and informational in nature.

Here’s a breakdown of the legal notices we received this quarter.

Legal Processes	Received	Logs Produced
Subpoenas	8	0
Warrants	0	0
Other Government, law enforcement, and civil requests	2	0
Foreign and informal requests	9	0

Legal demands for user data fell noticeably this quarter. Between July and September, PIA received 19 requests in total, which is less than half the volume of the previous quarter. Most were subpoenas; none were warrants. The slowdown reflects fewer cross-border inquiries and a generally quieter landscape for law enforcement data requests. As always, there was nothing to turn over. PIA’s systems are built without activity logs, leaving no trail to retrieve or disclose.

Get PIA VPN

Q3 Lessons from Our Bug Bounty Program

PIA’s bug bounty program runs year-round, giving independent researchers the opportunity to test our systems and report potential vulnerabilities. In Q3, 36 reports were submitted. Eight were unique issues, and four were confirmed as valid vulnerabilities. All were fixed promptly. None affected user privacy or service integrity.

While most submissions turned out to be false positives or low-severity observations, the program remains invaluable. Every report helps us validate assumptions, verify protections, and strengthen the systems that keep our users secure. Openness to scrutiny is part of how PIA continues to evolve against an ever-changing threat landscape.

What Defined U.S. Online Security in Q3 2025

Transparency also means paying attention to how digital privacy is being tested and reshaped across the wider internet. From classrooms to courts, Q3 showed how the lines between convenience, surveillance, and security continue to blur.

Schools Are Becoming Data Mines

Across the U.S., districts are facing renewed scrutiny over how education technology platforms handle student information. As schools adopt more digital tools to track attendance, performance, and behavior, experts warn that vast datasets on minors are being generated with little oversight. Privacy advocates say the patchwork of state and federal rules leaves room for commercial profiling, a concern amplified by the surge in third-party learning apps. The debate highlights a growing gap between the speed of classroom digitization and the safeguards meant to protect it.

AI Voice Scams Reach the Halls of Power

Artificial intelligence is reshaping how scams work…and who they target. In Q3, the FBI issued warnings about a new wave of deepfake voice calls impersonating senior government officials. Using only seconds of audio scraped from public sources, criminals are cloning voices to demand money, influence contractors, and spread misinformation. Security researchers say the rise of synthetic speech shows how AI’s accessibility has lowered the barrier for social engineering. What once required sophisticated actors can now be done with a few clicks and the right dataset.

Facial Recognition Faces Its Reckoning

Across Illinois, California, and several other states, courts are rethinking how facial recognition fits into daily life. What began as a convenience for access control and retail analytics has become a focal point for questions about consent, ownership, and permanence. Biometric data isn’t easily changed or revoked once collected. The surge in biometric litigation through Q3 shows how identity itself is becoming a form of personal data that demands stronger boundaries and clearer rules.