IMPORTANT NOTE: The summaries here at the top of each section (in green) are for easy referencing; they are not meant to have any legal effect or in any way substitute the text of the Privacy Policy, which should be read and understood in full detail.
This privacy policy (“Privacy Policy” or “Policy”) explains the privacy practices of Private Internet Access, Inc., (collectively, “We,” “Us,” “Data Controller,” “Company,” or “PIA”) and applies to users (“User(s)” or “You”) of PIA’s services, including, among other things, the PIA VPN service (“Service”) and PIA website at www.privateinternetaccess.com (“Website”).
The processing of personal data, such as the email address or payment information of a user, shall always be in line with the General Data Protection Regulation (GDPR) and in accordance with any country-specific data protection regulations applicable to PIA. By means of this data protection declaration and Privacy Policy, we are informing the general public of the nature, scope, and purpose of the personal data we collect, use, and process. Furthermore, users are informed, by means of this Privacy Policy, of the rights to which they are entitled.
As the data controller for personal data, we administer the strictest policies in safeguarding your privacy and security. By agreeing to these policies written herein, you signify your acceptance of, and agree to be bound by, this Policy as interpreted in line with the Terms of Service, the Cookie Policy, and the Digital Millennium Copyright Act (DMCA) policy which are hereby incorporated as references (the DMCA policy, Terms of Service, and the Privacy Policy are sometimes referred to collectively as the “Policies") into this Privacy Policy.
“Personal Data” means any information that relates to or may be associated with an identifiable person. The Personal Data we collect will vary depending on your use of PIA’s Website or Service, as follows:
From VPN Users:
From Emails & Visitors to the PIA Website:
“Non-personal Data” is not associated with or linked to any Personal Data. Any usage metric collected while using the Service is irreparably separated from the account user. Thus, Non-personal Data does not allow for the identification of any individual person. Non-personal Data we collect includes:
From All VPN Users:
From VPN Users Who Opt-in & Willingly Send Reports:
From Emails & Visitors to the PIA Website:
We collect your email address to send you subscription information, payment confirmation, customer correspondence, and PIA promotional offers (to the extent that you accept a subscription to our marketing list). Additionally, if residing in the US, we may collect your state and zip code to ensure compliance with our statutory tax obligations and for fraud detection.
Furthermore, we collect certain kinds of payment data to manage client signups, payments, and cancellations. We process the above data in compliance with various legal processes in order to comply with statutory and contractual obligations.
The above-mentioned Personal Data is not, at any point, associated with any kind of activity done by the user inside any Private Internet Access Service (VPN, Antivirus, or otherwise) – absolutely none of this usage data is recorded, logged, or stored in any way, shape, or form. All collected Personal Data remains completely separated from VPN or Antivirus usage, ensuring complete privacy when using our Service.
You have the option to register on the PIA website by inserting your username and password into the appropriate fields. The Personal Data entered there is collected and stored exclusively for internal use by PIA. When registering on our website, we store the payment method, login ID, and date and time of the registration. The storage of this data takes place against the backdrop that this is the only way to prevent the misuse of our Services, and, if necessary, to make it possible to investigate committed offenses. In short, the storage of this minimal amount of data is necessary to secure the data controller. This data is not passed on to third parties except as stated herein. Through registering on PIA’s website, you may exercise your rights as indicated below, through the website.
The registration of your data is intended to enable the data controller to offer the data subject contents or Services that may only be offered to registered users.
We do not now, nor have ever, nor ever will, share, sell, rent, or trade any user’s Personal Data with third parties other than as disclosed within this Privacy Policy. While we may disclose collected Personal Data to necessary members in our group of companies (across our ultimate holding company and all its subsidiaries) insofar as is reasonably necessary to continue our Service in line with this Policy, we regard our commitment to user privacy as paramount.
Furthermore, we may share your personal information with third-party service providers so that we may continue to improve our Service. In particular, in order to assist you if you have questions while using our website, or to assist you regarding your order and provide comprehensive customer support, we offer the possibility of online chat where, you will be requested to provide Personal Data such as a name and email. When a user visits the Private Internet Access online chat page, we use Deskpro to assist our customer service coordination. Deskpro stores in its own database: a visitor_id (a unique identifier randomly generated when someone visits the page, stored in their cookies), what browser the user used to log in, the country of the user, and the date visited. Name, account ID, and email address may be collected and stored if this information is provided for support tickets submitted to Private Internet Access. We may also use Deskpro as a medium for communications, either through email or through direct messages within the Deskpro platform. As such, any messages sent via live online chat, tickets, or emailed to [email protected] will be stored on Private Internet Access servers. We may use this data collected via Deskpro in order to improve customer experience. Your data may be internally analyzed to understand trends in customer behavior, demographics, and selections. We will never sell information to any third parties. Deskpro maintains its own separate Privacy Policy that is separate from Private Internet Access and can be located at https://www.deskpro.com/legal/privacy/.
Additionally, PIA itself does not process any orders or payments. We work exclusively with the payment processors Stripe, Amazon Payments, BitPay, and PayPal. You can find information about the payment services providers' privacy policies and practices at https://stripe.com/us/privacy (Stripe), https://pay.amazon.com/help/201212430 (Amazon), https://bitpay.com/about/privacy/ (BitPay), and https://www.paypal.com/us/webapps/mpp/ua/privacy-full (PayPal). Each payment processor’s Privacy Policy governs the collection and use of the information collected during the checkout process, and while we have found each third-party Privacy Policy to be in accordance with our strict privacy standards, we recommend you review each applicable Privacy Policy prior to placing an order or providing any kind of information, personal or otherwise.
If you select to subscribe to our Marketing list, we may share your data with such selected third parties that will administer the list. Such third parties will contractually agree to uphold the same standards as we hold your Personal Data. To find more about this, you can visit our current third-party mailing partners here. Opt-out at any time by clicking here.
Additionally, although we will comply with all valid subpoena requests, our legal team scrutinizes each and every legal request that we receive for compliance with both the "spirit" and “letter” of the law. For invalid or overly broad subpoenas, we will first question and attempt to narrow the scope of any subject matter sought. PIA will not participate with any law enforcement request that is unconstitutional or illegal. Moreover, when it is possible and a valid option, we will provide the user an opportunity to object to any requested disclosures.
Civil or law enforcement requests are allowed to be sent to [email protected]. If there’s a request that requires mailing or a courier, that information is allowed to be sent to:
Private Internet Access Inc.
Attn: Legal Department
9200 E Mineral Ave #100
Centennial, CO 80112
United States
While PIA agrees to accept service of law enforcement requests based on the methods listed, PIA does NOT waive any legal rights based on this accommodation.
We reserve the right to rectify, replenish, or remove incomplete or inaccurate information at any time and at our own discretion as detailed above. Please note that unless you instruct us otherwise, we retain the information we collect for as long as needed to provide our Service, as well as to comply with our legal obligations, resolve disputes, and enforce our agreements.
Pursuant to California Civil Code Section 1798.83, if you live in the State of California and your business relationship with us is mainly for personal, family, or household purposes, you may ask PIA about the information we release to other organizations for their marketing purposes. To make such a request, please send an email to [email protected] with “CCPA privacy request” as the subject. You are allowed under California law to request this information one time each calendar year. We will email you a list of categories of Personal Data we may have revealed to any third parties in the last calendar year, along with their names and addresses. Not all Personal Data shared in this form is included under Section 1798.83 of the California Civil Code. Please also see this California-specific privacy notice for more details related to your rights as a California resident under the CCPA.
By default, PIA does not share your Personal Data with any third parties aside from the disclosures already made in this Privacy Policy. However, if you wish to inquire into how PIA does not share our users’ Personal Data with third parties for direct marketing purposes, you may contact our Data Protection Officer (DPO) at [email protected].
The Children’s Online Privacy Protection Act (COPPA) was passed to give parents increased control over what information is collected from their children online and how such information is used. The law applies to websites and services directed to, and which knowingly collect information from, children under the age of 13. Our online Services are not directed to children under the age of 13 nor is information knowingly collected from them. For additional information on COPPA protections, please see the FTC website at: https://www.consumer.ftc.gov/articles/0031-protecting-your-childs-privacy-online
Your principal rights under data protection law in relation to your Personal Data are:
We provide you with the ability to exercise the above rights along with certain choices and controls in connection with our treatment of your Personal Data. To exercise your rights through your account please contact our DPO at:
Dr. Venetia Argyropoulou
Private Internet Access, Inc.
9200 E Mineral Ave #100
Centennial, CO 80112
United States (347)586-9467 (Ext. 904)
[email protected]
In the event that you make such a request, note that we may require certain information from you in order to verify your identity and locate your data, and the process of locating and deleting your data may take a sizable amount of time and effort. Data privacy and related laws in your jurisdiction may provide you with different or additional rights related to the data we collect from you, which may also apply.
Only key employees of PIA and PIA’s Group with a need to administer or process Personal Data are granted access to the servers and information where Personal Data is stored. Furthermore, Personal Data is always maintained in a highly encrypted form.
We collect information globally, and we primarily store that information in the United States. If we transfer the storage of your Personal Data from the United States, we will request your consent.
If we decide to make changes to our Privacy Policy, at our sole discretion, such changes and updates will be effective immediately upon the display of the revised Privacy Policy. Thus, we encourage you to check this Privacy Policy regularly for updates, so that you are fully informed on how your data is collected and used. The date this Privacy Policy was last modified is reflected at the bottom of the page under the heading “Last revised”. Your continued use of the Services following the display of such amendments constitutes your acknowledgement and consent to such amendments to the Privacy Policy and your agreement to be bound by the terms of such amended policy.
If we make material changes to this Privacy Policy, we will notify you through the account or the Website or the in-app Service, and we will make our best efforts to notify you via email or by means of a notice on our home page prior to the change becoming effective.
For any further information, you may contact:
Dr. Venetia Argyropoulou
Private Internet Access, Inc.
9200 E Mineral Ave #100
Centennial, CO 80112
United States (347)586-9467 (Ext. 904)
[email protected]
Private Internet Access has 10+ years of experience in leading the VPN industry with a strict no-usage-logs policy, world-class server infrastructure, and 100% open-source software. Above all else, PIA prioritizes user privacy, security, and freedom from unnecessary, unethical, and illegal surveillance.
Last revised: September 7th, 2022