4 red flags to watch out for in VPN privacy policies

Eight figures using mobile phones surrounding a giant mobile phone, displaying a red flag on-screen
(Image credit: Getty Images)

When you're trying to keep your browsing data private, today's best VPNs are an essential part of your toolkit. It hides your data from your ISP, keeps it encrypted in transit, and masks your IP address.

However, not all VPN services can be trusted with your personal data. Although most VPNs claim to abide by a no-logs policy, it only takes a few minutes to read through their privacy policies and check whether they're telling the truth.

You don't have to be a cybersecurity expert to evaluate these privacy policies, either. I've put together a guide to the biggest red flags you're likely to come across – so you know what to look for when vetting how a VPN handles your data.

Red flag 1: it's short, incomplete, or missing

A VPN's privacy policy is your guide to what the provider is doing with your data. The more detail a provider can offer, the better informed you are about what data you're handing over when you use the service.

As such, a solid privacy policy needs to be thorough. After reading through it, you should be aware of which data is collected, how it is used, and why the VPN is collecting it in the first place.

While there's value in making a privacy policy concise, VPN providers with poor data collection policies will often try to obfuscate their anti-privacy practices by cutting important information out of the policy. Oh, and it goes without saying, but if the VPN in question doesn't have a privacy policy at all – steer clear.

It goes without saying, but if the VPN in question doesn't have a privacy policy at all – steer clear

The same thing applies if critical information is missing. At a minimum, you should expect a VPN provider to outline exactly which data it collects from you while using the service.

It should also explain its processes for sharing data if and when approached by a third party – especially if this comes in the form of a law enforcement request. If a VPN glosses over these details, or fails to address them altogether, it could mean that your data is being handed over without any safeguards.

The VPN provider needs to be precise when outlining this information, too. If you see ambiguous language, it's entirely possible that the provider is trying to meet its legal obligations without explicitly informing you which data is being gathered.

There's no good reason for a VPN not to be totally transparent, so avoid the service if you see vague promises in the field.

Red flag 2: it's data-hungry

A VPN needs to log some data in order to function properly. For instance, to monitor how many simultaneous connections are in play, a provider could use a metric like connection times to enforce device subscription limits. The collected data should always be minimal and relevant, however.

A VPN that collects sensitive data, such as your IP address, browsing history, or DNS queries, is better off avoided.

The VPN doesn't need this information to operate – and collecting it directly compromises your privacy, creating a record of your online activities.

Proven privacy protectors

Laptop with a VPN running on the screen, on a desk with shelving in the background

(Image credit: Future / Getty)

Wondering which VPNs do the most to keep your personal data under lock and key? We've got you covered. Check out our guide to today's most secure VPNs.

Even if we assume that the VPN isn't logging your traffic to trawl for passwords, or other malicious acts, a hacker could still steal your logged data for themselves. Even worse, law enforcement might be able to simply serve a warrant and walk out with your browsing data.

This is usually the case with free VPNs. They monetize their free plans, collecting your data, packaging it up, and serving it to third-party advertising partners.

If a VPN collects and retains more data than is absolutely necessary, it's better to look for a more privacy-conscious alternative – no matter how good the deal is.

Red flag 3: it claims to collect nothing

It's impossible to run a truly 100% log-free VPN by design. There's no way to build a VPN protocol that doesn't, at the very least, capture minimal information from the user.

Today's most reliable VPNs try to keep this data logging to an absolute minimum, but they won’t claim to collect absolutely nothing at all. A VPN needs to log connection details to ensure that its servers run smoothly and that users aren't abusing the services, after all.

To be clear, connection logs do not contain information about the content of your browsing activity. We’re talking about data points like bandwidth usage and timestamps, not the websites you've visited or what you've sent to them. Usage logs like these are a serious privacy red flag and should never be retained by any VPN.

Therefore, if a provider does claim that it collects absolutely no data on you, whatsoever, including connection logs, you should treat it with suspicion.

It's an outright lie – so, if it's willing to lie about the data it collects, who's to say it's not also willing to lie about selling it on to third parties?

Red flag 4: the VPN is based in a privacy-unfriendly jurisdiction

Different VPN jurisdictions have different data laws. This all depends on where the VPN provider is headquartered – and means that it could be subject to hugely varying regulations when it comes to data processing and privacy.

Then, there are the operational realities of setting up shop in certain countries.

A strong privacy policy is only as effective as the legal framework that supports it

For example, most countries in Europe are subject to the EU's GDPR directive which requires companies to abide by fairly strict rules when it comes to who can collect your data and how it can be accessed by a third party. However, a strong privacy policy is only as effective as the legal framework that supports it.

Although VPNs based in countries like the United States or the UK may benefit from strong privacy laws, the governments of these countries have a history of heavy-handed data collection and surveillance. Essentially, a VPN in these countries could be forced to retain logs or hand over data even if their policy claims otherwise.

Why do VPN privacy policies matter?

Okay, let's address the elephant in the room – VPN privacy policies are often long, boring documents stuffed with techy jargon. Even so, they're worth reading.

Without a privacy policy, there's no way of telling what user data the service collects, how it is used, and under what conditions it might be shared with third parties.

These policies also vary significantly from one provider to the next – which is why it's important to go through them carefully.

A provider might casually mention that it actually hands over your browsing data to an ad partner, for example, meaning that the VPN is actively harvesting your data to build a user profile. It's the last thing you'd expect a privacy-first VPN to be doing – so it really does pay to pay attention.

Sam Dawson
VPN and cybersecurity expert

Sam Dawson is a cybersecurity expert who has over four years of experience reviewing security-related software products. He focuses his writing on VPNs and security, previously writing for ProPrivacy before freelancing for Future PLC's brands, including TechRadar. Between running a penetration testing company and finishing a PhD focusing on speculative execution attacks at the University of Kent, he still somehow finds the time to keep an eye on how technology is impacting current affairs.

Read more
private VPN with no logs
The most private VPN: 2025's best no log VPNs to stay anonymous online
Someone using a VPN on a PC.
How to buy a VPN – a jargon-free guide
best Secure VPN
Secure VPN providers 2025: safe options for the best security and encryption
Polygonal vector illustration of the virtual private network's shield reading VPN and world map on the background
The cost of a ‘free’ VPN: When cheap is expensive
A repeating pattern of pink magnifying glasses on a light blue background
Why do VPN audits matter?
Outlook Calendar on a Tablet
What we learned from VPNs in 2024
Latest in VPN
Swiss flag with view of Geneva city, Switzerland
Secure encryption and online anonymity are now at risk in Switzerland – here's what you need to know
Demonstrators protesting against the arrest of the Mayor of Istanbul Ekrem Imamoglu block Atatürk Boulevard on March 22, 2025 in Ankara, Türkiye.
Turkey's social media ban has been lifted, but VPN usage is still high
Shape of Russia filled with Russian flag-colored internet codes on a black hacking background
A new wave of blocks in Russia targets VPN apps and Cloudflare subnets
A hand holds a smartphone displaying the NordVPN logo
NordVPN Prime hits lowest-ever price in VPN Spring sale
Digital hand set location on map with two pins. AI technology in GPs, innovation delivery, map location, future transport logistic, route path concept. GPs point. New office location, change address
What does your IP address reveal about you?
ExpressVPN mobile app and Aircove
ExpressVPN ‘reduces workforce’ for the second time in two years
Latest in Features
Google Gemini 2.5 and ChatGPT o3-mini
I pitted Gemini 2.5 Pro against ChatGPT o3-mini to find out which AI reasoning model is best
The cast of The Residence peek from a doorway
Netflix's #2 most-watched show is the new madcap whodunnit The Residence –here are 3 more mysteries to stream next
Google AI Mode
I tried Google's new AI mode powered by Gemini, and it might be the end of Search as we know it
Saily eSIM by Nord Security
"Much more than just an eSIM service" - I spoke to the CEO of Saily about the future of travel and its impact on secure eSIM technology
A collage image showing images from the TV shows The White Lotus on Max, Black Mirror on Netflix and The Handmaid's Tale on Hulu.
I'm pausing my Prime Video, Apple TV+ and Paramount+ subscriptions in April 2025 – here are the 3 streaming services I'm keeping instead
Gemini on a smartphone.
Gemini is pulling ahead of ChatGPT – combining Deep Research with Audio Overviews is one of the best uses of AI I’ve seen so far