It's been some time since our last Transparency Report in 2021. When we set-out with conducting our reports a few years back, we were aiming to give our users a look at the type of data requests we receive, while also reminding people how important it is to understand the privacy policies of the services you use.

Well, we're back! The good news is that this year's transparency report will actually cover from 2021 up to 2023, giving you a full look at the government authority requests we've received over the past couple of years.

Just as a reminder, our approach to transparency and minimizing data remains the same as it has always been:

  1. Don't collect data.
  2. If we absolutely need to collect data, collect the minimum amount possible to accomplish the service requirement.
  3. If data is collected, communicate it clearly with customers so they can clearly understand how we operate our service. Even when it’s awkward.

No logging and what we do with data

Let's keep this simple. TunnelBear does not keep logs. We do not know what you do online and we do not track or log your browsing data.

Since the term "logs" means different things to different people, we want to very clearly lay out what "no logs" means for TunnelBear:

  • We don't know who you are.
  • We don't know where you connect from.
  • We don't know what you do while you use TunnelBear.
  • We cannot provide information related to above three points to anyone.

We've done our best to make an easy-to-read Privacy Policy. No small text. No conditions may apply. No technical terminology. We want you to read it.

That said, let's take the time to break our Privacy Policy down a bit more.

Account and operational data

We do require that you create an account with a valid email address and password in order to use TunnelBear. We keep a record of the email address you provide in order to secure access to your account and send you important updates about TunnelBear.

Our team is able to see some key events about your account, so that we can assist customers with common requests. These events include:

  • When an account was created
  • If an account email/password was ever changed
  • If/when an account purchased a subscription
  • When a subscription is expired/cancelled
  • Last OS version and TunnelBear app version used
  • How much bandwidth is passed through the VPN servers
    • Note: Current month only, no historical data

These events are primarily used for customer support requests and helps us with tasks such as; locating stolen accounts, updating emails for users that need assistance, managing subscriptions, determining eligibility for refunds, and troubleshooting basic issues.

Third-party services we use

In order to manage user accounts, we do rely on some third-party services. This is to help reduce the need for us to maintain Personally Identifiable Information (PII) on our own servers and network.

Providing a full list of the third-party services and apps that we use would be a daunting task, but we will share some of the ones that have a more direct impact on user data:

  • Stripe (payment processing for our website)
  • Zendesk (user emails, customer support requests, FAQs)
  • Mailgun (email distribution)
  • Google (Email management, anonymized analytics)
  • Google Play store (app distribution, payment processing for Android)
  • Apple App store (app distribution, payment processing for iOS)

We do NOT collect, store, or log your IP addresses, DNS queries, or otherwise any applications, services or websites that you use while connected to TunnelBear. What you do while connected to TunnelBear is private, even from us.

Government authority and law enforcement requests

As with every VPN provider that operates servers around the world, we occasionally receive government authority or law enforcement requests.

If a VPN provider operates servers in a country that sends these requests, they typically must comply if presented with a warrant. As we collect no logs, we have no data to provide to these requests that is of any use. At most, if provided an email address, all we can do is confirm whether that email has an account with us.

How many requests did TunnelBear receive between 2021 and 2023?
Updated on Nov 2, 2023

Since 2021, we have had a total of 70 government authority requests. In most instances, these requests were the result of law enforcement authorities seeking to investigate crimes.

As we do not log IPs or track browsing data, no information about the user-browsing session was provided.

Our commitment to transparency

Transparency reports are only one of the steps that we can take to maintaining a transparent relationship with our users. We're excited to share that we are already a full week into our seventh annual public security audit (more on that early next year), and are discussing more ways that we can help build trust and transparency in the VPN community.

We also want to thank the many users that have reached out to ask about our transparency reports over the past year. It was due to your outreach that we decided to prioritize this report for the end of 2023. Thank you for reminding us that transparency is a constant effort, not a one time deal.

Commence tunneling,

the TunnelBear Team