Our privacy principles: data minimisation, default protection, and clarity

TL;DR

• We design our systems to collect the absolute minimum data required to run the service
• Protection features like the kill switch and private DNS are enabled by default—you shouldn't have to opt in to privacy
• We write our policies in plain English and publicly announce any changes to our practices
• We rely on independent third-party audits and public transparency reports, not just marketing claims
• A portion of every subscription supports organizations defending digital rights and press freedom

Our principles at a glance

✅ What we do: - Collect only what is strictly necessary (data minimisation) - Enable core privacy features by default - Write policies in clear, specific language - Prove our claims through independent audits - Support digital rights organizations

❌ What we don't do: - Log browsing history, DNS queries, or connection timestamps - Make vague "100% anonymous" marketing claims - Hide behind complex legal jargon - Ask you to trust us without verification - Treat privacy as an optional add-on

Most VPN providers talk about privacy using the same vague marketing language. They promise "complete anonymity," claim to be "100% private," and ask you to trust them with your data. But privacy isn't a marketing slogan—it's a series of technical and operational decisions.

When we built PrivateByRight, we decided to approach privacy differently. Instead of asking for your trust, we built systems designed to prove it. We don't make absolute claims about anonymity because a VPN alone cannot make you anonymous. Instead, we focus on what we can control: how we handle your data, how our software protects you by default, and how we verify our claims.

These are the five principles that guide every decision we make.

Principle 1: Data minimisation

We don't collect what we don't need. It's that simple. If we don't have the data, we can't lose it, sell it, or hand it over to authorities.

Many VPNs claim to have a "no-logs" policy, but the reality is often more complicated. They might not log your browsing history, but they still collect connection timestamps, session durations, and originating IP addresses. We take a stricter approach.

What we explicitly do not collect: - Browsing history or websites visited - DNS queries - Connection logs or session timestamps - Originating IP addresses

What we do collect (and why): - Account email (optional): Used for account recovery and communication. You are free to use an anonymous email provider. - Payment data: Handled entirely by third-party processors like Stripe. We never store your credit card number. - Anonymized performance data: We monitor server load and bandwidth at an aggregate level to keep the network running smoothly. This data cannot be linked to individual users.

Learn more: No-logs explained: what it means, what to look for, and how we design for it

Principle 2: Default protection

Privacy shouldn't be an advanced setting buried in a menu. The features that protect you should be turned on the moment you install the app. You should have to opt out of protection, not opt in.

When you use PrivateByRight, our core security features are active by default:

• Kill switch: If your VPN connection drops unexpectedly, the kill switch immediately blocks all internet traffic. This prevents your real IP address from leaking. It's on by default.
• Private DNS: All your DNS requests are routed through our encrypted tunnel and resolved by our own DNS servers. This keeps your ISP from seeing which websites you're trying to visit. It's on by default.

We believe that secure defaults are the foundation of a trustworthy product. If a feature is critical for your privacy, we don't make you hunt for it.

Principle 3: Clarity

Privacy policies are usually written by lawyers, for lawyers. They are full of vague generalizations like "we may collect certain information to improve our services." This kind of language gives companies the flexibility to change their practices without telling you.

We write our policies in plain English. We state exactly what data we collect, why we collect it, and how long we keep it. We don't use vague terms to hide broad data collection.

If we ever need to change our privacy practices—for example, to comply with a new legal requirement or to support a new feature—we will announce it publicly before the change takes effect. You will always know exactly where you stand.

Principle 4: Verification over trust

Claims without verification are just marketing. We don't ask you to trust us; we ask you to verify our claims.

To prove that our systems work the way we say they do, we rely on independent third-party audits. These audits examine our infrastructure, our code, and our operational practices to ensure we are actually following our no-logs policy.

We also maintain a public Transparency Hub. This is where we publish our audit reports, detail any legal requests we receive for user data, and explain exactly how we responded. We also maintain a warrant canary—a regularly updated statement confirming that we have not received any secret legal orders or gag orders.

Learn more: Transparency Hub: what we publish and how to read our reports

Principle 5: Impact alignment

Privacy is a fundamental human right, not just a software feature. We believe that a privacy company should actively support the broader ecosystem of digital rights.

That's why a portion of every PrivateByRight subscription goes directly to organizations defending privacy, press freedom, and human rights. When you use our service, you aren't just protecting your own connection—you are helping to fund the tools and legal battles that protect everyone's rights.

We are transparent about where this money goes and how the organizations are chosen.

Learn more: How donations work at PrivateByRight: the model, rules, and accountability

How these principles translate to systems

Principles are only useful if they are built into the technology. Here is how we engineer our infrastructure to enforce these rules:

RAM-only servers

Wherever possible, our infrastructure runs on RAM-only (diskless) servers. Because these servers have no hard drives, they cannot store data permanently. Every time a server is rebooted, all data is completely wiped. This physically enforces our data minimisation principle.

Multi-hop routing

For users who need an extra layer of protection, we offer multi-hop routing. This routes your traffic through two separate VPN servers before it reaches the internet. Even if one server were somehow compromised, the attacker would only see half of the connection—either your IP address or your destination, but never both.

Continuous auditing

Our commitment to verification means that auditing isn't a one-time event. We regularly invite external security firms to test our systems and publish their findings.

Learn more: Behind the scenes: building a privacy-first VPN, systems, choices, tradeoffs