People worldwide increasingly depend on digital information and communication technologies, and corporate and government surveillance and manipulation is becoming increasingly pervasive. Providers of all types must continually earn the trust of their users and constituencies.
To that end we provide the following answers to the questions posed by the Center for Democracy & Technology (CDT), in their project: Signals of Trustworthy VPNs – Questions for VPN Services.
To view the answers please click the arrow or question
What is the public facing and full legal name of the VPN service and any parent or holding companies?
SupraVPN is a service that owned and operated by the Fourth Estate Public Benefit Corporation, a Colorado public benefit cooperative with headquarters located in Washington. DC, USA.
Does the company, or other companies involved in the operation or ownership of the service, have any ownership in VPN review websites?
No. Neither, SupraVPN, nor Fourth Estate own, operate or control any VPN review website.
What is the service’s business model (i.e., how does the VPN make money)?
SupraVPN’s revenue comes from business and consumer VPN subscriptions and related services.
We never sell, share, or provide user information to any other party, and we will never utilize the information that a user provides to us for any purpose other than providing the SupraVPN service.
Does the service store any data or metadata generated during a VPN session (from connection to disconnection) after the session is terminated? If so what data?
SupraVPN is a zero-knowledge, zero logging VPN Service. We do not record or retain any data when you use the SupraVPN network.
Does your company store (or share with others) any user browsing and/or network activity data, including DNS lookups and records of domain names and websites visited?
SupraVPN is a zero-knowledge, zero logging VPN Service and does not store, nor does it share with others any user browsing and/or network activity data, including DNS lookups and records of domain names and websites visited.
Do you have a clear process for responding to legitimate requests for data from law enforcement and courts?
Any law enforcement or judiciary request for data is reviewed by our corporate counsel. While we will comply with valid a legal request, as a zero-knowledge, zero logging VPN service we explain that we have no information to hand over.
What do you do to protect against unauthorized access to customer data flows over the VPN?
Preventing and defending against unauthorized access is our highest priority, and we employ a multi-layered best practices approach of processes, techniques and services
All platforms and systems are end-to-end encrypted using military-grade AES 256-bit encryption; and we avoid the use of third-party providers, whenever and wherever possible.
What other controls does the service use to protect user data?
SupraVPN uses a variety of practices to protect user data
- We collect only minimal data, in fact we only require an email address and form of payment.
- We accept anonymous payments using cash.
- Customers are also able to pay anonymously using a variety of crypto currency.
- We maintain an active Warrant Canary.
- Our parent, Fourth Estate Public Benefit Corporation is a respected global civil society organization and adheres to strict trust and transparency principles.
- While we are domiciled in the United States, we locate sensitive systems in jurisdictions with strong privacy protections.
- We are prepared to shut-down the service in a jurisdiction should any government ever legally force us to circumvent our privacy and security and surveil our users.