Last updated: April 9, 2019
Avast believes in full transparency and protecting our customers’ privacy.
Avast provides products under the Avast, AVG and HMA! brands globally. The privacy policies that cover these products can be found here:
We are publishing our first transparency report to provide details into all government requests seeking access to Avast customer data that we received in 2017. We are also publishing a Warrant Canary on a quarterly basis. We want our users to have visibility about the types of government agency requests we receive, the frequency of requests, and the disclosure rate.
Our policy is to give data only when compelled by law.
Here is the summary of requests:
||Number of Request for User Information
||Requests as a Percent of User Base
||Number of Disclosures of User Information
||Disclosure Rate as Percent of Requests
|| HMA! VPN
|| HMA! VPN
- Law Enforcement Agencies: All requests that we have received to date were from law enforcement agencies, such as police departments, conducting criminal investigations.
- Avast SecureLine VPN product: We received 28 requests from law enforcement agencies from the following countries: Czech Republic (19 requests), France (3 requests), Italy (1 request), Germany (1 request), Poland (1 request), Sweden (1 request), The Netherlands (1 request), and the United States (1 request). For 27 of the requests, no data was disclosed. In 1 instance from the Czech Republic we did confirm an email address associated with an IP address for a criminal investigation.
- HideMyAss! (HMA!) VPN product: We have had 102 requests from law enforcement agencies. The countries that requested data for criminal investigations were United Kingdom (71 requests), United States (13 requests), Spain (4 requests), Germany (3 requests), Austria (1 request), Chile (1 request), Czech Republic (1 request), Estonia (1 request), France (1 request), Hungary (1 request), India (1 request), Italy (1 request), Norway (1 request), and Portugal (1 request). From these requests, we disclosed data 39 times in the United Kingdom and 1 time in the United States. The data we disclosed in these instances were root IP addresses, email addresses and billing information.