Transparency report for 2017
Last updated: January 19, 2018
Avast believes in full transparency and protecting our customers’ privacy.
Avast provides products under the Avast, AVG and HMA! brands globally. The privacy policies that cover these products can be found here:
We will incorporate data about our recently acquired CCleaner product in our 2018 Transparency report.
We are publishing our first transparency report to provide details into all government requests seeking access to Avast customer data that we received in 2017. We are also publishing a Warrant Canary on a quarterly basis. We want our users to have visibility about the types of government agency requests we receive, the frequency of requests, and the disclosure rate. In 2017, we did not receive any requests from government intelligence agencies for customer data.
Our policy is to give data only when compelled by law.
Here is the summary of requests:
||Number of Request for User Information
||Requests as a Percent of User Base
||Number of Disclosures of User Information
|| HMA! VPN
|| HMA! VPN
- Law Enforcement Agencies: All requests that we received in 2017 were from law enforcement agencies, such as police departments, conducting criminal investigations.
- Avast Antivirus products: We received 1 request from a law enforcement agency in the Czech Republic and we did not disclose any data.
- Avast SecureLine VPN product: We received 28 requests from law enforcement agencies from the following countries: Czech Republic (19 requests), France (3 requests), Italy (1 request), Germany (1 request), Poland (1 request), Sweden (1 request), The Netherlands (1 request), and the United States (1 request). For 27 of the requests, no data was disclosed. In 1 instance from the Czech Republic we did confirm an email address associated with an IP address for a criminal investigation.
- HideMyAss! (HMA!) VPN product: We have had 102 requests from law enforcement agencies. The countries that requested data for criminal investigations were United Kingdom (71 requests), United States (13 requests), Spain (4 requests), Germany (3 requests), Austria (1 request), Chile (1 request), Czech Republic (1 request), Estonia (1 request), France (1 request), Hungary (1 request), India (1 request), Italy (1 request), Norway (1 request), and Portugal (1 request). From these requests, we disclosed data 39 times in the United Kingdom and 1 time in the United States. The data we disclosed in these instances were root IP addresses, email addresses and billing information.