6 things to look out for in your VPN's terms and conditions

An Accept button agreeing to Terms and Conditions
(Image credit: Shutterstock)

It's almost automatic: you're signing up with a VPN, the 'Check to confirm you agree with the Terms and Conditions' message pops up and, within a nano-second, you've clicked the box. Because getting on with your day is far more appealing than scrolling through 5,000 words of confusing legal jargon.

You're not alone. We regularly do it, too. But it could be a mistake. A VPN's terms and conditions contain all kinds of handy information on who can use the service, refund rules, payment and billing terms, important details that you might not find anywhere else.

You don't have to read every word of the terms, either. Look out for the key items we'll explain in a moment, and you can skim over everything else. Just 60 seconds scrolling down the page and browsing a few words could help you avoid the worst VPNs, and identify the very best.

Then it's your chance to move on to the VPN privacy policy...

1. What are you buying exactly?

The first reason you really, really, really need to scan your VPN's terms page, is it's probably the only page on the website which fully explains what you're getting for your money.

We're talking about the precise details. Is this a personal-use service only, or can you use it for business? How many devices can you connect simultaneously? Do they have to be all yours, or can you share logins with family members? Are there any odd device restrictions? (Astrill VPN says you can only install the service on a single router, for instance.)

This might not matter very much if you're just after an iPhone VPN, say, and you'll never use it anywhere else. But if your needs are a little complicated, check what you're getting before you buy.

A world map

(Image credit: Shutterstock)

2. Where is the provider based?

Some VPN providers give you no idea who's behind them, or where they're based. Are they in the US, China, Russia...? The main site may offer no clues at all.

The TS&Cs are often more helpful. Look first for any information on a company behind the provider. For example, NordVPN's terms mention: "nordvpn s.a., a company incorporated in Panama."

As a provider's terms are designed to hold up in law, many providers also tell you which country's law they're following. ExpressVPN's 'Choice of Law' section is typical: "This Agreement shall be governed by and construed in accordance with the laws of the British Virgin Islands."

3. What's the refund policy?

Some services boast about their generous refund policy and VPN free trial, while others don't mention it all. Whatever your provider says on the main website, it pays to check the Ts&Cs to get the real details.

What you're looking for is a clear explanation of the rules. ExpressVPN's policy is a great example, telling you everything you need to know in a single sentence: "You may cancel your account for any reason within 30 days of your initial purchase and you will receive a full refund of the amount you paid."

TunnelBear's offering isn't such good news: "All amounts paid are non-refundable." But it's very clear, which is what we're after. Open and honest.

Beware of policies where it's left up to the provider whether you get a refund, or not. So look for phrases like 'at our sole discretion'. And be aware of specific restrictions, such as saying you won't get a refund if you've connected more than a set number of times, or used more than a certain amount of traffic.

And if you read the refund policy and can't tell whether it's fair, here's a hint: it's probably not. As you can see above, the best providers tell you everything you need in very few words. If your VPN's policy is so complicated you can't understand it immediately, that's a very bad sign all by itself.

The Ivacy Terms of Usage page with a highlighted clause

(Image credit: Ivacy)

4. Are there any unusual restrictions on use?

Scroll quickly down any VPN terms page and stop when you see a bullet point list. Chances are it's a list of 'prohibited services' - everything the provider says you really mustn’t do while connected to the service.

Most of these are just as you'd expect. 'Don't send spam', 'don't hack other systems', 'don't distribute child pornography', or sometimes a catch-all 'don't use the Service for anything other than lawful purposes'. Works for us.

But others catch activities you might think were legitimate. NordVPN uses automated tools to identify web scraping and might 'limit your access' if it's suspicious, for instance. KeepSolid VPN prevents you from using the service in a way 'where it could be used by multiple devices at the same time'; so no turning your laptop into a wireless hotspot, then. And Ivacy says you're banned from 'violating moral norms, fair conduct norms and good customs', which could catch all kinds of websites and online activities.

Sure, many of these rules have probably ever been enforced. As almost all VPNs say they don't monitor what you're doing online, complaining that a user 'violated moral norms' would destroy a provider's reputation, perhaps forever. Still, if you're planning something more specific, such as using a VPN for web scraping, it's useful to check out a provider's policy before you buy.

5. What are the renewal terms?

Sign up for most VPNs and your plan will be set to renew automatically. That shouldn't be a surprise - it's usually made very clear during the purchase process - but it's still worth looking at small print, to understand the precise details.

Look for exactly when you're billed again. Ideally the terms will explain this happens at the end of your subscription, with a phrase like 'at the completion of the billing term'. But we've seen a few companies say they renew a day or two earlier, throwing in some excuse about how it avoids any break in service - though really it just catches out people who think they can leave cancelling at the very last minute. Either way, it's important you know when know your money will be taken.

Check how you're able to cancel, too. Normally you can just choose a box in your web account dashboard. But look out for providers who make this more difficult, ask you to fill in a special form or send an email. You want to know you can cancel immediately, not wait who-knows-how-long for the provider to do that for you.

If you've had a refund from this provider before, look to see if you're able to get one again. Hide.me only refunds any individual once, ever; NordVPN allows two; Private Internet Access has no set limit, although there's has to be at least 90 days since your last refund request.

A Hotspot Shield icon on a mobile

(Image credit: Shutterstock)

6. What else do you really need to know?

Our last tip is just to scan down a VPN's terms and conditions, and stop to take a look at anything which catches your eye. We've found all kinds of interesting snippets in our reviews.

There might be important privacy details, such as the provider's no-logs policy, for instance. They're usually in the official Privacy Policy, but some VPNs have more details in the terms, too.

If you see a term similar to 'fair usage policy', stop to check the details. In theory this should explain when the provider will say you're using the service 'too much' - if the VPN advertises it supports unlimited connections, for instance, what does that really mean? In practice, fair usage policies are usually so vague that they don't help at all, but it's still a smart idea to check.

Finally, don't assume service terms only matter for paid VPNs. They can be even more important for free VPNs, because there's a good chance they'll be taking steps to finance the service.

Hotspot Shield's privacy policy has a relatively innocent example, saying if you're using the free service, it 'may deliver third party Advertisements to overlay a page or as an interstitial' (something displayed before or after your requested content). Is your preferred free service doing anything more? Maybe it's time to check.

Mike Williams
Lead security reviewer

Mike is a lead security reviewer at Future, where he stress-tests VPNs, antivirus and more to find out which services are sure to keep you safe, and which are best avoided. Mike began his career as a lead software developer in the engineering world, where his creations were used by big-name companies from Rolls Royce to British Nuclear Fuels and British Aerospace. The early PC viruses caught Mike's attention, and he developed an interest in analyzing malware, and learning the low-level technical details of how Windows and network security work under the hood.