To log, or not to log: Rubica’s data retention policy

We’ve noticed a trend that many VPN providers say things like “we never keep logs of your traffic!” as a sales tactic. Here’s the catch: that doesn’t mean they have secured your data—or its privacy.  The full value of your VPN is not whether or not companies keep the logs, but how the information is stored, for how long, and for what purpose. So, yes, Rubica briefly collects your logs, and here’s why that makes you safer.

Data logging is used across monitoring systems when data must be collected faster than a human can—and where accuracy is essential. Many VPNs don’t log their data and purge it right away, but that means they also can’t do the same kind of comparative analysis and proactive threat hunting Rubica does. In their eyes, simply encrypting data as it passes through their VPN tunnel makes them secure.

Yes, Rubica temporarily keeping logs actually makes you more secure, yet still anonymous.

Here’s why:

Our Security Operations Center (SOC) uses temporary logs for search-and-destroy malware missions, builds them into our stronger VPN, then deletes them within 3 weeks so they can’t be requisitioned for subpoena (should that request ever arise).

This is what differentiates Rubica from other VPN companies, even the ones who say they offer a “secure VPN.” First, our VPN is both secure and private, but Rubica is a full-spectrum cybersecurity service of which our VPN is a only once piece.  Our protection comes with a secure VPN complete with military-grade encryption, security stack protection from known threats, and proactive threat hunting done by our SOC.  It’s part of why we see our SOC-as-a-Service.

With your data, Rubica:

  1. Protects you by filtering your internet connection to eliminate known-bad files, domains, IP addresses, and URLs.
  2. Cross-checks every one of your devices against attacks seen against any other Rubica client.
  3. Rewinds time to investigate how an infection or attack might have started.
  4. Destroys all traces of your history within three weeks.

Those logs are user-anonymous, so our SOC threat hunters never actually know the customer’s identity just as the customer service team doesn’t see the details of a customer’s traffic or malware analysis.

Rubica builds anonymity and privacy into not just our mission and policies, but our processes.  It’s why we do cybersecurity differently.