We strive to make sure that your privacy is protected at all times, and engineer our service and infrastructure around that primary goal. We do not store anything you do online or any identifiable information, so much so that you don't even need an email address to sign up and use Windscribe.
The few bits of data that we do collect are used only internally and are not a threat to privacy or anonymity. Things like the amount of traffic used in the last month can't be used to compromise your security. You can find a detailed article on what we record/do-not-record here: https://blog.windscribe.com/windscribe-logging-explained-in-detail-387ad63f646
To address the matter of encryption, our network supports perfect forward secrecy. In our desktop applications we use AES-256 cipher with SHA512 auth and a 4096-bit RSA key, and our browser extension uses TLS 1.2, ECDHE_RSA with P-256 key exchange and AES_128_GCM cipher. All of which essentially means that we use the strongest possible encryption for both use-cases.
You can also find data on Law Enforcement & DMCA data requests here: https://windscribe.com/transparency. At the end of the day, as the aforementioned blog post explains, we cannot share data we do not have.
We also have multiple third party audits planned for 2022 to ensure that we stand behind what we say.