AVG has found a new way to capitalize on the “non-identifying” data it collects from users. The company recently updated its privacy policy to reveal that it will be selling some user data from its free offerings as a way to make money and keep its apps free. The company will collect users’ browser history, including a list of searches made using the browser, as a way to fund its apps.

The company’s updated privacy policy reveals that it collects browsing and search history, including metadata, from users who install its free security apps. It also aggregates advertising IDs associated with individual devices and keeps tabs on users’ ISPs and mobile network usage along with information on other applications on user devices and how they are being used.

The company added that it may anonymize and aggregate data that might otherwise be considered personally identifying. This could include information on users’ precise locations, which might be considered personal if stored on its own. But combined with the locations of other users it could provide valuable information on the number of users located in a specific region and would not be considered “personally identifiable.”

"Those users who do not want us to use non-personal data in this way will be able to turn it off, without any decrease in the functionality our apps will provide,” an AVG spokesperson told Wired magazine. “While AVG has not utilized data models to date, we may, in the future, provided that it is anonymous, non-personal data, and we are confident that our users have sufficient information and control to make an informed choice."

AVG added that its data collection usage and practices haven’t actually changed, only the wording in its privacy policy. That may come as a bit of a shock to many users of the company’s free security apps, since AVG previously indicated it could collect data for “the words you search” and nothing more. Previous privacy policies did not indicate the company was collecting data from users’ browser histories, nor was there a mention of selling that data to other parties.