Proton VPN just announced that it successfully passed its 4th consecutive independent audit of its no-logs policy. Carried out by Securitum, the audit involved a physical inspection of Proton VPN’s live server infrastructure in Zürich, Switzerland, confirming that it does not collect its users’ data in-line with its privacy policy.

Securitum is one of Europe’s leading penetration testing companies, based out of Kraków, Poland. The company conducts over 300 security tests per year for companies around the world, and frequently calls out failed tests on its X account.

Proton VPN’s latest external assessment was performed by Securitum consultants Martin Matyja and Maciej Szymczak. Occurring from August 18 to August 20, 2025, it consisted of technical interviews, supervised access to randomly chosen live servers, and a thorough review of server setups, data-flow design, logging settings, and admin procedures.

Among its findings, auditors also verified that Proton VPN runs on bare-metal hardware solely owned and operated by Proton AG, with no third-party hosting.

Securitum’s full report has been made public, containing a highly detailed breakdown of its testing methodology and findings.

The key outcomes of the audit were:

  • Proton VPN does not track or lock user activity on its production servers.
  • Proton VPN does not log any user-attributable meta data.
  • Proton VPN does not perform Deep Packet Inspection (DPI) or log the contents
    of user network traffic.
  • Proton VPN does not log or monitor the specific services, websites, or servers that users connect to.
  • Proton VPN consistently applies its no-logs policy and privacy configuration across all its servers, regions, and subscription tiers.

In Securitum’s own wording, “The technical evidence reviewed showed no instances of user activity logging, connection metadata storage, or network traffic inspection that would contradict the No-Logs policy.”

Swiss-based Proton VPN now joins an exclusive club, including ExpressVPN, NordVPN, CyberGhost, and others, that have completed multiple independent audits over the span of years. ExpressVPN recently completed its 23rd privacy-related audit. Third-party audits remain an important way for users to ascertain the trustworthiness of VPNs, especially with the continued proliferation of malware-laced free VPN apps.