Surfshark aces its first no-logs audit

surfshark vpn
(Image credit: Surfshark)

Retaining users' trust is the first element when it comes to privacy. The best VPN providers, those responsible for building the software meant to protect anonymity online, know this very well.

So, just weeks after NordVPN passed its third no-logs audit, another VPN service called an external cybersecurity company to verify it actually treats subscribers' data as it claims. 

As its most recent initiative to promote transparency, our favorite cheap VPN app Surfshark has just aced an independent no-logs audit.   

After a thorough inspection of Surfshark's IT systems, industry-leading auditing firm Deloitte confirmed that the provider complies with the data-handling practices stated in its privacy policy.

While Surfshark's security infrastructure has already been verified in the past, this is the first time the provider has undergone such an audit on its privacy statement.   

Evidence of top privacy and quality standards

"Working in an industry that highly relies on trust and transparency, we understand that it takes more than just words to validate our efforts," commented Surfshark's VPN Product Owner Justas Pukys. 

"The positive result from Deloitte’s no-logs assurance report provides factual evidence to our users and future customers that Surfshark operates on the highest privacy and quality standards." 

A strict no-log policy is one of the most important features for a truly private VPN provider. It's the users' sole guarantee that no identifiable information is ever retained about their online activities.     

Subscribing to a trustworthy no-log VPN is vital to make sure that even if a hacker or government manages to seize the service, no sensitive data can be leaked. That's simply because such details won't exist in the first place.

Deloitte conducted its assurance procedures between November 21 and December 2 last year. 

To successfully verify Surfshark's privacy claims, the auditing experts closely reviewed Surfshark server's configuration and deployment process, while conducting interviews with responsible employees. 

They also checked whether or not the relevant IT systems are designed to match the company's privacy policy. These include both its standard VPN servers, static IP and MultiHop structure. 

More details about Deloitte's audit can be found here.

"Based on the procedures performed and the evidence obtained, in our opinion, the configuration of IT systems and management of the supporting IT operations is properly prepared, in all material respects, in accordance with Surfshark's description of its no-logs policy," concludes the report. 

Showing a continuous effort to transparency, Pukys from Surfshark said: "We will continue to perform various audits and tests to get independent verification of our security and privacy measures." 

Chiara Castro
Senior Staff Writer

Chiara is a multimedia journalist committed to covering stories to help promote the rights and denounce the abuses of the digital side of life—wherever cybersecurity, markets and politics tangle up. She mainly writes news, interviews and analysis on data privacy, online censorship, digital rights, cybercrime, and security software, with a special focus on VPNs, for TechRadar Pro, TechRadar and Tom’s Guide. Got a story, tip-off or something tech-interesting to say? Reach out to [email protected]