Surfshark aces its first no-logs audit

surfshark vpn
(Image credit: Surfshark)

Retaining users' trust is the first element when it comes to privacy. The best VPN providers, those responsible for building the software meant to protect anonymity online, know this very well.

So, just weeks after NordVPN passed its third no-logs audit, another VPN service called an external cybersecurity company to verify it actually treats subscribers' data as it claims. 

As its most recent initiative to promote transparency, our favorite cheap VPN app Surfshark has just aced an independent no-logs audit.   

After a thorough inspection of Surfshark's IT systems, industry-leading auditing firm Deloitte confirmed that the provider complies with the data-handling practices stated in its privacy policy (opens in new tab).

While Surfshark's security infrastructure has already been verified in the past, this is the first time the provider has undergone such an audit on its privacy statement.   

See more

Evidence of top privacy and quality standards

"Working in an industry that highly relies on trust and transparency, we understand that it takes more than just words to validate our efforts," commented Surfshark's VPN Product Owner Justas Pukys. 

"The positive result from Deloitte’s no-logs assurance report provides factual evidence to our users and future customers that Surfshark operates on the highest privacy and quality standards." 

A strict no-log policy is one of the most important features for a truly private VPN provider. It's the users' sole guarantee that no identifiable information is ever retained about their online activities.     

Subscribing to a trustworthy no-log VPN is vital to make sure that even if a hacker or government manages to seize the service, no sensitive data can be leaked. That's simply because such details won't exist in the first place.

Deloitte conducted its assurance procedures between November 21 and December 2 last year. 

To successfully verify Surfshark's privacy claims, the auditing experts closely reviewed Surfshark server's configuration and deployment process, while conducting interviews with responsible employees. 

They also checked whether or not the relevant IT systems are designed to match the company's privacy policy. These include both its standard VPN servers, static IP and MultiHop structure. 

More details about Deloitte's audit can be found here (opens in new tab).

"Based on the procedures performed and the evidence obtained, in our opinion, the configuration of IT systems and management of the supporting IT operations is properly prepared, in all material respects, in accordance with Surfshark's description of its no-logs policy," concludes the report. 

Showing a continuous effort to transparency, Pukys from Surfshark said: "We will continue to perform various audits and tests to get independent verification of our security and privacy measures." 

Chiara Castro
Staff Writer

Chiara is a multimedia journalist, with a special eye for latest trends and issues in cybersecurity. She is a Staff Writer at Future with a focus on VPNs. She mainly writes news and features about data privacy, online censorship and digital rights for TechRadar, Tom's Guide and T3. With a passion for digital storytelling in all its forms, she also loves photography, video making and podcasting. Originally from Milan in Italy, she has been based in Bristol, UK, since 2018.