Proton VPN’s no-logs claim has passed another test. Following an independent review by European security company Securitum, it was confirmed that the service does not log user activity or session data, and this applies to both free and paid accounts.
The finding is the company’s fourth external audit of privacy and security controls, a position that has long differentiated it in a crowded market for virtual private networks. For users on the free tier, the conclusion is particularly important: auditors did not find any indication of logging or deep packet inspection throughout Proton VPN’s architecture.
What the Independent Audit Found at Proton VPN
An on-site evaluation at the provider’s Zürich headquarters included examination of production servers, settings, and operating procedures. The team searched in particular for out-of-band persistence, memory artifacts, or storage traces that might piece together what users had done (“and not just that they used”) online. None were found.
Proton VPN does not record traffic destinations, or IP addresses that are in use, nor does it employ session-logging tools, the report says. Server settings were the same in all regions and subscription levels, suggesting the same no-logs attitude was applied universally.
It also confirmed that Proton VPN does not monitor its users through deep packet inspection or content logging.
One technical exception: free servers are not allowed to send or receive BitTorrent traffic. This control helps combat network abuse and should not be confused with logging capability.
What This Means for Free Proton VPN Users
Free VPNs often include compromises that serve to undermine privacy, from tracking and invasive data collection to an outright lack of encryption. A groundbreaking analysis by Australia’s CSIRO discovered that large numbers of free Android VPNs contain malware and tracking libraries — including ones capable of monitoring data traffic or even hijacking end-user devices. Those patterns are why verifying independently makes a difference.
Proton VPN’s approach is the opposite: it’s funded by customers, not adtech. Securitum’s results indicate that no additional privacy risks are introduced to non-paying users’ sessions, except for the fact that the P2P options are disabled on all free servers. For anyone priced out of subscriptions, that makes the free plan an uncommon option that doesn’t exchange privacy for price.
How Proton VPN Protects Your Privacy and Security
The audit points to a system designed with a minimum of data exposure. Production servers are secured with predictable builds, and all storage is encrypted. Operational telemetry is limited to non-identifying metrics necessary for keeping the lights on and capacity up — think aggregate load and service health rather than who connected or did what.
Proton releases open-source apps for public review and community testing. With headquarters in Switzerland, where privacy protections favor a no-logs policy and there are no mandatory retention laws, the company can operate on that legal basis. For users who require further protection from network surveillance, an option is multi-hop “Secure Core” routing via privacy-friendly jurisdictions.
Context Around the VPN Industry and Audit Practices
No-logs claims have joined the marketing mainstream, but not all of them live up to independent checks. Digital Lab at Consumer Reports has also stressed the need for auditability, clear data-handling disclosures, and lean data-collection policies. Some of the top VPNs now undergo regular auditing by consulting firms like PwC, Deloitte, and KPMG, and publish transparency reports that outline the number of government requests received and their responses.
Securitum’s roster of clients includes privacy-focused brands like DuckDuckGo. Securitum can put experienced eyes on Proton VPN’s review schedule. Regular scope-wide audits matter because VPNs, which are no different from any other online service, evolve rapidly as both software and infrastructure change. An average score is best if it also stands the test of time, from region to version.
Bottom Line: What Proton VPN’s Audit Means Today
The most recent audit resulted in the conclusion that Proton VPN doesn’t log anything that can be traced back to a user, nor does it conduct traffic analysis throughout its network. Notably, such promises extend to the free version of the clients as well as paid levels.
In a space where “no-logs” can be a slogan, and not indicative of what’s actually going on under the hood, independent verification is the difference between trust and hope. At least for now, Proton VPN’s combination of open-source clients, a “stop us if you’ve heard this one before” amount of transparency and auditability in servers, along with limiting data collection, means its promise is more than just words on a page.