Credit: The original article is published here.
- Surfshark has had its no-logs policy verified by Deloitte for the second time
- The independent verification, from a Big Four auditing firm, corroborates Surfshark’s no-logging claims
- Existing Surfshark subscribers can access the full report via their Surfshark accounts
Surfshark has reaffirmed its commitment to privacy and transparency with the release of its second no-logs assurance report on June 16, 2025.
Already rated as one of the best VPNs by TechRadar, this is the second time Surfshark has worked with Deloitte to verify its commitment to user privacy by auditing its no-logs policy.
Why Surfshark’s no-logs policy verification matters
Surfshark invited Deloitte to audit its no-logs statement for the first time back in 2023, illustrating the seriousness with which it takes user privacy.
However, a second no-logs assurance report in 2025 “demonstrates Surfshark’s proactive approach to privacy,” said Donatas Budvytis, Surfshark’s Chief Technology Officer.
It’s a welcome update in an industry where plenty of VPN providers have yet to prove their own no-logs claims. Some VPNs, particularly free VPN services, do keep logs. In some cases, these can contain personally identifying information, putting user data and privacy at risk.
Only recently, TechRadar’s Chiara Castro reported that some 17 free VPN apps found in Google and Apple app stores have ties with China. VPNs operating in China are subject to strict data retention laws and may be forced to share data with the Chinese government upon request.
Surfshark’s decision to have Deloitte, one of the Big Four auditing firms, take a second look at its no-logs policy provides substantial credibility and, as Budvytis explains, “a big confirmation of privacy and transparency to our current and future users.”
It also proves Surfshark’s claims that it doesn’t monitor user activity or keep logs of their activities. That this is a second independent verification shows that this is an ongoing commitment on the part of Surfshark, and not simply a one-off.
Here’s what Deloitte was looking at
Deloitte’s independent audit provides assurance that Surfshark’s no-logs policy has been properly implemented.
As part of its evaluation, Deloitte examined internal systems and processes, conducted interviews with Surfshark staff, and reviewed supporting evidence.
Deloitte looked at Surfshark’s standard, static, and multiport servers while also analyzing how these servers are configured and deployed. Privacy settings and operational procedures were closely inspected to ensure they align with Surfshark’s privacy commitments.
Ultimately, Deloitte confirmed that the no-logs policy is consistently applied across all relevant Surfshark infrastructure.
If you’re already a Surfshark user, you can read the detailed report, ISAE 3000, which is accessible via your account.
Which VPN providers have had their no-logs policies independently audited?
Surfshark isn’t the only VPN provider to have subjected its no-logs policy to an independent audit.
NordVPN had its no-logs claims verified by PwC in 2018 and 2020 before having Deloitte conduct independent reviews in 2022, 2023, and 2025.
The VPN that has undergone more audits than most is ExpressVPN, having published 19 third-party audit reports to date.
