PIA Concludes Second Security Audit

Posted on Apr 25, 2024 by Adina Matei

In yet another milestone here at Private Internet Access, we’re happy to announce that we
invited Deloitte Audit Romania to review our VPN server network and management systems and
to examine how we maintain a zero-log VPN service.

We’re honored to have undergone another review that examines the degree to which our
configurations are in line with our no-logs policy. We’re happy with the review’s results, and we
invite you to have a look from your PIA account.

PIA’s Infrastructure Reviewed a Second Time

Auditors inspected our server network and reviewed our network and incident management
systems, in order to confirm that our server configurations align with our internal privacy
policies. They verified that our configurations are not designed to identify a particular user and
cannot be exploited to pinpoint specific online activity.

It’s how we envisioned and designed our VPN service. We’re committed to digital freedom and
data protection.

In addition, auditors reviewed our dedicated IP token-based system. It’s a system we developed
with privacy at its core to ensure dedicated IP can’t be traced back to subscriptions.

The audit has been conducted in accordance with the International Standard on Assurance
Engagements 3000 (Revised) applicable to Assurance Engagements Other Than Audits or
Reviews of Historical Financial Information (ISAE 3000 (Revised)) established by the
International Auditing and Assurance Standards Board (“IAASB”) and should be read in full.

The full report is available in your PIA account. We hope you share our delight with the outcome
of this audit. PIA previously underwent an independent audit with Deloitte in June 2022, and we
will explore the opportunity for future security audits.

Your Privacy Is Our Policy

We don’t keep track of your online activity, or of which IP address gets assigned to which
account. We run our service on a volatile RAM-only environment, which ensures data is regularly wiped from our servers with every reboot. We confirmed time and again that we don’t
have any user data in our system, and were even proven twice in court.

We even disabled our error and debugging logs to ensure we don’t store metadata. Despite
drawbacks when it comes to troubleshooting issues, we never compromised on this. We take
data security seriously, and we make sure no one can pinpoint your online activity.

We’re committed to regular third-party audits, as we want to make sure our service adheres to
the highest security standards.

PIA Is a VPN You Can Trust

Online privacy is intrinsically tied to trust. It’s why PIA operates with complete transparency at
the heart of our service. You deserve to know what we’re doing to safeguard your online traffic
from digital snoopers.

We’re one of the few VPN providers that made our apps open-source. Anyone can inspect
and verify our code. That said, we’re aware not everyone has the technical know-how to look
over our source code. It’s why we believe independent audits are a great addition to our
transparency efforts. We want all our users to access a professional and unbiased report on
our security standards.

We don’t store any data about you. We abide by our no-logs policy, and we always strive to
be transparent in everything we do to secure data and enhance online anonymity.

Bolstered by our Bug Bounty program, we will continue to perform regular audits which put our
service to the test. You need a VPN service you can trust. You need a VPN download that
ensures your data is safe in the age of digital surveillance.

But our work doesn’t stop here. We’ll continue building up our service to withstand looming
threats to digital privacy and ensure we offer the highest level of security you’ve come to expect
with PIA.