Third Deloitte Audit Highlights PIA’s Transparency Commitment
For more than a decade, we’ve treated privacy as something that should be proven, not declared. That’s why PIA continues to invite outside experts to examine how our systems are built and how they perform.
This year, Deloitte Audit Romania completed its third independent review of our VPN infrastructure under the International Standard on Assurance Engagements (ISAE) 3000 (Revised). The assessment focused on how our configurations, management systems, and dedicated IP technology align with our long-standing no-logs policy.
Building Systems that Protect
Our network is designed around the simple idea of collecting nothing that could compromise privacy. Deloitte’s review evaluated how that philosophy is implemented across our VPN configuration, operational processes, and token-based dedicated IP system, which separates account details from IP addresses. It also examined our management and incident-response practices to assess how the service behaves under real-world conditions.
Like the previous audits completed in 2022 and 2024, this engagement followed the ISAE 3000 (Revised) standard, the global framework for independent assurance. The full report is available for download, providing an inside view of what was reviewed and how the evaluation was conducted.
What Transparency Means to Us
Audits are a regular part of how we test and strengthen our systems. They allow external experts to examine whether our infrastructure operates according to our privacy commitments and engineering standards.
Privacy should be measurable. That’s why our systems run entirely on RAM-only servers that wipe data on reboot. It’s why our apps are open source, letting anyone inspect how connections and encryption are implemented. It’s also why we publish regular Transparency Reports and maintain a public vulnerability-disclosure program.
Together, these steps make it possible for users, researchers, and auditors to see how our network behaves, not just how we say it should. We aim to consistently ensure that privacy holds up under independent review, year after year.
This third audit marks another checkpoint in that process. It reflects the same principle that shaped PIA from the beginning—trust should be earned through proof, not marketing claims. As standards evolve and the state of privacy changes, our focus remains on building systems that can stand up to scrutiny and keep doing what they were built to do.
You can download the full report here.
