PureVPN
Safe Zone

You deserve to know how your data is being handled.

Here in the Safe Zone, you’ll learn how we secure PureVPN to meet your internet security needs.

Trust_center_hero_1
defending_infastructure_1

Security

How do we protect
PureVPN?

Your data security is our #1 priority.

In this section, you’ll discover what we do to
protect our internal structure, and how we test
PureVPN to keep your data secure.

  • 1. We control access to our servers

    We check each attempt to login to the PureVPN system – hardware and software. Every IP address that can access our servers must be on our pre-approved list.

    Our server access is managed and reviewed in a central place. Once an access request is safe, server access is only granted with a time limit and a one-time password (OTP).

    The place where we store PureVPN’s source code is also protected by a Multi-Factor Authentication (MFA) process.

  • 2. We build strict security features directly into PureVPN

    Before we launch updates, fixes, or improvements for PureVPN; multiple teams sign off on the code before the final stage. We also integrated a secure scanning tool that tells us if we missed something or made a mistake.

    Then, we bring in a qualified outside team to test our security and validate our code.

    We want to make sure there is no leakage from the PureVPN tunnel. That’s part of what keeps our customers safe and private.

    That’s why we developed open-source tools to test for any leakages. You can download or use these tools at any time on our website:


    Inside the PureVPN system are firewall rules, memory protection, specific user roles, and so many more restrictions that make sure our system runs like it’s supposed to.

  • 3. We scan PureVPN for potential leaks

    Every week, we give PureVPN a complete scan for any threats.

    We also have an internal system that tells us if any vulnerabilities appear outside of those routine scans.

    Our PureVPN security team members are all notified if something goes wrong. This makes sure potential problems are solved in the fastest possible time frame.

    We randomly schedule policy compliance scans to make sure we are doing everything we can to stay completely secure.

  • 4. Our network is constantly monitored and defended

    Inside our structure and digital assets, we’ve housed a prevention system that is always on.

    Should there be any malicious events, this system detects them and removes them.

    We also route every visit to PureVPN through a firewall to prevent attacks like DDoS.

  • 5. We try to break PureVPN – we’ve invited other people to try too

    At PureVPN, we encourage our developers and engineers to try their absolute best to get through our security systems.

    After that, we bring in other companies and ask them to try getting through.

    We do this to make sure that even the people who code our software have a hard time trying to break through it.

  • 6. We limit how PureVPN internal tech interacts with people – and any other tech

    When we release new updates, apps, or internal technology; it’s done by a machine with special access.

    This is because we enforce a strict baseline for our security procedures at PureVPN, based on the best of international standards.

    All of our firewalls reject traffic unless we instruct them to do otherwise, through a series of authorizations.

    We use dedicated workstations to complete certain tasks, making sure they only have access to do those specific things.

    Monitoring software also makes sure we stay compliant with our security rules, and maintain the integrity of any important PureVPN files.

    PureVPN exists in many different places. For example: if someone is logged onto this website, they cannot access our internal databases.

    We carefully craft interaction between all of our API gateways, so only the required information goes where it needs to.

  • 7. We prevent data from being exported out of PureVPN

    We encrypt and prevent the export of any consumer data from PureVPN.

    At each end of our software, we place security controls to limit and stop the spread of malware. We even go so far as to block access to websites that have malicious code embedded in them.

    An automated software patches PureVPN systems with updates and encryption. We also use software that monitors the hosts of our systems and keeps us updated on their status, or unusual events.

  • 8. All of us within PureVPN are trained in cybersecurity measures

    From the moment employees or contractors sign on, we are part of the PureVPN security awareness program.

    We make sure everyone understands how to do their part in keeping PureVPN secure.

    Each person on our global, international team only has relevant security clearance.

    All of our vendors and partners are also double-checked for third-party security compliance.

  • 9. We make sure every login to PureVPN goes to the right place

    No one can access PureVPN without permission.

    We’ve built strict controls into powerful technology to ensure that we contain specific activities to the right place.

    Anyone who logs on to PureVPN servers or the internal system is on a time limit.

    This gives us the confidence to offer you the world’s best in cybersecurity through PureVPN.

online_privacy_1

Privacy

Is my data really private
on PureVPN?

Yes – and in this section we’ll breakdown the four main factors that allow PureVPN to keep your data safe from leaks.

  • 1. We do not log data that can identify you

    Outside contractors from KPMG certified us as a “no-log” VPN Service Provider.

    They randomly check in with us to make sure we are not logging any VPN data from our customers.

    What does “no-log” mean for you?

    It means we do not store any of the data you make when you use PureVPN.
    We can’t see what you do online or link back to you at all.
    To find out more about how KPMG evaluates PureVPN, you can read this article:
    PureVPN Excels KPMG’s Always-On Audit Setting an Industry Benchmark

    When you get customer support, our Customer Success Agents can only access your account by using a pre-approved IP address, and verifying their identity through Multi-Factor Authentication (MFA).
    We use a third-party payments provider to process your subscription to PureVPN, so we can’t see any of your credit card details or payment information.

  • 2. PureVPN lives in a country that doesn’t require data storage

    In 2021, we moved the legal jurisdiction of PureVPN to the British Virgin Islands.

    Because of this, we are not legally required to store any kind of data.

    To find out more about why we moved our headquarters, you can read this article:

    PureVPN Moves From Hong Kong To British Virgin Islands

  • 3. We still have rules to follow – with consequences for breaking them

    The GDPR (General Data Protection Regulation) is a set of rules that require all businesses to protect the personal data of the people who use their online services and resources.

    We are required by law to follow these rules, which include asking your consent to share any of your PureVPN customer data with third parties.

    If we don’t, we could get into serious trouble.
    These rules began in 2018, and we have made sure that PureVPN follows them since they came into effect.

    To learn more about our privacy policy, you can see it here: Pure VPN Privacy Policy

  • 4. We have quantum computers to generate powerful encryption keys

    These keys are called “Quantum-Resistant Encryption Keys”.

    They protect you while you’re using PureVPN because they help prevent cyber threats, like someone getting your password through a Brute Force attack.

    Right now this extra (not necessary, but future-thinking) layer of PureVPN protection is only available for you if you are in one of these areas:

    • Australia
    • Canada
    • Netherlands
    • UK
    • USA


    We are working on getting this feature to you, no matter where you use PureVPN.

transparency

Here’s how we handle the tough stuff

We are building a safer, more equitable internet for us all.
That means being honest with you about how we navigate the hard things; like emergencies or intellectual property.

To get all of our transparency reports, just click the “See all reports” button below.

warrant_canary_1

law enforcement

Can law enforcement request my data?

Yes, law enforcement agencies can request anyone’s data.

However, we do not store any data that can directly identify you.

Since October 1, 2022:

  • 1. We have not received any court orders.
  • 2. We have not received any subpoenas
  • 3. We have not received any emergency disclosure reports

You can check this page every month to see if we have received any requests from law enforcement.

Accountability

Who keeps PureVPN accountable?

We always have someone from outside of PureVPN watching how we conduct ourselves.

Doing this protects the integrity of PureVPN so we can keep providing you a uniquly safe and private VPN experience.


account_image_1

We are a mmber of
I2C’s VPN Trust
initiative Coalition

We joined the VPN Trust Initiative (VTI) to better understand how to create a safer Internet for everyone.

The VTI is a group of VPN leaders focused on improving digital safety for everyone.

It works by building understanding, and strengthening trust with people who use VPNs.

account_image_2

We are the first VPN to
be certified “no-log” by
KPMG

We set an industry standard by allowing KPMG to perform a surprise audit of PureVPN servers at any time.

They check that we are complying with the privacy promises we make to you.

For more information about what “no-log” means, you can visit this article:

PureVPN Excels KPMG’s Always-On Audit Setting an Industry Benchmark

trustpilot

Find out what real people
say about PureVPN

Try PureVPN risk-free for 31 days

If you don’t love PureVPN, let us know within your first 31 days.
We’ll send you a full refund.