How do we protect
Your data security is our #1 priority.
In this section, you’ll discover what we do to
protect our internal structure, and how we test
PureVPN to keep your data secure.
1. We control access to our servers
We check each attempt to login to the PureVPN system – hardware and software. Every IP address that can access our servers must be on our pre-approved list.
Our server access is managed and reviewed in a central place. Once an access request is safe, server access is only granted with a time limit and a one-time password (OTP).
The place where we store PureVPN’s source code is also protected by a Multi-Factor Authentication (MFA) process.
2. We build strict security features directly into PureVPN
Before we launch updates, fixes, or improvements for PureVPN; multiple teams sign off on the code before the final stage. We also integrated a secure scanning tool that tells us if we missed something or made a mistake.
Then, we bring in a qualified outside team to test our security and validate our code.
We want to make sure there is no leakage from the PureVPN tunnel. That’s part of what keeps our customers safe and private.
That’s why we developed open-source tools to test for any leakages. You can download or use these tools at any time on our website:
Inside the PureVPN system are firewall rules, memory protection, specific user roles, and so many more restrictions that make sure our system runs like it’s supposed to.
3. We scan PureVPN for potential leaks
Every week, we give PureVPN a complete scan for any threats.
We also have an internal system that tells us if any vulnerabilities appear outside of those routine scans.
Our PureVPN security team members are all notified if something goes wrong. This makes sure potential problems are solved in the fastest possible time frame.
We randomly schedule policy compliance scans to make sure we are doing everything we can to stay completely secure.
4. Our network is constantly monitored and defended
Inside our structure and digital assets, we’ve housed a prevention system that is always on.
Should there be any malicious events, this system detects them and removes them.
We also route every visit to PureVPN through a firewall to prevent attacks like DDoS.
5. We try to break PureVPN – we’ve invited other people to try too
At PureVPN, we encourage our developers and engineers to try their absolute best to get through our security systems.
After that, we bring in other companies and ask them to try getting through.
We do this to make sure that even the people who code our software have a hard time trying to break through it.
6. We limit how PureVPN internal tech interacts with people – and any other tech
When we release new updates, apps, or internal technology; it’s done by a machine with special access.
This is because we enforce a strict baseline for our security procedures at PureVPN, based on the best of international standards.
All of our firewalls reject traffic unless we instruct them to do otherwise, through a series of authorizations.
We use dedicated workstations to complete certain tasks, making sure they only have access to do those specific things.
Monitoring software also makes sure we stay compliant with our security rules, and maintain the integrity of any important PureVPN files.
PureVPN exists in many different places. For example: if someone is logged onto this website, they cannot access our internal databases.
We carefully craft interaction between all of our API gateways, so only the required information goes where it needs to.
7. We prevent data from being exported out of PureVPN
We encrypt and prevent the export of any consumer data from PureVPN.
At each end of our software, we place security controls to limit and stop the spread of malware. We even go so far as to block access to websites that have malicious code embedded in them.
An automated software patches PureVPN systems with updates and encryption. We also use software that monitors the hosts of our systems and keeps us updated on their status, or unusual events.
8. All of us within PureVPN are trained in cybersecurity measures
From the moment employees or contractors sign on, we are part of the PureVPN security awareness program.
We make sure everyone understands how to do their part in keeping PureVPN secure.
Each person on our global, international team only has relevant security clearance.
All of our vendors and partners are also double-checked for third-party security compliance.
9. We make sure every login to PureVPN goes to the right place
No one can access PureVPN without permission.
We’ve built strict controls into powerful technology to ensure that we contain specific activities to the right place.
Anyone who logs on to PureVPN servers or the internal system is on a time limit.
This gives us the confidence to offer you the world’s best in cybersecurity through PureVPN.
1. We do not log data that can identify you
Outside contractors from KPMG certified us as a “no-log” VPN Service Provider.
They randomly check in with us to make sure we are not logging any VPN data from our customers.
What does “no-log” mean for you?
It means we do not store any of the data you make when you use PureVPN.
We can’t see what you do online or link back to you at all.
To find out more about how KPMG evaluates PureVPN, you can read this article:
PureVPN Excels KPMG’s Always-On Audit Setting an Industry Benchmark
When you get customer support, our Customer Success Agents can only access your account by using a pre-approved IP address, and verifying their identity through Multi-Factor Authentication (MFA).
We use a third-party payments provider to process your subscription to PureVPN, so we can’t see any of your credit card details or payment information.
2. PureVPN lives in a country that doesn’t require data storage
In 2021, we moved the legal jurisdiction of PureVPN to the British Virgin Islands.
Because of this, we are not legally required to store any kind of data.
To find out more about why we moved our headquarters, you can read this article:
3. We still have rules to follow – with consequences for breaking them
The GDPR (General Data Protection Regulation) is a set of rules that require all businesses to protect the personal data of the people who use their online services and resources.
We are required by law to follow these rules, which include asking your consent to share any of your PureVPN customer data with third parties.
If we don’t, we could get into serious trouble.
These rules began in 2018, and we have made sure that PureVPN follows them since they came into effect.
4. We have quantum computers to generate powerful encryption keys
These keys are called “Quantum-Resistant Encryption Keys”.
They protect you while you’re using PureVPN because they help prevent cyber threats, like someone getting your password through a Brute Force attack.
Right now this extra (not necessary, but future-thinking) layer of PureVPN protection is only available for you if you are in one of these areas:
We are working on getting this feature to you, no matter where you use PureVPN.
Here’s how we handle the tough stuff
We are building a safer, more equitable internet for us all.
That means being honest with you about how we navigate the hard things; like emergencies or intellectual property.
To get all of our transparency reports, just click the “See all reports” button below.
Can law enforcement request my data?
Yes, law enforcement agencies can request anyone’s data.
However, we do not store any data that can directly identify you.
Since October 1, 2022:
- 1. We have not received any court orders.
- 2. We have not received any subpoenas
- 3. We have not received any emergency disclosure reports
You can check this page every month to see if we have received any requests from law enforcement.
Who keeps PureVPN accountable?
We always have someone from outside of PureVPN watching how we conduct ourselves.
Doing this protects the integrity of PureVPN so we can keep providing you a uniquly safe and private VPN experience.
We are a mmber of
I2C’s VPN Trust
We joined the VPN Trust Initiative (VTI) to better understand how to create a safer Internet for everyone.
The VTI is a group of VPN leaders focused on improving digital safety for everyone.
It works by building understanding, and strengthening trust with people who use VPNs.
We are the first VPN to
be certified “no-log” by
We set an industry standard by allowing KPMG to perform a surprise audit of PureVPN servers at any time.
They check that we are complying with the privacy promises we make to you.
For more information about what “no-log” means, you can visit this article:
PureVPN Excels KPMG’s Always-On Audit Setting an Industry Benchmark
Find out what real people
say about PureVPN
Try PureVPN risk-free for 31 days
If you don’t love PureVPN, let us know within your first 31 days.
We’ll send you a full refund.