Surfshark VPN Receives Second Independent Privacy Audit from Deloitte
Big Four auditing firm confirms no-logging policy compliance across all server infrastructure
- Deloitte conducted comprehensive assessment of Surfshark’s systems and internal processes to verify no-logs claims.
- Audit covered standard, static, and multiport VPN servers along with configuration and deployment procedures.
- Independent verification confirms VPN provider does not monitor user activities or keep activity logs.
- Detailed ISAE 3000 report is now available to all Surfshark users through their account dashboard.
- Assessment represents ongoing commitment to privacy transparency rather than one-time verification effort.
VPN Provider Maintains Zero-Logging Standards
Surfshark has completed its second independent privacy audit with Deloitte, one of the Big Four accounting firms, confirming the company’s no-logs policy remains intact across its entire infrastructure. The comprehensive assessment validates that the VPN service does not track user activities or maintain records of online behavior.
Comprehensive Server Infrastructure Review
The Deloitte audit examined multiple aspects of Surfshark’s operations to verify compliance with stated privacy policies. Auditors conducted detailed interviews with technical staff and reviewed supporting documentation to assess adherence to no-logging practices.
The assessment covered standard VPN servers, static IP servers, and multiport servers used in Surfshark’s network infrastructure. Deloitte evaluated server configuration processes and deployment procedures to confirm privacy settings align with company policy statements.
Privacy-related settings and operational procedures underwent thorough inspection during the audit process. The review confirmed that Surfshark’s privacy configurations comply with its published privacy policy across all relevant servers and supporting infrastructure.
ISAE 3000 Certification Available
The audit follows International Standard on Assurance Engagements (ISAE) 3000 guidelines, providing users with detailed documentation of the assessment process. Surfshark users can access the complete audit report through their account dashboard, according to company statements.
“This assessment demonstrates Surfshark’s proactive approach to privacy, showing that we are continually seeking ways to fulfill our promise of not tracking nor monitoring our users’ activity,” said Donatas Budvytis, Surfshark’s Chief Technology Officer.
Industry Privacy Standards
The independent verification addresses growing concerns about VPN logging practices in the cybersecurity industry. Several VPN providers have faced scrutiny over data collection policies, making third-party audits increasingly important for user trust.
Budvytis emphasized the significance of working with a Big Four auditing firm for the verification process. “Having Deloitte, one of the Big Four auditing firms, reconfirming that is a big confirmation of privacy and transparency to our current and future users,” he stated.
Ongoing Privacy Commitment
The latest audit represents Surfshark’s second independent privacy verification, building on previous assessments documented in the company’s Trust Center. The VPN provider positions the audit as part of an ongoing commitment rather than a single compliance check.
The verification process examined whether Surfshark’s technical infrastructure and operational procedures prevent the collection of user browsing data, connection logs, and activity records. Deloitte’s assessment confirmed these privacy protections remain active across the service’s global server network.
Users seeking additional information about Surfshark’s privacy certifications and previous independent verifications can review documentation available through the company’s Trust Center portal.
