The First & Only No Log VPN on KPMG's "Always-On" audit

In today’s day and age, the security & privacy of personal data has been a topic of much concern and debate. Obviously, there are many insecurities when it comes to trusting someone with your personal information.

To gain your complete trust, PureVPN has become the First & Only VPN in the industry to be on an “Always-on” audit by one of the big four auditing firms, KPMG.

How KPMG Audited PureVPN’s No-Log Claims

KPMG thoroughly analyzed our networks and verified if it corresponds with our no-log claims, which are:

• PureVPN doesn’t log a user’s origin IP address
• PureVPN doesn’t log a user’s assigned VPN IP
• PureVPN doesn’t log the specific time when a user connects to a VPN server
• PureVPN doesn’t log a user’s activities through its VPN connection

The auditing process extensively included the inspection of our complex infrastructure, server configurations, codebase, technical data logs, and global servers.

KPMG summarized and verified in its report that PureVPN doesn’t monitor or store any personally identifiable information (PII) that could pose a privacy risk to its users.

The Significance of the KPMG Audit

Trust is never static; it’s always dynamic. Trust demands constant scrutiny by either party because of continuous interaction at different intervals.

Sticking firmly to this belief, we didn’t stop at our first audit by Altius IT and went through with our second audit with KPMG, the world’s leading auditing firm. But we aren’t stopping here either.

We are proud to offer you a privacy-first VPN service that will be scrutinized regularly under the always-on audit policy. With this policy, KPMG will have complete authority to initiate a non-scheduled privacy audit at any time of the year without any prior notice.

The ‘always-on’ audit aims to provide you with complete peace of mind about the safety of your personal data. We are the only VPN company to conduct an ‘always-on’ audit.

Privacy-centricity and transparency are our core tenets. We always do our best to reflect these tenets in every aspect of our services, whether our no-logging policy or related services.

We must thank you for always believing and trusting in us. We are confident that our ‘always-on’ audit will help nourish your trust!

Congrats, but can you use a real pentest firm next time? KPMG is pretty well known in the industry as being a checklist firm.

Thanks for your suggestion! We do conduct internal penetration tests and have also partnered with bugcrowd where we encourage pentesters to conduct pentest against rewards.

The purpose of the KPMG audit was to validate our No-Logs claim through a third-party reputable firm. KPMG conducted a technical investigation of our servers & other infra components serving VPN products to validate that no user log or VPN activity is being recorded.

A penetration test (pentest) wouldn’t have been fruitful here. Since testing firm should have gained access to our infrastructure along with complete design details to validate the No-Log claim.

Nice to see that PureVPN is always on audit , can we get the audit history ? and can we get the connection logs of PureVPN ?

Ummer

There are two problems here. No logs means you have no information on how the systems are holding up to their job, downtime, and the whole kitchen sink. Quality of service must be a horror. No logs also means that users can do what they want without a trace. Since you cannot tell the police, you are directly responsible for what they do.

Bypassing this fraudulent company, they used to be fair, but after I bought a fixed ip with port forward 5 years in advance, after 8 months they decided to ask for money for portforward, mostly 5 days they harassed me with emails to finally say we will not provide you with service which you paid and we will not refund you the money you paid.

Hey Ummer, You can read about our audit history in detail by following the below link: https://www.purevpn.com/blog/kpmg-validates-purevpn-no-log-claims/

Moreover, we do not record nor maintain any connection logs (thus why we are having our no-log claims validated), you can read about it in-depth in our privacy policy.

While it does make our job slightly more complicated, we can still effectively ensure a server’s system health (uptime, resources consumption, security, etc.) and network health (throughput, jitter, etc.) without having to keep any logs.

As for the latter part, that is somewhat true.

Hey u/Sorry_Fudge_4364, I am sorry for the experience that you’ve had with us. We would like to discuss this in detail with you and make up for any setbacks caused from our end. I’d be happy if you can join our LiveChat for this, or you can even drop me a DM, whichever works best for you!

Thanks for sharing the link. Could you let me know how is the audit conducted under KPMG of PureVPN ?

You sell ddos protection and hosted vpn. Suppose I have an e-mail server, hosted, and I want to protect it. Packets to my port 25 do not hit me directly, but hit you first, right? For this to be possible, my server’s public MX needs to be your entry point, and it needs to have a static A RR. Can you do that? And the way around too: when I send e-mails, do you forward the packet from my real IP? Who receives my e-mail reads your IP and its rDNS, which needs to be my hostname. In the end, you appear as sender and receiver. Is this something you can do?

We asked KPMG to thoroughly analyze our network to verify if it meets our no-log claims, which are:

PureVPN doesn’t log a user’s origin IP address

PureVPN doesn’t log a user’s assigned VPN IP

PureVPN doesn’t log the specific time when a user connects to a VPN server

PureVPN doesn’t log a user’s activities through its VPN connection

The auditing process was somewhat exhausting as it included the inspection of our complex infrastructure, server configurations, codebase, technical data logs, and global servers.

The process also involved the interviews of our personnel who are involved in server maintenance and database handling. During the activity, KPMG also ensured that the audited technical data logs and server configurations are actually being used by PureVPN, not the other way around.

At the end of the audit, KPMG summarized and verified in its report that PureVPN doesn’t monitor or store any personally identifiable information (PII) that could pose a privacy risk to its users.

Yes, we do offer a Ddos Protected Dedicated IP. However, in your case, you will be needing our Port Forwarding add-on (you can learn more about the PF add-on here). This add-on will help you in opening secure email ports 465 587. Once that is out of the way, you can connect PureVPN to your mailing server, and this way all packets out of your server will be over the VPN server.

Do you manage the dns? What’s my fqdn be like? vm123.purevpn.com?

If you’re referring to the PTR records & the DNS then it will be against the IP that you’re assigned by PureVPN, which is managed by us. I’m not quite sure what you mean by FDQN here. If it is the static/dedicated IP you’re referring to, then the system assigned hostname would be somewhat aa-ded-1.purevpn.net or pointtoserver.com.
We’d be glad to help you signup for a trial account through which you can test out your desired goal.