factually

Has protonvpn complied with user data requests

Checked on December 3, 2025
Disclaimer: Factually can make mistakes. Please verify important information or breaking news. Learn more.
Proton VPN
VPN.com
Engadget
TravelSecurely
Searched for:
"ProtonVPN user data requests December 2025"
Found 12 sources

Executive summary

Proton VPN maintains a strict no-logs policy and publishes transparency reports saying it has denied legal requests for VPN user data—Proton reported 29 legal requests as of June 2025 and states all 29 were denied [1]. Proton’s public materials and independent audits assert it cannot log users’ IP addresses or browsing traffic and that servers use full-disk encryption and operate under Swiss law, which limits data retention obligations [2] [3] [4].

1. Proton’s official line: “We have no logs to give”

Proton’s privacy policy and blog repeatedly state the company does not log VPN session data, IP addresses, or browsing traffic and that its servers use full-disk encryption and are designed to contain “no logs and no user data” [2] [5]. Proton also says it will disclose only “the limited user data we possess” when legally obliged by Swiss courts and that it publishes transparency reports and a warrant canary to document requests [6] [5].

2. Transparency reports and numbers: requests received, requests denied

Journalism and product reviews cite Proton’s transparency reporting: as of June 2025 Proton’s transparency report recorded 29 legal requests for user information, and reporting states Proton denied all 29 requests—while noting later months of 2025 were not yet published at the time of reporting [1]. Multiple reviewers reference those transparency reports as evidence the company fights or resists requests [3] [7].

3. Independent audits and outside verification

Independent audits have been cited by several outlets and specialist reviewers as confirming Proton VPN’s no-logs claims — audits by security firms (e.g., Securitum) were referenced for 2022, 2024 and an August 2025 engagement that again verified the policy [7] [1] [8]. Reviews emphasize those audits and the transparency report together as the strongest public evidence that Proton cannot hand over activity logs because it does not retain them [3] [8].

4. Swiss jurisdiction: protections and limits

Proton’s legal domicile in Switzerland is central to its claim: Swiss law and recent legal changes are presented as shielding VPN services from routine IP-log retention requirements and meaningfully constraining what courts can compel, though Proton acknowledges it must comply with binding Swiss court orders and says it will contest them where possible [9] [6] [5].

5. Not all Proton products are the same—email vs VPN

Reporting repeatedly warns that Proton’s stronger claims apply to its VPN product and infrastructure; other Proton services (notably Proton Mail) have different legal exposures and historical precedent. TechCrunch reporting and later summaries note Proton Mail complied with a Swiss request for an IP address in 2021, showing that Proton’s wider product family can sometimes be compelled under Swiss law in ways the VPN claims it is not [9].

6. What “complied with user data requests” means in practice

Available sources do not claim Proton VPN has handed over VPN-activity logs to law enforcement; instead, public records and audits show Proton received legal requests and says it denied them or had no data to provide—one cited 2019 case passed through Swiss courts where Proton said it had no data to hand over [1] [5]. Reviewers treat Proton’s combination of technical measures, audits, and transparency reporting as evidence the company has not complied with producing VPN session records because it asserts it does not possess such logs [3] [4].

7. Caveats, open questions, and implicit incentives

Proton’s statements and third‑party audits are persuasive but not absolute proof: independent audits check code and policies at set points in time but cannot guarantee future operational changes between audits [8] [7]. Transparency reports cover known requests but can lag; some outlets note mid- and late‑2025 data may not yet be published when they wrote [1]. Proton has an incentive—commercial and reputational—to emphasize privacy; that incentive aligns with user interests but also encourages rigorous external verification and ongoing transparency [3] [10].

8. Bottom line for users deciding trust

If your question is whether Proton VPN has, in public reporting, complied with requests by handing over VPN activity logs—the available sources indicate no: Proton’s public record shows legal requests were received and were either denied or produced no VPN activity data because Proton says it doesn’t log that data [1] [5]. If you need absolute guarantees beyond audits and transparency reports, available sources do not provide evidence of an infallible technical guarantee; they show strong procedural, legal, and technical measures backed by audits and journalistic reporting [8] [7].

Want to dive deeper?
Has protonvpn responded to gdpr subject access requests and data deletion requests?
What does protonvpn's privacy policy say about logging and handing over user data to authorities?
Have there been public transparency reports or audits on protonvpn's handling of user data?
What legal jurisdictions and court orders could force protonvpn to disclose user information?
Are there documented cases where protonvpn complied or refused government data requests?
About
Blog
Contact
FAQ
Terms
Privacy
Manage data