No‑Logs Audit
Our no-logs commitment in the Privacy Policy has been audited by one of the Big Four auditing firms. The independent audit verifies that we do not collect data that can identify users or track their online activities.
We use cookies to provide you a better service and analyze traffic. To find out more about cookies, please see our Cookie Declaration. By continuing to browse our website, you agree to our use of cookies.
We use cookies to provide you a better service and analyze traffic, To find out more about cookies, please see our Cookie Declaration.
Our website relies on these cookies for proper functionality.
These cookies are utilized to retain your preferences, such as language selection.
Cookies enable us to gain insights into our visitors and enhance their browsing.
Cookies that are used to track conversions for ads platforms.
X-VPN doesn’t collect data that could identify users or track their online activities. Backed by an independent audit, we deliver a VPN service you can trust.
Independent third‑party audit;Secure‑by‑design architecture;Continuous public transparency.
We have completed and continue to undergo independent third-party audits to ensure our service is safe and reliable.
Our no-logs commitment in the Privacy Policy has been audited by one of the Big Four auditing firms. The independent audit verifies that we do not collect data that can identify users or track their online activities.
• User & destination IP addresses;
• Websites visited;
• Browsing activities;
• VPN servers connected;
• DNS queries;
• Downloaded content;
• Connection timestamps;
• Sensitive payment details.
The full audit report is available in your X-VPN account. Log in to see how X-VPN protects your privacy.
Log in to X-VPN
We keep our service and your connection secure through four key layers of protection.
From the moment a VPN tunnel is built, TLS-based encryption begins protecting data in transit. This modern cryptography helps secure data within the tunnel against interception and manipulation.
X-VPN uses AES-256, a widely trusted industry-standard encryption algorithm, to protect transmitted data. Without the proper cryptographic key, intercepted traffic cannot be meaningfully read.
Session keys are securely generated and managed for each VPN connection. This helps reduce the risk of key reuse and strengthens protection across sessions.
X-VPN uses THA, our internal automation system, to centrally deploy and manage server rules, reducing manual intervention and lowering the risk of human error.
Through THA, server rules and settings are applied consistently across the network to keep protection standards aligned at all times.
The automation system also continuously validates rule enforcement and server status to ensure controls remain active and effective.
The production environment is isolated from the development and testing environments, and direct manual access to the production server is logically prohibited.
High-sensitivity changes, like configuration updates, database schema changes, new data collection fields, etc., require dual approval before they can be applied.
Database access follows the principles of least privilege and Zero Trust, with multi-factor authentication required for privileged access. All database connections are encrypted and protected with centrally managed certificates.
All code changes must go through manual review by at least one peer in the same role before they can move forward, adding human oversight to security, quality, and compliance checks.
The CI/CD pipeline automatically scans code submissions and Merge Requests with mandatory static analysis tools. Non-compliant codes trigger alerts and are flagged for further review before testing.
Only code that has passed manual review, CI/CD auto review, testing, and required approvals can be merged and released through the automated THA deployment workflow.
Privacy comes first at X-VPN, and we protect it across every part of the service.
X-VPN runs VPN servers entirely in memory, which means runtime data is not persistently written to local disks and is cleared whenever a server reboots. As a result, no historical runtime data remains available after a server is removed, replaced, or subjected to offline inspection.
Service output is redirected to /dev/null, a null path where any written content is immediately discarded, preventing system and service logs from being generated or stored during operation.
Our THA system automatically deploys these no-logs controls across servers and continuously validates them, helping keep our Privacy Policy commitments and related practices effective.
We provide a transparency report on user data requests from global government and law enforcement. As there are no logs kept, no user data exists, X-VPN simply responded that there's nothing we can do.
Type | Requests Received | Data Provided |
|---|---|---|
Law Enforcement Requests | 72 | 0 |
DMCA Requests | 247,046 | 0 |
Civil Court Orders | 0 | 0 |
Criminal Court Orders | 0 | 0 |
Gag Orders/Restrictive Orders | 0 | 0 |
Data requests received from 2017 to April 2026: none resulted in data disclosure.
X-VPN conducts continuous internal audits, combined with independent third-party ones, to strengthen security.
X-VPN continuously audits product security to keep the user journey protected at every stage:
• Installation & updates are safe from tampering or attack;
• Permissions stay limited to minimal and necessary;
• IP, DNS, WebRTC leak protections & Kill Switch are effective;
• Connection protocols and encryption algorithms are reliable to keep every session secure.
X-VPN regularly reviews internal controls to keep critical systems and operations tightly governed:
• Least-privilege access;
• Multi-factor authentication and zero trust principle;
• Product development aligns with privacy requirements;
• Operational changes subject to strict review and approval.
X-VPN proactively checks external defenses to keep the user accessing protected:
• Valid certificate-based encryption for official websites;
• Effective protection against DDoS and other external attacks;
• Proactive vulnerability detection and remediation;
• Protected third-party distribution channels and payment flows.
We have received privacy and security-related issues reported by security researchers, experts, and users from around the world. These insights helped us grow and provide better services.
Bug Types | Amount | Status |
|---|---|---|
Email Security & Validation | 6 | Solved |
Input Validation & Injection (Client-Side) | 3 | Solved |
Server & Protocol Configuration Issues | 5 | Solved |
Web Security Headers & iframe Settings | 3 | Solved |
Session & Authentication Controls | 4 | Solved |
Reports received from Jan 2025 to April 2026
X-VPN supports organizations working on a more open and resilient online ecosystem. Get X-VPN and enjoy a safer network now!
The Internet Society is a global nonprofit that supports the Internet as an open, globally connected, and secure infrastructure for everyone. X-VPN is proud to be part of the Internet Society’s Organization Members, supporting its work to strengthen a safer and more accessible Internet worldwide.
EFF is a leading digital rights organization known for helping drive wider HTTPS adoption through projects such as Certbot and support for Let’s Encrypt. X-VPN is proud to be an Electronic Frontier Foundation supporter, helping build a more private and secure Internet.
We continue to strengthen user trust through ongoing internal and external audits. These reviews help keep our commitments tested in practice, not just stated on paper.
Privacy and security are built into how X-VPN is designed, operated, and maintained. We protect users through no-logs controls and security measures in every layer.
We keep our practices visible through ongoing transparency. We proactively publish audit results instead of waiting to be asked, and regularly update our Transparency Report and Bug Bounty Report for user trust.