In online privacy, trust is strengthened through verification. That’s why we believe that transparency isn’t built by promises but by proof. Independent audits are one of the most effective ways to demonstrate that our technology works as designed and that our systems are aligned with the principles we stand for.
This year, we completed our third independent audit by Deloitte Audit Romania, one of the Big Four global firms. The review is part of our ongoing transparency program, which focuses on making our privacy practices verifiable through independent testing and public accountability.
What the Audit Involved
The engagement was conducted under the International Standard on Assurance Engagements (ISAE) 3000 (Revised), the globally recognized framework for non-financial assurance. Deloitte examined how CyberGhost’s infrastructure and operational systems are designed to uphold our no-logs policy, which ensures that user activity and connection data aren’t logged or retained.
The scope included a detailed review of our VPN server network, configuration, and change-management processes, and incident-response controls. It also examined our dedicated IP token-based system, a design that prevents any association between a user’s VPN account and a specific IP address. This system is central to our privacy-by-design approach, ensuring that even features that require a fixed address preserve anonymity and separation.
Deloitte Audit Romania tested CyberGhost’s server architecture and internal safeguards, to verify that our systems functioned as described and provided technical protections against activity logging.
The full assurance report is available for download, so that anyone can read the findings in full.
Why We Continue to Invite Independent Scrutiny
Independent audits have been a defining part of how CyberGhost builds and maintains trust. Our first assessment by Deloitte Audit Romania took place in 2022, followed by a second in 2024. Together with this year’s review, they form a clear and continuous record of our privacy architecture being tested against international standards.
Each engagement allows us to review how our infrastructure aligns with our commitments. It also helps us strengthen internal processes, making sure that as our systems evolve, our privacy posture remains consistent and measurable.
Transparency as an Ongoing Standard
Audits are one part of a broader transparency initiative at CyberGhost. We regularly publish quarterly Transparency Reports, maintain a public vulnerability-disclosure program, and continue to invest in systems that are privacy-centric by design.
Each independent review adds another layer of assurance for our users and reinforces the principles our service is built on. We’ll continue to refine our systems, invite external scrutiny, and invest in technology that strengthens user trust.
The 2025 Deloitte assurance report is available here for anyone who wants to learn more about this year’s findings.
Leave a comment