Complete transparency through independent security audits, bi-annual transparency reports, warrant canary, and open-source client applications. Trust is earned, not claimed.
Infrastructure, databases, application code, server configurations, logging mechanisms
PwC conducted a comprehensive 30-day audit of our entire infrastructure. They confirmed that PulsVPN operates a true no-logs VPN service with no user activity data, connection logs, timestamps, or IP addresses stored on any server or database. All servers were verified to be running in RAM-only mode with no persistent storage.
All VPN servers, network infrastructure, API endpoints, admin panels
Comprehensive security assessment of our entire VPN infrastructure including server hardening, network segmentation, and access controls. Cure53 performed extensive penetration testing on all 20+ server locations. Two medium-severity issues were identified in server firewall configurations and immediately patched. No critical vulnerabilities found.
VPN protocols, encryption algorithms, key management, TLS implementation
In-depth review of our WireGuard and QUIC protocol implementations. Verified that all encryption standards comply with industry best practices: AES-256-GCM for data encryption, ChaCha20-Poly1305 for mobile, RSA-4096 for key exchange, and SHA-512 for hashing. Perfect Forward Secrecy implementation verified. No cryptographic vulnerabilities discovered.
All client applications, update mechanisms, crash reporting
Security review of our Windows, macOS, Linux, iOS, and Android client applications. All client code was verified to match the published open-source repositories on GitHub. Three low-severity issues were identified in error handling and immediately fixed in version 2.5.1. No backdoors, tracking, or data leakage found.
Published: January 15, 2026
Zero valid legal requests received from any jurisdiction
Three DMCA notices forwarded to account holders per Swiss law. No user identification possible due to zero-logs policy.
No government data requests received
Zero user data provided to any party
Published: July 15, 2025
Zero valid legal requests received
Five DMCA notices received and forwarded. Unable to identify specific users due to no-logs policy.
No government data requests received
Zero user data provided to any party
Published: January 15, 2025
One request from non-Swiss authority rejected as invalid under Swiss law
Two DMCA notices forwarded to account holders
No government data requests received
Zero user data provided to any party
PulsVPN AG is incorporated and operates under Swiss law. We are based in Zurich, Switzerland and only respond to valid Swiss court orders.
Even if legally compelled, we have no activity logs to provide. Our zero-logs policy means we cannot identify which user accessed which content, at what time, or from which IP address.
DMCA notices are forwarded to the account holder's registered email per Swiss copyright law. However, due to our no-logs policy, we cannot determine which specific user may have engaged in the alleged activity.
As of February 26, 2026, PulsVPN AG confirms the following:
Important: This warrant canary is updated with every transparency report (bi-annually). If this statement is removed, outdated by more than 6 months, or contains any modifications, you should assume we have received such an order that prevents us from updating it.
All our client applications (Windows, macOS, Linux, iOS, Android) are 100% open source under the GPL v3 license. Anyone can audit our code, verify our claims, submit improvements, or fork the project. Transparency through code, not just words.
We're committed to being as transparent as possible while protecting user privacy.