Detecting network status…
IP copied
Transparency centre

Come and look inside our filing cabinet.

Every VPN says “no logs”. Very few will let you open the drawers. Here’s ours: pull each one out and see what we hold on you. Then read the 131-control independent audit that says the same thing, in someone else’s words.

Audited by CyberNexis Ltd Nothing to hand over In-memory sessions Anonymous payment

The evidence room

Seven drawers. Six of them are the data other companies build businesses on. Open any of them.

CABINET 01 · USER DATACLICK A DRAWER TO OPEN
0
files on your activity
drawers opened0/7
empty0
audit verdictconsistent
Open every drawer. The counter can only stay at zero — that’s the whole point.
The audit

Someone else’s report card on us

We didn’t grade this. Between 3 March and 10 April 2026, CyberNexis Ltd tested our production servers, backend APIs and every client app against 131 controls, then wrote it all down.

Independent No-Logs Policy AuditCyberNexis Ltd · United Kingdom
Consistent with stated commitmentswith minor improvement areas
Assessment period
3 Mar – 10 Apr 2026
Report issued
14 Apr 2026 · v1.0
Controls tested
131
Server-side activity logs found
None
Where those 131 controls went
LunoVPN Independent No-Logs Policy Audit ReportLunoVPN_Independent_No-Logs_Policy_Audit_Report.pdf
Your browser can’t display the PDF inline. Open the audit report instead.
Play it out

Three ways your data usually leaks

A no-logs policy only matters at the moment someone comes looking. Pick a scenario and watch it play out against an empty cabinet.

The uncomfortable part

What the audit told us to fix

A transparency page that only quotes the flattering lines isn’t transparency. CyberNexis found no server-side logging of user activity — and also handed us a list. Here it is.

Data left on your device

Client apps could leave session tokens and config data in local storage after closing. Fixed during the assessment — re-testing confirmed nothing sensitive remained in app cache or logs.

Remediated
Encryption at rest on nodes

Session data is handled in memory, but the auditor recommends encrypting persistent storage on VPN nodes as defence-in-depth against physical or low-level access.

In progress
Third-party analytics in apps

Our clients included third-party analytics and telemetry components. The auditor asked us to define, minimise and document exactly what they can collect.

In progress
Centralised change alerting

File-integrity monitoring is in place, but a fully centralised alerting framework for unauthorised configuration changes is still being built out.

In progress

Statuses are ours, not the auditor’s: CyberNexis reported the findings, we report the progress. The next independent assessment re-tests all of it.

Warrant canary

The running tally

What we’ve been asked for, and what we handed over. The second number can only ever be zero — you’ve seen the drawers.

Transparency report
Legal requests for user activity received0
Requests where activity data was handed over0
Gag orders received0
Backdoors implemented0
Last updated

Figures here are placeholders for launch and must be replaced with your real, verified numbers and update date before publishing. If this statement ever disappears or stops being updated, treat that as a signal in itself.

FAQ

No-logs questions

What does “no-logs” actually mean at LunoVPN?
It means the drawers are empty: no browsing history, no DNS queries, no traffic destinations, no session timestamps tied to you, and no user-attributable IP records. The independent audit inspected our servers and found no mechanism that logs, inspects or stores user activity — so there is no activity data to search, sell, leak or hand over.
Who audited the no-logs policy, and when?
CyberNexis Ltd (United Kingdom) assessed LunoVPN between 3 March and 10 April 2026 and issued their report on 14 April 2026. They tested 131 controls across governance, server infrastructure, authentication, billing, client applications, monitoring, data leakage and side channels. Their conclusion: our no-logs implementation is consistent with our stated privacy commitments, with some minor improvement areas.
What information do you actually keep?
Only what an account cannot run without: an email address, a payment reference from your provider, and whether your plan is active. We also track aggregate infrastructure metrics such as total server load, which are never tied to a person. Pay with Monero and even the payment reference carries no name.
What happens if a government asks for my data?
We answer valid legal requests, but we can only ever hand over what exists. Since activity data is never generated or stored, there is nothing that could reconstruct what you did, when, or from where.
What if a server is seized or breached?
Session data is processed in memory and never written down. The audit verified the supporting controls: swap memory is disabled, temporary directories run in RAM, and core dumps are disabled. Encrypting node storage at rest is an open auditor recommendation we’re working through.
Did the audit find anything you had to fix?
Yes, and we publish those too. Client apps could leave session data in local storage, which we fixed during the assessment. The auditor also recommended encryption at rest on nodes, tighter control over third-party analytics in our apps, and a centralised alerting framework for configuration changes.
Why should I trust the report rather than your marketing?
You shouldn’t take our word for it — that’s the point. The report is written by an outside firm, published here in full including the parts that ask us to do better, and downloadable without giving us your details.

Don’t trust us. Check us.

Open the drawers, read the report, then decide. That’s how it should work.

© 2025 LunoVPN — We don’t know who you are, and that’s by design.

Protect Your Privacy - Install FREE !

Secure. Private. Fast.

Secure Your Connection x
Private. Fast. Independently Verified.

LunoVPN protects your traffic with a strict independent no-logs policy. No tracking. No monitoring. No user identification.
Windows SHA-256:
f7b170b6254c92e31b78500d13ee81be1c329fef5237f956f89d63b196925bf2
Don't show again
At LunoVPN, "no logs" means "no logs."