"No logs" is the most over-claimed phrase in the VPN industry. Every provider says it; the difference is in what they actually mean and whether they've been audited on it. Here's the PhoenixVPN policy in full, as operated by BIBERSON TECHNOLOGIES LLC.
What we don't collect
- Browsing activity. No URLs, no DNS queries, no destinations.
- Connection metadata. No timestamps tied to your account, no source IP, no destination server tied to you.
- Bandwidth per user. We measure server-level traffic in aggregate, never per-account.
- Session length per user. The duration of your individual sessions is not stored.
What we do collect
- Your email address. So we can log you in and send you receipts.
- Payment details. Held by our payment processor — we store only the minimum needed to reconcile billing.
- Aggregated server load. Total active connections per server, total bandwidth per server. No per-user breakdown.
- App crash reports. Only if you opt in. Off by default.
How it's enforced technically
The no-logs policy isn't a promise on a webpage — it's a configuration of our infrastructure that makes logging impossible at the OS level:
- RAM-only servers. Every production server in our fleet boots from a signed image into volatile memory. There is no persistent disk. Reboot a server and every byte is gone, with no possibility of recovery.
- System logging disabled. rsyslog, journald, and the kernel ring buffer are configured to discard everything related to VPN connections.
- No on-server analytics. Our monitoring agents only send aggregate counters out — never per-connection data.
- Centralized config. Every server's configuration is reviewed and signed centrally; no operator can quietly turn logging back on.
Independent audits
Marketing copy is cheap. Independent audits are not.
- 2024 — Deloitte (full audit). Three-week engagement covering infrastructure, source code review, and live observation of operations. Verdict: PhoenixVPN's no-logs policy is accurately implemented across the infrastructure.
Read the 2024 audit report (PDF — link disabled in this demo) - 2021 — Deloitte (initial audit). First end-to-end audit of the infrastructure. Verdict: no-logs policy verified.
Read the 2021 audit report (PDF — link disabled in this demo)
Warrant canary
We publish a warrant canary on the first day of every quarter. As of the date at the top of this page, we have not received a National Security Letter, gag order, or any other form of legal compulsion that we are forbidden from disclosing.
Legal requests we have received
Our annual transparency report includes the number of legal requests we received the previous year, broken down by jurisdiction and outcome. The 2025 report (covering 2024) is available on this page when published.
Why this matters
A VPN that keeps logs is, in practice, a VPN that has decided to know what you do online. Whether or not they currently choose to share that data with anyone, the data exists — and that's a risk you don't need to take. We've built PhoenixVPN so that there is nothing useful to hand over, no matter what we are asked. Our jurisdiction (United States) is no secret — what matters is what we have to disclose, and the answer is "the bare minimum, because the rest doesn't exist."
BIBERSON TECHNOLOGIES LLC · 55 S Forest St, Denver, CO 80246, United States · [email protected]