Back
Article
Impact & Partnerships

Transparency hub: what we publish and how to read our reports

6
min read
Share
Jeremy Vaughn
Published on
April 8, 2026
Writer

TL;DR

  • Trust requires proof. Our Transparency Hub publishes the data needed to verify our privacy claims.
  • We regularly publish independent no-logs audit reports, legal request logs, and a warrant canary.
  • Quarterly impact reports detail donation amounts and partner-reported outcomes, always aggregated to protect individual privacy.
  • We never publish individual user data because our systems are designed not to collect it in the first place.
  • Any changes to our privacy policy or infrastructure are announced publicly before taking effect.

What the Transparency Hub Contains

✅ We publish: - Independent no-logs audit reports and methodologies - Logs of legal requests received and our responses - A regularly updated warrant canary - Quarterly impact reports on donations and partner outcomes - Advance notice of policy or infrastructure changes

❌ We don't publish: - Individual user data or browsing history (we don't have it) - De-anonymized connection metadata - Marketing metrics disguised as transparency - Secret compliance with data requests

Trust is built through transparency, not claims. In an industry where "military-grade encryption" and "100% anonymity" are thrown around as marketing slogans, words aren't enough. You need proof.

That is why we built the Transparency Hub. It is a central repository where we publish the data, audits, and reports necessary to verify that we are doing what we say we do. This guide explains exactly what you will find in the hub, how often it is updated, and how to interpret the information we provide.

What We Publish (and How Often)

The Transparency Hub is divided into several key sections, each serving a specific purpose in verifying our operations and impact.

No-Logs Audit Reports

A no-logs policy is only as good as the independent audit that verifies it. We commission reputable third-party security firms to examine our infrastructure, server configurations, and codebases.

  • When they happen: Annually, or after major infrastructure changes.
  • What they cover: The auditors verify that our systems cannot log browsing history, connection timestamps, or IP addresses.
  • Where to find results: The full audit reports, including the methodology and any findings, are published directly in the hub.

Learn more: No-logs explained: what it means, what to look for, and how we design for it

Legal Request Log

As a VPN provider, we occasionally receive requests from law enforcement or government agencies asking for user data. We log every single request we receive.

  • What it includes: The number of requests received, the jurisdiction they came from, and how we responded.
  • What data is provided: Because of our strict no-logs architecture, our response is almost always that we have no data to provide. If we are legally compelled to provide account information (like an email address used for billing), that is recorded in the log.

The Warrant Canary

A warrant canary is a regularly updated statement confirming that we have not received any secret subpoenas, gag orders, or classified data requests.

  • How it works: We publish a cryptographically signed message stating that no such orders have been received.
  • Why it matters: If we are ever served with a secret order that includes a gag order (preventing us from talking about it), we cannot legally say we received it. However, we can stop updating the canary. If the canary stops updating, something has changed.

Impact Reports

Part of every PrivateByRight subscription supports privacy, press freedom, and human-rights initiatives. We believe you have a right to know exactly where that money goes.

  • When they happen: Quarterly.
  • What they cover: Total donation amounts, the specific partner organizations supported, and the outcomes of the campaigns as reported by those partners.

Learn more: How donations work at PrivateByRight: the model, rules, and accountability

Infrastructure and Policy Updates

Transparency also means being clear about how our service operates and any changes to the rules of engagement.

  • Infrastructure updates: We document significant changes to our server architecture, protocol support, or security implementations.
  • Policy changes: Any modifications to our privacy policy, logging practices, or business model are announced publicly in the hub before they take effect.

How to Read the Reports

Data is only useful if you know how to interpret it. Here is how to read the two most complex sections of the Transparency Hub.

Reading the Legal Request Log

When you look at the legal request log, you will see columns for the number of requests and the number of times data was produced.

  • "No data available": This is the most common outcome. It means a request was made for browsing activity or connection logs, and we responded truthfully that the data does not exist on our servers.
  • Compliance vs. Resistance: We review every request for legal validity. If a request is overly broad or lacks proper jurisdiction, we challenge it. The log details how many requests were successfully challenged or dismissed.

Reading the Impact Reports

Our impact reports focus on the real-world effects of the organizations we support.

  • Aggregated data: All financial and impact data is aggregated. We never track which specific user's subscription funded which specific initiative.
  • Partner-reported outcomes: The outcomes listed (e.g., "funded legal defense for 5 journalists") are reported directly by our partner organizations. We verify the funding, but the operational metrics come from the experts doing the work.

Learn more: Partner spotlight template: how we choose impact partners and who's next

What We Don't Publish (and Why)

True transparency does not mean publishing everything. It means publishing the right things while fiercely protecting user privacy.

We never publish individual user data. We do not publish anonymized browsing trends, aggregated connection logs, or de-identified traffic patterns. Even "anonymized" data can sometimes be re-identified if combined with other datasets.

The most secure data is data that is never collected. Our systems are designed around data minimization, meaning we simply do not have the logs to publish in the first place.

Learn more: Our privacy principles: data minimization, default protection, and clarity

The PrivateByRight Approach

Our approach to transparency is straightforward: verify, don't trust.

We design our systems to minimize data collection by default. We use RAM-only servers where possible, meaning a simple reboot wipes all data. We support modern protocols like WireGuard and OpenVPN, and we route DNS requests through our own encrypted tunnels.

But we don't expect you to take our word for it. The Transparency Hub exists so you can check our work. By publishing our audits, legal logs, and impact reports, we hold ourselves accountable to the standards we set.

FAQs

Why do VPNs need a warrant canary?

A warrant canary is necessary because certain legal requests, like National Security Letters in the US, often come with gag orders. A company cannot legally disclose that they received the order. However, they can stop publishing a statement saying they haven't received one. If the canary disappears, users know something is wrong.

How often are the no-logs audits conducted?

We aim to conduct independent no-logs audits annually, or whenever there is a fundamental change to our server architecture or core software. The full reports are always published in the Transparency Hub.

Can I see exactly where my specific subscription money went?

No. To protect user privacy, all financial contributions are pooled and aggregated before being distributed to our impact partners. We do not track individual user funds to specific outcomes.

What happens if the privacy policy changes?

If we ever need to change our privacy policy or logging practices, we will announce the changes in the Transparency Hub and notify users before the changes take effect. We do not make silent updates to our terms.

Who conducts the independent audits?

We contract with established, reputable third-party cybersecurity and auditing firms. The specific firm used for each audit is listed in the published report, along with their methodology and findings.

Sources & Further Reading

  1. Electronic Frontier Foundation. (2023). Warrant Canaries and the First Amendment.
  2. Center for Democracy & Technology. (2024). The Importance of Transparency Reports in the Tech Sector.
  3. Internet Engineering Task Force (IETF). (2021). RFC 8980: Privacy Considerations for Internet Protocols.
  4. Freedom of the Press Foundation. (2025). Evaluating VPN Security and Logging Claims.
  5. National Institute of Standards and Technology (NIST). (2023). Guidelines for Data Minimization.
Jeremy Vaughn
Published on
April 8, 2026
6
min read
Related Articles
April 8, 2026
7
min read
How donations work at PrivateByRight: the model, rules, and accountability
Get Started

We publish what most VPN companies won't

Learn about our social mission
tiktok

Fast, censorship-resistant VPN where every subscription funds real-world privacy.

Download App

Features
Features
Download
Pricing
COMPANY
About
Social Mission
Articles
IMPACT
Impact Report
Who We Support
Methodology
SUPPORT
Help Center
Submit Request
Email Support
Terms of Service
Privacy Policy
©2026 PrivateByRight VPN — All Rights Reserved