Skip to content
Independently verified · Quarterly re-audit
EU VETTED

AirVPN

VERIFIED
VPN · Italy
Founded 2010 · airvpn.org ↗

Italian hacktivist-founded VPN (Perugia, 2010), no-logs, port forwarding, but no longer serves Italian residents (Piracy Shield).

In short

AirVPN, in the VPN category, is an EU-owned service with Italy as its hosting location and no identified CLOUD Act exposure.

Assessment notes

AirVPN is an Italian-incorporated, founder-controlled (Paolo Brini), unfunded VPN service launched in 2010 by a hacktivist collective in Perugia with a more-than-decade record of no logging or security scandals: strong no-logs posture, transparency reports, port forwarding, multi-protocol. EU-owned, EU-incorporated, no US ties, no CLOUD Act exposure. Editorial flag: AirVPN terminated service for residents of Italy on 19 February 2024 in protest of the Italian ''Piracy Shield'' blocking regime, which is a structural procurement flag worth surfacing. Signal gap: AirVPN does not publish a DPA. Only ToS and a privacy notice are available, with no processor agreement for EU buyers to self-serve.

CLOUD ACT
OWNERSHIP
SUB-PROCS
not disclosed
Verified signals
Jurisdiction
  • EU / adequacy hosting
  • EU / adequacy operator
  • No US CLOUD Act exposure
Transparency
  • Public DPA
  • Sub-processors disclosed
  • Open-source clients
  • Third-party certification
JUMP TO
OVERVIEW

About AirVPN

AirVPN is an Italian privacy-focused VPN founded in 2010 by a Perugia-based hacktivist collective and owned today by Paolo Brini. The service is intentionally small, unfunded, and operated outside the venture-backed VPN consolidator economy that has absorbed most of the brand-name competition (NordVPN, ExpressVPN, Surfshark, etc.). The product targets technically-fluent users who care about hard privacy guarantees: no activity logs, OpenVPN and WireGuard multi-protocol support, IPv6 support, port forwarding, custom DNS, multi-hop, gigabit servers, and detailed real-time server-status pages.

For an EU-sovereignty audit AirVPN is structurally clean (Italian-incorporated, no US ties, no US-VC ownership, no US sub-processors on the customer-data path), and the no-logs claim is backed by an over-a-decade track record without security scandals. The catch, and the reason this listing carries a hard editorial caveat, is that on 19 February 2024 AirVPN terminated service for residents of Italy in direct response to Italy's "Piracy Shield" blocking regime. The Italian government mandates that ISPs, DNS resolvers, and intermediaries block flagged pirate-IP addresses within thirty minutes of alert without prior judicial review; AirVPN deemed the requirements an unacceptable risk for overblocking and human-rights violations, and new users must now declare that they are not Italian residents. So while the corporate posture is Italian and EU-controlled, the customer-availability story is unusual: AirVPN serves EU customers from every member state except Italy.

Pricing is straightforward: a 3-day trial starts at €2; monthly plans around €7; 3-year heavily discounted (~€1.50/month equivalent). Bitcoin and other cryptocurrencies are accepted alongside cards. Best fit: privacy-maximalist users across the EU (excluding Italy), torrent-friendly use cases, and anyone wanting a small, founder-controlled provider with a documented activist posture. The Italian-resident blockade is itself a procurement signal: both as evidence of the vendor's willingness to walk away from a regime it disagrees with, and as a practical exclusion for any Italian buyer.

SUB-PROCESSORS

Sub-processor map · not disclosed

Vendor does not publish a sub-processors list. Schrems II compliance and CLOUD Act exposure cannot be independently verified without it.
CERTIFICATIONS

Frameworks & certifications · none listed

We checked the vendor's website and standard certification body registries. No active certifications found at the time of last audit (2026-05-11).
FEATURES

Capability matrix

Servers 514 servers
Countries 23 countries
Simultaneous devices 5 devices
Protocols WireGuard OpenVPN
Kill switch Yes
Audited no-logs No
Port forwarding Yes
Platforms iOS macOS Windows Android Linux
INTEGRATION & ACCESS
REST API No
SSO (SAML / OIDC) No
COMPLIANCE & GOVERNANCE
Audit log No
Self-host / on-prem option No
PRICING

Pricing & tiers

PAID
from €7/mo
View pricing page ↗
PUBLIC DOCUMENTS

Public documents

Vendor does not publish a public DPA. Without a publicly accessible Data Processing Addendum, small EU customers cannot self-serve the processor agreement. This is recorded as no public DPA (see How we assess).
Vendor does not publish a sub-processors list. Schrems II compliance and CLOUD Act exposure cannot be independently verified without it.
  • Data Processing Addendum (DPA)
    — missing
    missing
  • Sub-processors list
    — missing
    missing
  • Terms of Service
    airvpn.org/tos…
    Open ↗
ALTERNATIVES

Alternatives in this category

AzireVPN
Sweden · Founded 2012
EU-HOSTED

Swedish privacy VPN (Stockholm, est. 2012): Blind Operator, RAM-only, audited no-logs; acquired by Malwarebytes (US) 7 Nov 2024.

Public DPA Sub-processors Open source
FROM
CLOUD ACT
MATERIAL
CyberGhost
Romania · Founded 2011
EU-BASED

Romanian-operated VPN (CyberGhost S.R.L., 2011) under Kape Technologies (UK; ex-Crossrider) → Unikmind/Teddy Sagi (IM) since 2023; listed as a warning.

Public DPA Sub-processors Open source
FROM
€2/mo
CLOUD ACT
MINOR
IVPN
Gibraltar · Founded 2009
EU-BASED

Gibraltar-incorporated VPN (IVPN Limited / ex-Privatus, founded 2009), Cure53-audited no-logs, open-source apps, independent ownership.

Public DPA Sub-processors Open source
FROM
€6/mo
CLOUD ACT
NONE