Skip to content
Independently verified · Quarterly re-audit
EU VETTED

IVPN

VERIFIED
VPN · Gibraltar
Founded 2009 · ivpn.net ↗

Gibraltar-incorporated VPN (IVPN Limited / ex-Privatus, founded 2009), Cure53-audited no-logs, open-source apps, independent ownership.

In short

IVPN, in the VPN category, is a European service with Gibraltar as its hosting location and at most minor, transient US exposure under the CLOUD Act.

Assessment notes

IVPN Limited (formerly Privatus Limited) is a Gibraltar-incorporated VPN provider founded in 2009 by Nicholas Pestell (independent, no parent company, no PE/VC funding, no other VPN brands owned) with a Cure53-audited no-logs policy (three independent audits + a comprehensive pentest), open-source apps, public transparency reports, and Gibraltar jurisdiction explicitly outside the 5/9/14 Eyes intelligence-sharing alliance. No CLOUD Act exposure; independent ownership with no US ties. The one gap in the signal set: IVPN does not publish a publicly accessible DPA. Only a privacy policy is available, with no processor agreement for EU buyers to self-serve.

CLOUD ACT
OWNERSHIP
SUB-PROCS
0 none disclosed
Verified signals
Jurisdiction
  • EU / adequacy hosting
  • EU / adequacy operator
  • No US CLOUD Act exposure
Transparency
  • Public DPA
  • Sub-processors disclosed
  • Open-source clients
  • Third-party certification
JUMP TO
OVERVIEW

About IVPN

IVPN is a Gibraltar-incorporated privacy-focused VPN operated by IVPN Limited (formerly Privatus Limited), founded in 2009 by Nicholas Pestell. The company is independent: no parent company, no private-equity or venture-capital ownership, no other VPN brands operated, a structural rarity in a category dominated by conglomerated VPN consolidators (Kape Technologies, NordVPN parent group, etc.). Gibraltar is a British Overseas Territory that maintains GDPR alignment with the EU framework but explicitly sits outside the 5/9/14 Eyes intelligence-sharing alliance, which is the headline jurisdictional advantage IVPN markets to its target audience.

Compliance and privacy posture are gold-standard. The no-logs policy has been independently audited by Cure53 (the German cybersecurity firm) three separate times, alongside a comprehensive pentest of apps and infrastructure. IVPN publishes transparency reports on law-enforcement requests, runs all apps as open-source, and is one of only two VPN providers (alongside Proton VPN) on most "best for privacy" 2026 shortlists with both open-source apps AND annual third-party audits. The privacy policy is straightforward: no activity logs, no connection logs, no DNS query logs, no IP-address logs, no timestamp logs. Tor-over-IVPN and multi-hop modes are supported.

Pricing is direct and trial-friendly: Standard plan around US$6/month (€5–6 equivalent); a 7-day trial is available; cards plus Bitcoin and Monero accepted. No free tier. Best fit: privacy-maximalist EU and worldwide users who want a Cure53-audited no-logs guarantee under a Gibraltar-Outside-Eyes jurisdiction, journalists, researchers, and anyone valuing independent ownership over feature-bloated marketing. The smaller server fleet vs Proton VPN means slightly lower geo-coverage and streaming-unblock breadth, which is the trade-off for the structurally cleaner posture.

SUB-PROCESSORS

Sub-processor map · none disclosed

Source ↗
Vendor discloses zero sub-processors. All data processing happens in-house.
CERTIFICATIONS

Frameworks & certifications · none listed

We checked the vendor's website and standard certification body registries. No active certifications found at the time of last audit (2026-05-11).
FEATURES

Capability matrix

Simultaneous devices 2 devices
Protocols WireGuard OpenVPN IKEv2
Kill switch Yes
Audited no-logs Yes
Port forwarding No
Platforms iOS macOS Windows Android Linux
INTEGRATION & ACCESS
REST API No
SSO (SAML / OIDC) No
COMPLIANCE & GOVERNANCE
Audit log No
Self-host / on-prem option No
PRICING

Pricing & tiers

PAID
from €6/mo
View pricing page ↗
PUBLIC DOCUMENTS

Public documents

Vendor does not publish a public DPA. Without a publicly accessible Data Processing Addendum, small EU customers cannot self-serve the processor agreement. This is recorded as no public DPA (see How we assess).
  • Data Processing Addendum (DPA)
    — missing
    missing
  • Sub-processors list
    www.ivpn.net/en…
    Open ↗
  • Terms of Service
    www.ivpn.net/tos…
    Open ↗
ALTERNATIVES

Alternatives in this category

AirVPN
Italy · Founded 2010
EU-SOVEREIGN

Italian hacktivist-founded VPN (Perugia, 2010), no-logs, port forwarding, but no longer serves Italian residents (Piracy Shield).

Public DPA Sub-processors Open source
FROM
€7/mo
CLOUD ACT
NONE
AzireVPN
Sweden · Founded 2012
EU-HOSTED

Swedish privacy VPN (Stockholm, est. 2012): Blind Operator, RAM-only, audited no-logs; acquired by Malwarebytes (US) 7 Nov 2024.

Public DPA Sub-processors Open source
FROM
CLOUD ACT
MATERIAL
CyberGhost
Romania · Founded 2011
EU-BASED

Romanian-operated VPN (CyberGhost S.R.L., 2011) under Kape Technologies (UK; ex-Crossrider) → Unikmind/Teddy Sagi (IM) since 2023; listed as a warning.

Public DPA Sub-processors Open source
FROM
€2/mo
CLOUD ACT
MINOR