Mullvad VPN

Mullvad VPN is one of the most-cited privacy-maximalist VPN providers in the world, operated by Mullvad VPN AB and parent **Amagicom AB** in Gothenburg, Sweden (Box 53049, 400 14 Gothenburg). Launched in March 2009 by Fredrik Strömberg and Daniel Berntsson, the company remains **100% founder-owned** — there is no private equity, no venture-capital backing, no parent conglomerate, and no acquisition pressure. Mullvad's product philosophy is built on a single radical idea: a VPN can be useful without ever collecting customer identity. The account system reflects this — accounts are random numbered tokens; there is no email address, no username, no password recovery, no personal-data field at signup. Users can generate as many accounts as they wish on the website at any time. The no-logs commitment is more rigorous than most competitors and externally verified. Mullvad does not log activity, traffic, DNS queries, connection events, IP addresses, bandwidth, or timestamps. **Cure53 — the German cybersecurity firm — has audited Mullvad multiple times**: a 2018 penetration test of the macOS / Windows / Linux apps; a 2020 infrastructure audit; a 2024 desktop-application audit that rated security "high"; and a 2024 audit of the WireGuard and OpenVPN relay-code that found no PII retention or privacy leaks (only two low- and medium-severity issues, both unrelated to logging). Nginx access logs on web infrastructure are deleted after 5 minutes without IPs; support emails are auto-deleted after 70 days; cash-payment envelopes are shredded after processing; cryptocurrency transaction records are deleted after 20 days. All apps are open-source on GitHub. Pricing is famously simple and never-changing: **€5/month flat, regardless of commitment length** — 1 month, 1 year, or 1 decade, all the same monthly rate. The company explicitly does not run sales, holiday promotions, "Black Friday" discounts, or affiliate programmes — these are excluded as a matter of principle to avoid marketing-influence bias. Payment methods include cash (mail), cryptocurrencies (Bitcoin, Bitcoin Cash, Monero with a 10% discount), credit cards, PayPal, and regional bank transfers. 14-day money-back guarantee (except cash payments). 5 simultaneous devices. No port forwarding. Best fit: privacy-maximalist users worldwide who specifically want anonymous-account architecture and a Swedish-EU-jurisdiction founder-owned provider — and any procurement-grade buyer for whom "ownership simplicity + audited no-logs" beats feature breadth.