Proton successfully completes its initial SOC 2 Type II assessment, confirming its robust business security standards.
Proton VPN, a leading Virtual Private Network (VPN) provider, has passed the SOC 2 Type II audit, providing a significant boost to its reputation for data security, confidentiality, and privacy.
The SOC 2 audit framework tests a provider's handling of sensitive information, covering both control systems and their implementation. Schellman, an independent auditing firm with extensive experience in the technology sector, conducted the auditing process.
The third and most recent audit report of Proton's no-logs policy was published in July 2024, while the first SOC 2 Type II audit was passed in July 2025. The audit assesses not just the design of security controls but their actual functioning over time, providing stronger assurance of reliable and secure data management practices.
For VPN providers, whose core business is protecting user data and online privacy, SOC 2 Type II attestation demonstrates that their security practices are rigorously tested and continuously maintained. It confirms that the provider enforces strict controls against unauthorized access and suspicious behaviors, uses encryption protocols such as TLS to secure data in transit, and monitors access continuously.
Proton VPN’s completion of the SOC 2 Type II audit reinforces trust in its operational security, proving that its security measures are not just technical implementations but embedded in its processes and controls. It signals that Proton meets independently-audited standards for how it handles systems and data, supporting its claims of privacy and security integrity.
In addition to the SOC 2 Type II audit, Proton regularly conducts penetration testing on its services and has a public bug bounty program offering rewards of up to $10,000. Proton's apps are open source, allowing the developer community to inspect the codebase, and its product was tested extensively for a full review with no evidence of DNS leaks or issues with the kill switch feature found.
Proton is also ISO 27001 certified and its no-logs policy is audited annually by Securitum, a major security auditing company based in Poland. The results of the SOC 2 report are available for customers on request.
"Our SOC 2 Type II attestation proves that our security isn't just technical - it's operational," said Patricia Egger, Proton's Head of Security. "We are committed to increasing transparency, developing our security infrastructure, and helping businesses better assess our services."
SOC 2 Type II is a widely recognized standard for business security, particularly important in areas such as finance, healthcare, and regulated industries. For Proton VPN, this independent assurance can be critical for enterprise clients and privacy-conscious users when selecting a VPN service.
[1] Schellman, "Proton VPN SOC 2 Type II Audit Report" [2] Proton VPN, "Proton VPN Passes SOC 2 Type II Audit" [3] TechRadar, "Proton VPN passes SOC 2 Type II audit, reinforcing its commitment to user privacy and security" [4] Forbes, "Proton VPN Passes SOC 2 Type II Audit: What Does It Mean For Your Privacy?"
- To reinforce its commitment to data security and privacy, Proton VPN, the leading VPN provider, underwent a SOC 2 Type II audit in July 2025, demonstrating that its technology and security practices are rigorously tested and continuously maintained.
- Apart from the SOC 2 Type II audit, Proton VPN also positions itself as transparent and innovative by regularly conducting penetration testing, maintaining a public bug bounty program, and making its apps open source, allowing for thorough community vetting and evaluation.
