Updated March 1, 2026

Transparency Report

We operate openly in the interest of our users. This page documents every government request we receive, the status of our security audits, and our warrant canary. We update it quarterly.

Warrant Canary

ACTIVE

A warrant canary allows us to indirectly signal to users that we have not received secret government orders that we are prohibited from disclosing. If this statement disappears or changes, users should treat it as a potential signal that our ability to speak freely has been compromised.

As of March 1, 2026, LimeVPN has NOT received any National Security Letters, FISA court orders, or any other classified government demands for user data. We have NOT been required to implement any backdoors in our systems. We have NOT been compelled to monitor our users' internet activity.

Last verified: March 1, 2026. This canary is reviewed and updated monthly. If it has not been updated within 60 days, treat this as a signal of compromise.

Government & Law Enforcement Requests

All valid legal requests we receive, categorized by type and outcome. We report all requests regardless of compliance status.

1
Total requests (2025)
0
Requests complied with
1
Requests challenged
0
Users notified
Period Received Complied Challenged Users Notified
Q1 2026 (Jan–Mar) 0 0 0 0
Q4 2025 (Oct–Dec) 1 0 1 0
Q3 2025 (Jul–Sep) 0 0 0 0
Q2 2025 (Apr–Jun) 0 0 0 0

About the Q4 2025 challenged request

In Q4 2025, we received one legal inquiry from a law enforcement agency. The request lacked proper jurisdictional authority and was overly broad in scope. We challenged the request through legal counsel. No user data was produced. The request was subsequently withdrawn. We notified 0 users as no valid legal order was issued and we were not legally prohibited from disclosing the challenge outcome.

Types of requests we may receive and how we handle them

Subpoenas & court orders

We review for valid jurisdiction and proper legal basis. If valid, we produce only account-level data (email, subscription status) — never VPN activity logs, which do not exist.

Law enforcement inquiries

Informal law enforcement requests receive a formal response from legal counsel. We do not comply with requests that lack proper legal authority.

National security letters (NSLs)

NSLs may come with gag orders prohibiting disclosure. Our warrant canary would go dark if we received one we could not disclose.

DMCA/copyright notices

DMCA takedown notices relating to IP addresses cannot be fulfilled — we do not log which users were assigned which IP addresses at any given time.

Security Audit History

Independent third-party audits are the gold standard for verifying security claims. Below is our audit status and roadmap.

○ Planned

No-Logs Infrastructure Audit

H2 2026

Full audit of server configuration, logging infrastructure, and data handling practices by an independent security firm.

Auditor: TBD — evaluating firms

○ Planned

Application Penetration Testing

H1 2026

Black-box and white-box penetration testing of our VPN client applications (Windows, macOS, Linux, iOS, Android).

Auditor: TBD

● Ongoing

Internal Security Reviews

Continuous

Regular internal reviews of our server infrastructure, access controls, and security policies. Ongoing.

Auditor: Internal security team

We are committed to completing our first full third-party infrastructure audit in 2026. Results will be published on this page in full.

Infrastructure Transparency

Server ownership model

We use a combination of dedicated bare-metal servers and trusted data center partners. We do not use cloud providers (AWS, GCP, Azure) for VPN endpoints to minimize third-party exposure.

Data center locations

Our servers are located in data centers across 30+ countries. Each location is chosen for connectivity quality, provider reliability, and jurisdictional privacy protections.

Network protocols

We support WireGuard (default), OpenVPN, and IKEv2/IPSec. All protocols use AES-256-GCM encryption with perfect forward secrecy.

DNS infrastructure

All DNS queries are handled by our own encrypted recursive resolvers. We operate zero-log DNS infrastructure. Queries are resolved in-tunnel and never exposed to third parties.

Access controls

Server access is restricted to authorized personnel only, with mandatory 2FA and audit logging of all administrative access. Principle of least privilege is enforced throughout.

Incident response

We maintain a documented incident response plan. In the event of a confirmed breach affecting user data, we commit to notifying affected users within 72 hours.

Privacy You Can Actually Verify

We don't just claim to protect your privacy — we document it publicly. Join LimeVPN and browse with confidence knowing exactly how we operate.

Get LimeVPN — From $1.49/mo

AES-256 Encryption · No-Logs Policy · 30+ Locations · Kill Switch

More on Our Privacy Commitment

No-Logs Policy

Technical details of how our infrastructure makes logging impossible.

Why Privacy Matters

Our philosophy on digital privacy as a fundamental right.

Privacy Policy

Full legal privacy policy: data collection, retention, and your rights.

Security Features

Encryption, protocols, kill switch, and every security layer we offer.