Back to home

Transparency Report

We publish transparency reports quarterly. Because of our zero-knowledge architecture, we have no user data to provide even if compelled.

Latest

Q1 2026

January 1 – March 31, 2026

Data requests received

0

No requests

Data requests complied with

0

Nothing to comply with

Government orders received

0

No orders

Infrastructure seizures

0

No seizures

User accounts affected

0

No accounts affected

Warrant canary status

Active

View canary →

Why all zeros?

Zero-knowledge architecture

Our infrastructure is designed so that we never possess the data governments typically request. We do not log traffic, DNS queries, connection timestamps, or source IP addresses. The data simply does not exist on our servers. This is enforced by architecture, not policy -- the proxy engine runs with no disk write permissions for traffic data.

Anonymous accounts

Ghost tier accounts require no email, no name, and no identity. We accept cryptocurrency payments (BTC, XMR, Lightning). Even if compelled by a court order, we cannot identify Ghost tier users because we never collected that information.

Encrypted tunnel, nothing more

We operate WireGuard tunnels. Traffic enters encrypted and exits encrypted. No inspection, no deep packet analysis, no metadata collection. The server processes packets in memory and discards them. Nothing is written to disk.

RAM-only servers (planned)

Our roadmap includes migrating to RAM-only server infrastructure. When this is complete, a server reboot or seizure will result in total data loss. There will be nothing recoverable from the hardware.

What happens if we receive a request?

1

We verify the legal basis. Every request is reviewed by legal counsel. We do not comply with informal requests, voluntary cooperation programs, or requests from jurisdictions without valid legal authority.

2

We challenge overly broad requests. If a request is overbroad, lacks proper authority, or is legally deficient, we will challenge it in court.

3

We disclose what we can. For any data request we comply with, we will notify the affected user unless legally prohibited from doing so (i.e., gag order). In that case, the warrant canary serves as the signal.

4

We report it here. All requests and their outcomes are included in the next quarterly transparency report, to the maximum extent permitted by law.

Report schedule

Q1 2026 Current
Q2 2026 July 2026
Q3 2026 October 2026
Q4 2026 January 2027

Related

Warrant Canary Privacy Policy The Mullvad Standard