Inside our 2026 independent no-logs audit

We let Cure53 spend two weeks crawling through our infrastructure looking for anything we'd be embarrassed to admit. Here's what they found.

In February 2026 we handed Cure53 root access to our staging cluster, full source code to every service, and unrestricted interviews with our engineers. We asked them to find anything that contradicted our no-logs claim.

After two weeks they reported zero log retention paths, zero unauthenticated metric exports, and zero shared encryption keys across regions. The full report is published on our transparency page with the exact commits they audited.

We commit to repeating this audit every twelve months — and to publishing the result whether it flatters us or not.