Nice (:
Are they subject to UK laws like Investigatory Powers Act (2016)?
The privacy policy you linked to says iVPN uses (self-hosted) Matomo for analytics, automatically collects crash logs from its mobile apps, stores deleted account information for 90 days, etc.
Noting here that the scope of the audits is dictated by the provider not the security company doing the audits. More often that not, the audits (of other providers I’ve read) are all pretty lacking in value (as in, aren’t any where near holistic in their scope of audits or analyses).
Aren’t European States passing laws that require that providers barred from posting warranty canaries?