AirVPN started as a project of a very small group of activists, hacktivists, hackers in 2010, with the invaluable (and totally free) help of two fantastic lawyers and a financing from a company interested in the project and operated by the very same people.
The Pirate festival held in Rome and a lucky coincidence were decisive for the project. An extraordinary confluence of energies, ideas and persons took place there. Including people from NEXA, Telecomix, Juliagruppen, the swedish Pirate Party, the italian Pirate Party association, the grassroots organization Scambioetico, activists from Mexico and the USA, lawyers with high competences in privacy, data protection and so-called "Intellectual property" fields, it was the perfect place and time to envision the project.
AirVPN started as a completely free service for anyone in april 2010. Soon it added a commercial side aimed to keep the project financially sustainable, capable to support the impact of free access to activists in human rights hostile countries and ensure to the team a monetary basis which could allow a full-time dedication.
Initially AirVPN had two dedicated servers in one country and was operated by Iridium, a company which was born in 1998 and that employed, in the telecommunication field, only persons involved in digital or non-digital civil activism. Iridium took care of AirVPN until November 2012, when all the handling was progressively transferred to a dedicated company (Air) with the very same persons and policies (no changes for the customers, for the privacy and for the data protection, even the privacy legal responsible person is the same one).
Today, AirVPN is operated exclusively by activists, privacy, data protection and security issues aware persons, law experts with the help of the same lawyers, and counts more than 80 servers with high bandwidth lines and good or top hardware in 15 datacenters across 16 countries in 3 continents. The solidity of the infrastructure is enhanced literally every week, so that most attacks (UDP and TCP flood, DDoS...) that caused service issues in the first AirVPN year of life now remain totally unnoticed to the users.
The customer service is not and has never been outsourced in order to provide high quality of support.
Access to servers is restricted to an essential core of the team and any access outside this core must be authorized and performed under controlled conditions. No database is kept on any VPN server. The database is clustered across backend dedicated servers which never communicate directly with any client or with any other host outside our servers (nobody knows, except three persons, where the backend servers are located and additional security systems are in place to prevent any direct access to the database from outside the backend servers -not even the VPN servers really communicate directly with the database).
As far as we know, AirVPN is the only VPN in the world which transparently let anyone access a servers monitor on the www, updated every 60 seconds, to check the infrastructure status and verify that we respect our no-overselling and guaranteed allocated bandwidth commitments stated in the ToS. AirVPN also provides some features which might go unnoticed to the masses but which are important, such as separate entry and exit IP addresses on every VPN server to prevent some correlation attacks, typical on VPNs with a shared IP which is used both as entry and exit-IP address.
On the contrary, above all, a lot of passion for what we do. We all feel that AirVPN is completely different from a commercial enterprise which aims exclusively to profits. Profits are important for us, otherwise keeping this infrastructure would be impossible, but they come after the security for our users and the respect of our policies and commitments.
An episode may be interesting to evaluate our determination: a vile and sudden suspension of service by a major datacenters operator in France in 2010 (all paid servers cancelled without prior notice and without any explanation - still today we have no explanation for that). We had everything there, except the database, so we had to re-start almost from scratch, but the service stayed down for only 4 days.
At the end of 2012, a dedicated company has been founded, exclusively to operate the fiscal side of the project and the handling of the data according to the relevant legal framework in an optimal way. You can find the name of the legal responsible person for privacy and data protection in the Privacy Notice (he's the same old one :) ). The Air company operates exclusively AirVPN, and will be involved only in AirVPN strictly related side projects about network neutrality and censorship circumvention (we'll have some news on that probably within the first half of 2013).