Editorial Standards

How we research, source, and disclose in a YMYL category. Last updated April 2026.

Independence

Advertisers and affiliate partners do not see coverage before publication, cannot request changes, and cannot pay for better rankings. Our ranking of a VPN, password manager, or antivirus reflects our research and the independent evidence — not its commission rate. Several of our top picks pay us nothing. When a service we cover has an affiliate program we participate in, we say so explicitly in the article.

Our research methodology

We do not operate a controlled hardware or network test lab. We research and compare products by synthesizing vendor documentation, primary sources, and independent third-party benchmarks and audits. For VPNs specifically, that means:

  1. Speed: we rely on independent benchmarks (including Ookla-based VPN speed data) rather than our own runs, and note that results vary by server, route, and date.
  2. Leak behavior: we cite published DNS/IPv6/WebRTC leak findings where available.
  3. Privacy policy: read in full, with specific flags for logging, data retention, third-party sharing, and jurisdictional exposure.
  4. No-logs claims: we trust only audited claims. We list the auditor, audit date, and scope.
  5. Jurisdiction: we flag where the company is incorporated and what surveillance alliances (5/9/14 Eyes, MLATs) that exposes it to.

Password managers

We analyze documented features across desktop and mobile, autofill support, recovery-account mechanics, and cross-reference breach history and independent security audits (Cure53, ISE, SOC 2).

Antivirus

We rely on independent detection-rate, performance-impact, and false-positive data from AV-Test and AV-Comparatives rather than conducting our own virus-scanning benchmarks (which require a malware research environment most ethical publishers won't maintain).

Sourcing

Pricing, feature, and policy claims are sourced from the vendor's official pages as of the article's last-updated date. Audit results are sourced from the published audit report. Breach history is sourced from HaveIBeenPwned, CVE databases, and public reporting. We do not reproduce vendor marketing copy as editorial.

Affiliate disclosure

Every article with affiliate links carries this disclosure at the top: "We earn a commission when you sign up through our links. This doesn't change your price and doesn't affect our rankings." Full policy: Affiliate Disclaimer.

Updates & freshness

Security products change policy and pricing frequently. We revisit our reviews quarterly at minimum, and immediately upon: a company changing jurisdiction, a new independent audit being published, a credible breach disclosure, or a material privacy-policy change.

YMYL responsibility

Security advice can affect financial safety and legal exposure. We try to be honest about the limits of generic advice — if your threat model involves nation-state adversaries, domestic abuse, or legal exposure in hostile jurisdictions, generic consumer VPN and password-manager picks are inadequate. We will say so and point to specialist resources (EFF's Surveillance Self-Defense, NNEDV's Tech Safety, Freedom of the Press Foundation).

Corrections

When we get something wrong, we fix it in-place, add a corrections note, and — if the error was safety-relevant — post an update at the top of the article. Email corrections@smartsecurehaven.com.

AI use

We use AI (primarily Claude) for research, drafting, and formatting. Every article is reviewed by a human editor who is responsible for accuracy, safety-relevance, and final sign-off. We do not publish unedited AI output, fabricated audit results, invented breach data, or hallucinated vendor claims.

What we won't do