Does NordVPN keep logs?

NordVPN has a strict no logging policy
(Image credit: NordVPN)

NordVPN has rightfully earned its place on our list of the best VPN services available. This is because it has a vast network of more than 5,000 servers across 50-odd countries, supports up to six simultaneous connections and offers native apps for Windows, Mac, Android, iOS and Linux. NordVPN also supports a number of VPN protocols including OpenVPN, IKEv2/IPSec and Wireguard.

However, one of the biggest differentiators between NordVPN and the competition is the fact that the company keeps no logs on its users. While some VPN companies claim not to keep tabs on the activities of their users online including the sites they visit, what they download and more, these claims are often hard to verify.

This isn’t the case with NordVPN however, as back in 2018 it hired an independent auditor to review its servers and code - we’ll go into further detail about this later.

In this article, we’ll take a much closer look at NordVPN’s no-logging policy, its independent security audit and even cover some of the service’s additional features designed to help protect your privacy online.

No-log policy

A no-log policy is one of the features that many customers look for when deciding on a VPN service. 

When you connect to the internet without a VPN, all of your online traffic passes through your internet service provider (ISP) and they can see everything you do online as well as track your behavior. Sometimes an ISP will even hand over your online data to advertisers, government agencies or other third parties.

When you connect to a VPN server on the other hand, your ISP can no longer see what you do online. But your VPN provider will still be able to and this is why no-log policies are important.

When shopping for a VPN deal, privacy-conscious customers should pay careful attention to the types of data a service collects, the external support or tracking tools used, the country where the service operates and the payment options available.

In its privacy policy on the NordVPN website, the company goes into detail about its no-log policy and explains that the company is based in a country that does not require user data to be stored, saying:

“NordVPN guarantees a strict no-logs policy for NordVPN services, meaning that your activities using NordVPN Services are provided by automated technical process, are not monitored, recorded, logged, stored or passed to any third party. We do not store connection time stamps, session information, used bandwidth, traffic logs, IP addresses or other data. From the moment a user turns on the software, their Internet data becomes encrypted. Any online traffic coming from user’s device is no longer visible to ISP, third-party snoopers or cyber criminals. Further, NordVPN have a strict no logs policy when it comes to seeing user activity online: NordVPN is based in Panama, which does not require data storage.”

NordVPN’s privacy policy not only covers general logging of its customers’ activities online but also session logging details such as recording a user’s incoming IP address when they connect to its service. Other VPN providers claim to keep no logs on their users’ activity online but still log some session details which could still reveal where you were when you connected to their VPN and for how long you used the service.

Independent audits

Less reputable VPN providers often claim to keep no logs on their users as a selling point as to why you should pick their service over the competition. However, as we mentioned before, it is often difficult to verify these claims. This is why more and more VPN companies have made the decision to put themselves and their services through public audits.

Between October and November of 2018, NordVPN hired PricewaterhouseCoopers to run an independent audit on its infrastructure and services as well as verify that its logging policy description is accurate. You can find more details in this blog post, but the long and short of it is that the company now has far more evidence to support its no logging claims. NordVPN also plans to regularly audit its service in the future to ensure that its customers know exactly the kind of service they’re getting when they sign up.

In fact, last year the company invited the security research group VerSprite, which specializes in software vulnerabilities, to examine its apps. The researchers simulated malicious attacks on all of the company’s apps to see which ones were vulnerable. In total, VerSprite found 7 low-level vulnerabilities, 6 medium-level vulnerabilities and 4 high-level vulnerabilities which have all now been patched by NordVPN.

Additional privacy features

NordVPN doesn’t keep any logs on its users and the company also offers a number of additional features to help protect the privacy of its users online.

The NordVPN kill switch, for example, helps protect your sensitive data from leaking online in the event that your VPN connection drops. When enabled, the kill switch safeguards your IP address and online activity from being exposed and this helps preserve your anonymity and security online.

NordVPN also offers a variety of different server types including double VPN and Onion over VPN. A double VPN sends your internet traffic through two different servers to encrypt your data twice while Onion over VPN sends your traffic through one of NordVPN’s servers and then passes it through the Onion network before it reaches the internet. While most users won’t need the additional protection that these two server types offer, they’re still nice to have especially if you’re working with sensitive material online.

NordVPN also accepts a number of cryptocurrencies including Bitcoin, Ethereum, Litecoin, Ripple, Monero and Dash. Users that have a crypto wallet can sign up and pay for the company’s VPN service with complete anonymity and still have access to its 30-day money-back guarantee.

Finally NordVPN is based in Panama and this means that the company is under no legal obligation to collect the personal data of its users. VPNs based in the EU or US are legally required to store this kind of data on their users but thankfully, NordVPN isn’t.

Read more:

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.