What "no-logs" actually means

A no-logs VPN policy means the provider doesn't store records of your online activity while connected to their servers. No browsing history, no connection logs, no timestamps, no IP addresses that could be traced back to you.

The significance: if a government agency or law enforcement requests your data, a true no-logs VPN has nothing to hand over. There's nothing in their systems that could identify what you did online or when.

The problem is that "no-logs" is a marketing claim that almost every VPN provider makes — including ones that have handed user data to authorities when pressed. The claim alone means very little. What matters is independent verification.

What NordVPN does and doesn't collect

✗ Not collected
  • Browsing history
  • Traffic data or content
  • IP addresses
  • Connection timestamps
  • DNS queries
  • Bandwidth usage per session
  • Which servers you connected to
✓ Collected (account data)
  • Email address (account)
  • Payment information
  • Aggregate app performance data
  • Crash reports (optional)

The distinction matters: NordVPN knows you have an account and have paid for a subscription. They don't know what you did with it. An email address and payment record can't tell anyone what websites you visited or when.

The independent audits

NordVPN has commissioned multiple independent audits of their no-logs policy — not internal reviews, but external firms with no financial interest in a positive result.

2018
PricewaterhouseCoopers AG — First audit
PwC audited NordVPN's infrastructure and privacy practices. Confirmed that the no-logs policy was technically implemented — the systems were not capable of storing the data the policy claimed they didn't store.
2020
PricewaterhouseCoopers AG — Second audit
A repeat audit covering updated infrastructure and the transition to RAM-only servers. Confirmed no connection logs, no IP logs, no traffic data. Second clean result from an independent auditor.
2023
Deloitte — Third-party infrastructure audit
Deloitte audited NordVPN's server infrastructure and security practices. Confirmed no-logs implementation across the network, including the RAM-only server architecture that makes data persistence technically impossible.

✓ What RAM-only servers mean

NordVPN runs on RAM-only servers — there are no hard drives. All data exists only in temporary memory that is wiped every time a server reboots. Even if a server were physically seized, there would be nothing on it to read. This makes the no-logs claim not just a policy but a technical reality.

The 2018 server breach — and why it matters

In 2018, one of NordVPN's rented servers in Finland was accessed without authorization by an unknown third party. NordVPN disclosed this publicly in 2019 after becoming aware of it.

Here's why it actually supports the no-logs claim: the attacker had access to the server but found no user data because there was none to find. No connection logs, no browsing history, nothing that could identify any user. The breach confirmed that the no-logs policy was real, not just a claim.

NordVPN has since moved to owning their own servers rather than renting from third parties, reducing the attack surface significantly.

⚠ What no-logs doesn't protect against

A no-logs VPN protects you from your VPN provider knowing your activity. It doesn't protect against malware on your device, compromised websites, or surveillance tools installed before the VPN connection. It also doesn't protect against a VPN connection drop that briefly exposes your real IP — that's what the kill switch is for.

Why this matters for travelers

When you use a VPN in a country with internet restrictions — China, the UAE, Russia — you're trusting your VPN provider with your traffic. A government that can't see your traffic directly might instead compel the VPN provider to hand over logs. With NordVPN's verified no-logs policy and RAM-only infrastructure, there are no logs to hand over.

For everyday hotel wifi security, the practical privacy benefit is the same: your browsing history doesn't exist on NordVPN's servers. Even if someone somehow obtained access to NordVPN's systems, your activity wouldn't be there.

Free Download

The Traveler's Digital Security Checklist

7 things to set up before you travel — including VPN configuration that keeps your activity private on hotel wifi worldwide.

No spam. Unsubscribe anytime.

Frequently asked questions

When requested, NordVPN has provided the only data they have: account registration information (email address). They have never provided connection logs, browsing history, or IP addresses — because those records don't exist. NordVPN publishes a transparency report documenting these requests.

NordVPN is based in Panama, which has no mandatory data retention laws and is outside the Five Eyes, Nine Eyes, and Fourteen Eyes intelligence-sharing alliances. This means NordVPN is not legally required to store user data and cannot be compelled by US or EU authorities to do so under their own jurisdiction.

The kill switch blocks all internet traffic if the VPN connection drops unexpectedly, preventing your real IP address from briefly leaking. It's the complement to no-logs: no-logs means your past activity isn't recorded; the kill switch means your real identity doesn't get exposed if the VPN momentarily disconnects. Enable it in Settings → Advanced.

Most VPNs claim no-logs but don't submit to independent audits. Several VPNs that claimed no-logs have been shown to keep logs when court orders or law enforcement requests revealed their data. NordVPN has three independent audits from PwC and Deloitte, plus RAM-only server infrastructure that makes logging technically impossible. The combination of audited policy and technical implementation is what distinguishes it.

The VPN we travel with

NordVPN — independently audited no-logs policy

Three independent audits by PwC and Deloitte. RAM-only servers that physically cannot retain data. Based in Panama outside major intelligence alliances.

Get NordVPN — Save up to 69% →

* Affiliate link — we earn a commission at no cost to you.