What "no-logs" actually means
A no-logs VPN policy means the provider doesn't store records of your online activity while connected to their servers. No browsing history, no connection logs, no timestamps, no IP addresses that could be traced back to you.
The significance: if a government agency or law enforcement requests your data, a true no-logs VPN has nothing to hand over. There's nothing in their systems that could identify what you did online or when.
The problem is that "no-logs" is a marketing claim that almost every VPN provider makes — including ones that have handed user data to authorities when pressed. The claim alone means very little. What matters is independent verification.
What NordVPN does and doesn't collect
- Browsing history
- Traffic data or content
- IP addresses
- Connection timestamps
- DNS queries
- Bandwidth usage per session
- Which servers you connected to
- Email address (account)
- Payment information
- Aggregate app performance data
- Crash reports (optional)
The distinction matters: NordVPN knows you have an account and have paid for a subscription. They don't know what you did with it. An email address and payment record can't tell anyone what websites you visited or when.
The independent audits
NordVPN has commissioned multiple independent audits of their no-logs policy — not internal reviews, but external firms with no financial interest in a positive result.
✓ What RAM-only servers mean
NordVPN runs on RAM-only servers — there are no hard drives. All data exists only in temporary memory that is wiped every time a server reboots. Even if a server were physically seized, there would be nothing on it to read. This makes the no-logs claim not just a policy but a technical reality.
The 2018 server breach — and why it matters
In 2018, one of NordVPN's rented servers in Finland was accessed without authorization by an unknown third party. NordVPN disclosed this publicly in 2019 after becoming aware of it.
Here's why it actually supports the no-logs claim: the attacker had access to the server but found no user data because there was none to find. No connection logs, no browsing history, nothing that could identify any user. The breach confirmed that the no-logs policy was real, not just a claim.
NordVPN has since moved to owning their own servers rather than renting from third parties, reducing the attack surface significantly.
⚠ What no-logs doesn't protect against
A no-logs VPN protects you from your VPN provider knowing your activity. It doesn't protect against malware on your device, compromised websites, or surveillance tools installed before the VPN connection. It also doesn't protect against a VPN connection drop that briefly exposes your real IP — that's what the kill switch is for.
Why this matters for travelers
When you use a VPN in a country with internet restrictions — China, the UAE, Russia — you're trusting your VPN provider with your traffic. A government that can't see your traffic directly might instead compel the VPN provider to hand over logs. With NordVPN's verified no-logs policy and RAM-only infrastructure, there are no logs to hand over.
For everyday hotel wifi security, the practical privacy benefit is the same: your browsing history doesn't exist on NordVPN's servers. Even if someone somehow obtained access to NordVPN's systems, your activity wouldn't be there.
Free Download
The Traveler's Digital Security Checklist
7 things to set up before you travel — including VPN configuration that keeps your activity private on hotel wifi worldwide.
No spam. Unsubscribe anytime.
Frequently asked questions
When requested, NordVPN has provided the only data they have: account registration information (email address). They have never provided connection logs, browsing history, or IP addresses — because those records don't exist. NordVPN publishes a transparency report documenting these requests.
NordVPN is based in Panama, which has no mandatory data retention laws and is outside the Five Eyes, Nine Eyes, and Fourteen Eyes intelligence-sharing alliances. This means NordVPN is not legally required to store user data and cannot be compelled by US or EU authorities to do so under their own jurisdiction.
The kill switch blocks all internet traffic if the VPN connection drops unexpectedly, preventing your real IP address from briefly leaking. It's the complement to no-logs: no-logs means your past activity isn't recorded; the kill switch means your real identity doesn't get exposed if the VPN momentarily disconnects. Enable it in Settings → Advanced.
Most VPNs claim no-logs but don't submit to independent audits. Several VPNs that claimed no-logs have been shown to keep logs when court orders or law enforcement requests revealed their data. NordVPN has three independent audits from PwC and Deloitte, plus RAM-only server infrastructure that makes logging technically impossible. The combination of audited policy and technical implementation is what distinguishes it.
The VPN we travel with
NordVPN — independently audited no-logs policy
Three independent audits by PwC and Deloitte. RAM-only servers that physically cannot retain data. Based in Panama outside major intelligence alliances.
Get NordVPN — Save up to 69% →* Affiliate link — we earn a commission at no cost to you.