Does NordVPN Keep Logs?

NordVPN is a VPN service with a clear stance when it comes to data-logging policy. The VPN provider claims to have a strict “zero logs” policy.

The company guarantees that they will keep no logs when their customers use NordVPN for torrenting, browse the web, and other online activities.

The question that arises is: “how do we know NordVPN holds its promise”? Well, they went ahead and had a neutral audit company verifying if they log or not.

NordVPN’s Logging Policy

NordVPN states in no uncertain terms that they do not log absolutely anything. According to NordVPN’s privacy policy:

Being based in Panama allows us to keep no logs of users’ online activity (no IP addresses, browsing data, traffic information, etc.). This means that we are unable to link an individual user to a specific IP address, connection timestamp or other information that we do not collect. 

This statement also explains why they are able to avoid keeping traffic logs. They are referring to the fact that NordVPN is based outside the US and EU jurisdictions. They have no legal obligation to save logs or to deliver any info whatsoever to government agencies from those jurisdictions.

Independent Auditing

Relying on a VPN provider’s claims isn’t a good security practice. It’s likely to end up with you signing up for a service that logs your activity. One of the few ways a VPN can prove it does not log users’ activities is through an independent audit. Due to the rightful cynicism of its users, NordVPN commissioned an audit.

NordVPN hired PricewaterhouseCoopers (PwC) AG of Zurich, Switzerland, to conduct a full privacy audit. This company is internationally known as one of the “Big Four” auditing companies, so its results are credible.

An auditing company looking for logs

In short, PwC had 11 days in late 2019 with full access to everything NordVPN uses. The company was able to view source code, have full access to servers, and see what data goes in and out. Because PwC’s reputation is the main factor behind their annual gross income of more than $40 billion, they had to remain neutral during the audit.

When the audit was completed, PwC announced that no IP addresses or logs of browsing activity were created or stored by NordVPN. 

The Key Takeaways

NordVPN’s competition had been spreading rumors that the service logged. In a move that no other VPN company has been bold enough to do to date, NordVPN had a giant audit firm tell the world they weren’t lying.

At the end of the audit, the security experts at PwC are confident that NordVPN has done what it promised: Not to save any logs that can identify users.

Unfortunately, most VPN companies don’t offer such an audit. They may have flashy websites and big promises, but there will always be a lingering suspicion that they are logging your activity. In the future, more of the established VPN companies will likely follow this trend to stay competitive.