NordVPN does not keep logs.
In fact, NordVPN claims on its website that it doesn’t store your online activities because “it’s none of its business!” This is excellent news if you want a higher-tier VPN that takes your privacy seriously.
Not sure if you trust NordVPN’s zero-logs promise? Read on to learn more about the provider’s no-logs policy and what it means for NordVPN subscribers.
Has NordVPN's No-Logs Policy Been Audited?
NordVPN had its no-logs policy audited not just once but twice!
The first audit was completed in 2018, and the most recent was conducted in 2020. Both audits confirmed the legitimacy of NordVPN’s zero-logs claim after scrutinizing the code and the employees maintaining the service.
NordVPN promotes itself as a transparent VPN provider, and both no-logs audits can be accessed via a NordVPN account under the “Reports” section.
Focusing on the most recent 19 June 2020 report, the provider was given the “all clear.”
“Nothing has come to our attention that would cause us to believe that Tefincom’s (NordVPN’s) no-log policy and its implementation for the service NordVPN as of 28 May 2020 were not prepared, in all material aspects, in accordance with Tefincom’s description of its service.”
Following this report, Tefincom S.A. (NordVPN’s holding company) included a statement that further highlights no logs procedures and authenticity.
This statement confirms that the auditor fairly presented NordVPN, and no important information was omitted or distorted from the report.
Who Audited NordVPN’s No-Logs Policy?
NordVPN’s no-logs policy was audited by an independent third-party firm called PricewaterhouseCoopers (PWC) Ltd. The firm is considered one of the Big Four accounting firms in the world (along with Deloitte, EY, and KPMG).
PWC was provided full access to all NordVPN’s servers, databases, and other relevant aspects of the VPN service. They were also invited to interview employees, observe operations, and inspect configurations.
The result is an assurance report that complies with ISAE 3000, a formal standard of assurance that confirms the audit was conducted ethically and within the correct scope of judgement.
Interestingly, NordVPN chose the PWC Switzerland branch to do the audit. Switzerland holds watertight privacy laws, and perhaps Tefincom’s stance was to assure users that the report was completed by an auditor who takes privacy seriously? This is my thought.
How Was NordVPN's No-Logs Policy Examined?
NordVPN’s no-logs 2020 audit was more exhaustive than the 2018 examination and involved countless interviews, inspections, and testing.
In this study, the inspection of server configurations, technical logs, and specialized servers (DoubleVPN, P2P, and obfuscated servers) was added to the investigation.
Interviews with staff included questions about the detailed patterns of loggings that the provider makes and how the data is deleted or “not tracked.”
PWC also conducted multiple surveys that helped them reach an accurate conclusion supporting NordVPN’s “no-logs” claim.
Has NordVPN Had Logging Issues in the Past?
It’s no secret that NordVPN had logging issues in the past.
In 2019, social media was riddled with claims that a NordVPN server in Finland was hacked and data breached.
The claims stated that the breach happened in 2018, over a year earlier.
NordVPN responded with a statement that confirmed many of the claims to be true. You can find a full response on the VPN provider’s website.
Basically, NordVPN says the breach occurred due to vulnerabilities in a third-party data center’s server. There were no signs of traffic monitoring during the breach.
However, the attacker did obtain TLS keys which (under extraordinary circumstances) can be used to attack server users.
NordVPN shares a timeline of events as follows:
NordVPN audited the breach a year later and confirmed that “no user credentials were affected.” The company also stated that “the affected server did not contain any user activity logs.”
The VPN service has since terminated its contract with the third-party provider and now encrypts the hard disk of each new server it builds.
“The security of our customers is the highest priority to us, and we will continue to raise our standards further and further.”
– NordVPN
How Does NordVPN's No-Logs Policy Protect You?
One of the most secure ways to mask your information is to not collect it in the first place.
NordVPN’s no-logs policy sticks to this rule and protects your privacy by not tracking the IP addresses and servers you use, the files you download, the websites you visit, or how long you spend online.
VPN usage logs and connection logs can contain a lot of personal information. Some of this information can be used to identify you, your address, and your habits.
Examples of internet logs include:
- Incoming and outgoing IP address
- Connection date and duration
- Amount of data transferred
- VPN servers used
- Websites visited
- Files downloaded
- Software usage
When you use NordVPN’s VPN service, you can rest easy knowing that none of this data is being tracked, monitored, or stored.
The following video explains how NordVPN protects you and mentions how the company’s Panama registration does not require NordVPN to store connection time stamps, session information, bandwidth, etc.
As a plus, NordVPN adds an extra layer of anonymity to your online activity by providing the option to pay for your subscription with cryptocurrency such as Bitcoin!
What Information Does NordVPN Store?
It would be impossible for any VPN to provide a thorough service if it didn’t request a few details. However, NordVPN limits what it stores to essential account details.
These basic account details include your email (stored for account allocation, troubleshooting, and marketing purposes) and your billing info.
Billing info is retained in case refund procedures need to be followed (so says NordVPN).
Other than that, no other personal data is logged, tracked, or shared.
Does NordVPN Share Your Information With Authorities?
NordVPN doesn’t share information with authorities – or let’s rephrase this to say it hasn’t shared information with any law enforcement to date.
A recent blog post released by the provider states that “no VPN is above the law,” and if a legitimate court order was issued, NordVPN would have to comply – any VPN company would have to comply!
In the same breath, NordVPN also states that it’s impossible to share data that’s not logged! The most it could hand over to the authorities is a user’s payment data and email address.
That said, email and billing data can be enough to tie into your real identity.
This is why I recommend using cryptocurrency. A crypto transfer provides an extra layer of security, making it nearly impossible to track your data via this route.
FAQ
Can Police Track NordVPN?
Police or any law enforcement cannot track encrypted VPN traffic.
But they can submit court orders to view VPN traffic logs.
However, higher-tier VPNs like NordVPN don’t keep logs, so there is nothing to track!
The most a strict zero-logs VPN provider can share with the police is an email address and billing info.
What Does NordVPN's Zero Logging Mean?
NordVPN’s zero-logging policy means it doesn’t store any logs whatsoever.
The provider does not store personal information besides your email and billing info. Also, no IP addresses, time stamps, data transfers, information on websites visited and file downloads, or software usage is stored.
Essentially, NordVPN’s “zero-logs” means it stores no information that can be used to identify a user while connected to a VPN-protected server.
What Privacy Features Does NordVPN Offer?
NordVPN offers a strict no-logs policy, military-grade encryption, and DNS leak protection.
As a plus, higher-tier VPN extras include a kill switch, double data encryption, and Onion support for additional security and ad, phishing, and malware detection and blocking.
A Panama registration provides another layer of reassurance that your online activities aren’t visible to any prying eyes.
Can We Trust NordVPN's No-Logs Policy?
With two audit reports from one of the best auditing firms in the world (PWC), it’s safe to say that NordVPN’s no-logs policy can be trusted.
The VPN provider proved its transparency by openly sharing its no-logs audits. These audits are accessed via a user’s account portal and include a detailed analysis of the policy and its authenticity.
The last audit was conducted in 2020 and concluded that NordVPN does not store any usage or connection logs.
Does NordVPN Keep Logs on Android?
NordVPN does not keep logs on Android or any other device.
The VPN provider’s strict no-logs policy applies to all its apps and browser extensions. This means your online activities aren’t tracked or logged as long as you’re connected to a NordVPN server.
However, some customer information, such as the email you used to download your app and create your account, may be stored and used to provide a full VPN service.
Does NordVPN Keep Logs After Uninstalling?
NordVPN’s logs are limited to basic personal data such as a user’s email address, username, and billing info. According to the provider’s privacy policy, this information can be stored for up to two years from when you cancel your account and uninstall your app.
However, you can request that your personal information be deleted earlier. Just contact NordVPN’s customer support team, and they’ll erase your account history.
You also have data protection rights, which means you can ask NordVPN to show you the personal data they have stored on you at any time.
My Final Thoughts…
Too many companies advertise false claims, and it’s understandable why some VPN users shy away from NordVPN’s promise to keep privacy protected.
My opinion: NordVPN has given good reason to trust its no-logs policy by validating it with external proof. You can browse, stream, torrent, game, and conduct your work with NordVPN, knowing that no one can trace your steps online or pin down your details and location.
Are you ready to start using NordVPN now?
Still not sure if NordVPN checks all your boxes? Read this detailed review on the VPN to see if it’s for you.