VPN Logging Policies Compared: Who Keeps What Data? (2026)

Your VPN provider sits between you and the internet. They could see everything your ISP would normally see. The difference is: a no-logs VPN provider promises not to record this data. But promises aren't enough — verification is essential.

NordVPN — Panama Jurisdiction

What they log: Email, payment data, anonymized aggregate service usage, crash reports (optional) What they don't log: Browsing activity, connection timestamps, IP addresses, session duration, bandwidth, DNS queries Verification: Deloitte audit (2024) confirmed no-logs infrastructure. RAM-only colocated servers.

Surfshark — Netherlands Jurisdiction

What they log: Email, payment data, anonymized diagnostic data What they don't log: Browsing activity, IP addresses, connection timestamps, bandwidth, network traffic Verification: Deloitte audit (2023). RAM-only servers. Moved from BVI to Netherlands for better infrastructure while maintaining no-logs.

ExpressVPN — BVI Jurisdiction

What they log: Activation date, choice of server location (not specific server), total data transferred per day (not detailed) What they don't log: Browsing activity, IP addresses, DNS queries, connection timestamps, session duration Verification: KPMG audit (2024). PwC audit of TrustedServer. Turkish server seizure found zero user data.

Proton VPN — Swiss Jurisdiction

What they log: Account email, payment info, single timestamp of last successful login (overwritten each time) What they don't log: Browsing activity, IP addresses, DNS queries, session duration, bandwidth Verification: Securitum audit (2024). Fully open-source apps. Swiss court case (2019) confirmed they could not provide user data beyond the single timestamp.

Mullvad — Swedish Jurisdiction

What they log: Nothing. No email, no name, no payment details (cash accepted) What they don't log: Everything Verification: Assured AB audit (2024). Swedish police seizure (2023) confirmed zero customer data on premises. No account system to log.

From most private to least:

1. Mullvad — Collects literally nothing. No account, no email, no payment data
2. Proton VPN — Minimal account data, single overwritten timestamp, open-source
3. NordVPN — Standard account data, no activity logs, audited
4. ExpressVPN — Slightly more metadata (aggregate daily data), but no activity logs, audited
5. Surfshark — Standard account data, no activity logs, audited

All five providers have been independently verified to not log user activity. The differences are in account/metadata collection.

Privacy policies reviewed in April 2026. Audit reports referenced directly. Court cases and seizure incidents documented from public records. Open-source code for Proton VPN and Mullvad verified on GitHub.

Related Guides

Internet Speed Guide: What You Need for Remote Work, Streaming & Gaming (2026)

How much internet speed do you actually need? Speed requirements for video calls, streaming, gaming, and VPN overhead explained.

Marcus Johnson

Advanced VPN Gaming Guide: Reduce Lag, Host Servers, Access Global Content (2026)

Beyond basic gaming VPN. Port forwarding for game hosting, NordVPN Meshnet for LAN parties, regional pricing, and console VPN via router.

Marcus Johnson

VPN for Seniors: Simple Security for Less-Technical Users (2026)

A jargon-free VPN guide for seniors and less-technical users. Why you need one, which to choose, and how to set it up in 5 minutes.

Sarah Chen