VPN No-Logs Policy: What It Really Means
Every VPN claims "no logs." But what does that actually mean? Which providers have proven it? And what data do they still collect?
Updated
Expert-tested
Our Top 4 VPN Picks
Chosen after real-world testing across speed, privacy, and streaming. Each ranking is independent — we buy every VPN at retail and test it ourselves.
EDITOR'S PICK
Best Overall
NordVPN
4.8/ 5
Fastest speeds, audited no-logs, 6000+ servers
Audited no-logs policyThreat Protection blocks malware10 devices per account30-day money-back guarantee
Best for Unlimited Devices
Surfshark
4.6/ 5
Unlimited devices, CleanWeb blocker, 100+ countries
Unlimited simultaneous devicesCleanWeb ad & malware blockerRAM-only server network30-day money-back guarantee
Best for Privacy
Proton VPN
4.5/ 5
Swiss privacy laws, open-source, free tier
Swiss jurisdiction (no data laws)Open-source and auditedSecure Core multi-hopFree tier available forever
Best Budget
FastestVPN
4.2/ 5
Lifetime plans, 10 devices, ad blocker
Lifetime deal available10 devices per accountBuilt-in ad blockerNo-logs policy
We earn a commission when you click “Get” buttons, at no extra cost to you. Read our affiliate disclosure
What "No Logs" Should Mean
Not Logged (Activity Data)
- + Browsing history / websites visited
- + Connection timestamps
- + Your real IP address
- + Session duration
- + Bandwidth used
- + DNS queries
- + Downloaded files
Usually Collected (Account Data)
- Email address (for account)
- Payment information (for billing)
- Aggregate server load stats (anonymized)
- Crash reports (optional, anonymized)
- Subscription status
Exception: Proton VPN collects none of these — no email, anonymous payment accepted.
Independent Audit History
| Provider | Auditor | Year | Scope | Result |
|---|---|---|---|---|
| NordVPN | Deloitte | 2024 | No-logs infrastructure | Passed |
| NordVPN | Cure53 | 2023 | App security | Passed |
| FastestVPN | Deloitte | 2023 | No-logs policy | Passed |
| FastestVPN | Independent | 2024 | No-logs policy | Passed |
| Proton VPN | Securitum | 2024 | Apps + no-logs | Passed |
| Proton VPN | Assured AB | 2024 | Infrastructure | Passed |
| Proton VPN | Swedish Police | 2023 | Server seizure | No data found |
How to Verify a No-Logs Claim
- 1. Check for independent audits — Has the provider been audited by a Big Four firm or Cure53? When was the last audit?
- 2. Check the jurisdiction — Is the provider in a country with mandatory data retention laws?
- 3. Look for RAM-only servers — Servers running in RAM can't store data persistently.
- 4. Review the privacy policy — Read the actual policy, not just the marketing. What data do they explicitly say they collect?
- 5. Check for real-world incidents — Has the provider been subpoenaed or had servers seized? What happened?
- 6. Open-source code — Can you verify the claims by reviewing the code? (Proton VPN: yes)
Frequently asked
Frequently Asked Questions
Claims alone mean nothing. Look for: (1) independent audits by reputable firms (Deloitte, KPMG, PwC, Cure53), (2) open-source code you can verify, (3) real-world tests like server seizures that found no data, (4) RAM-only servers that can't store data persistently.
Even 'no-log' providers collect some data for billing: your email address and payment information. What they don't log: your browsing activity, connection timestamps, IP addresses, session duration, or DNS queries. The key distinction is activity logs vs. account data.
There have been several real-world tests. Proton VPN's Swedish police raid (2023) found no customer data. These incidents confirmed no-logs policies in practice, not just in marketing.
A VPN's jurisdiction determines what laws it must comply with. Providers in Panama (NordVPN), Cayman Islands (FastestVPN), and Switzerland (Proton VPN) face no mandatory data retention laws. Providers in Five Eyes countries may face government pressure to log data.
Keep reading