When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.
Edward Snowden's 2013 leaks uncovered government surveillance and information collection programs. As a result, people are more conscious about their privacy than ever before, and users wonder if NordVPN keeps logs of their activities, such as websites visited, IP addresses, account credentials, and other personal information.
Furthermore, VPNs are illegal in authoritarian countries like China and Iran. Hence, many users ask whether governments obtain data logs from NordVPN, as it could cause them legal troubles. The short answer is - no! NordVPN does not log data and its no-logs policy is audited frequently by third-party organizations. Neither the government nor bad actors like hackers can ever get access to your Web data by any means.
In this article, we will resolve all your concerns about NordVPN’s data logging policies, such as whether NordVPN keeps logs and if it has leaked any data in the past. We will also discuss the types of data it processes and whether the NordVPN no-logs policy has been audited. In the end, we have a round of commonly asked questions.
No, NordVPN does not keep logs because it operates from Panama's jurisdiction, where there are no mandatory laws for data logging or data retention. This means that the company is not required to store your information.Â
According to the NordVPN no-logs policy, your data is not monitored, recorded, or logged. Also, NordVPN has clarified that it does not keep track of your bandwidth used, IP address, browsing data, or traffic logs. Its privacy policy also mentions that as soon as you connect to its VPN server, your data gets fully encrypted.Â
However, it is important to note that NordVPN’s apps process certain data. It keeps the username and last session’s timestamp for up to 15 minutes after terminating the session. After 15 minutes, this data gets deleted automatically.
Furthermore, NordVPN registers whether a user has used the service in the last 30 days without collecting any personal data. This is done to prevent unfair chargebacks. To prevent abuse, it also detects irregular patterns in activity with the help of advanced privacy-friendly tools.
Yes, NordVPN’s no–logs policy has been audited several times by independent third-party organizations like Cure53 and Deloitte.
In one of its 2022 audits, Cure53 inspected the source code of NordVPN servers, infrastructure, and desktop apps on Linux, macOS, and Windows. The firm also assessed its website, browser extensions, APIs, server-side code for NordLynx, and more.Â
As part of this audit, any vulnerabilities detected were thoroughly and rapidly fixed by NordVPN’s developers, and it was approved by the Cure53 team.Â
Similarly, another leading firm, Deloitte, also independently audited NordVPN’s logging policy last year. As part of this audit, the firm inspected server configuration, infrastructure, and technical logs between November 30 and December 7, 2023. No instance of user data being logged was found during this audit.Â
NordVPN continues to engage independent security auditors from time to time to make sure that its security is up to the mark.
NordVPN’s app collects anonymous in-app and device information. For instance, it collects your device’s type, model, brand, and timezone. In addition to that, it also tracks your device’s application information, such as its version, features enabled/disabled, connection status, and preferences.Â
In addition, NordVPN tracks server performance. Also, timestamps of the latest session and your username are stored up to 15 minutes. To prevent any unfair chargebacks, it also tracks whether a person has used the service in the last 30 days. Moreover, it also keeps anonymous interaction data to prevent prohibited activities like scraping.
Similarly, NordVPN’s website may also collect certain data. For instance, social media features like share buttons for Facebook, LinkedIn, and Twitter may collect information such as the pages visited and IP addresses.
However, note that this is different from data logging because all of this information is anonymous, and it can’t be tied back to any user.Â
No, NordVPN did not leak any data in the past. However, it suffered from a security breach in 2018, as revealed and reported in October 2019. As part of this breach, one of NordVPN’s servers in Finland was affected, while other servers remained secure.Â
This happened due to poor configuration by a third-party data center, and NordVPN’s team clarified that it was not made aware of this vulnerability. The action, however, was very swift and NordVPN’s team removed that server immediately after getting notified.Â
No NordVPN logs leaked in this process, and user credentials stayed unaffected. Since the company does not keep any logs and uses RAM-only servers, there wasn’t much risk to the users. It was also found that this breach was not only specific to NordVPN but two other VPN companies were also targeted.Â
Since user data was not leaked, this breach is a clear indication that NordVPN does not keep any logs. Â
So, the verdict is simple and straightforward. NordVPN does not keep logs, except for certain anonymous data required to run the service. NordVPN’s no-logs policy clarifies that any stored data is not tied to any user, which means government agencies or hackers cannot misuse it.Â
We recommend NordVPN because its no-logs policy has been audited and verified several times in the past, which means that it’s not just an empty promise. Users can stay assured that their information is fully secure and that nobody, not even the government, can get to their data.
We hope that this article answers all your questions about NordVPN’s no-logs policy. To learn more, feel free to read our other NordVPN-focused guides.