Skip to main content

Top10VPN is editorially independent. We may earn commissions if you buy a VPN via our links.

The Best Proven No-Log VPNs

Updated Sep 30, 2025

Simon Migliano

Simon Migliano is a recognized world expert in VPNs. He's tested hundreds of VPN services and his research has featured on the BBC, The New York Times and more. Read full bio

Fact-checked by JP Jones

No-log VPNs

The Short Answer

The best no-log VPN to increase your internet privacy without compromising on speed or use is Private Internet Access (PIA). Its no-logs policy has been proven by server seizures and court cases, and its fast RAM-only servers provide smooth private browsing, torrenting and streaming. Proton VPN is a very good option with free unlimited data, but it will only connect you to the nearest available server location, and it blocks all P2P traffic.

The Best No-log VPNs

When a VPN says it’s ‘no-log’ it means one thing: it doesn’t track or keep records of your online activity.

In a perfect world, this would mean that if a hacker, a company, or a government agency tried to get your data, the VPN service would have no activity-related data to hand over.

Can you trust every VPN that labels itself no-logs, though? No, you can’t. The honest truth is that many services make these claims just to convince you to buy their product. Sad, but true.

In fact, many VPNs don’t actually pass our strict no-logs criteria: no collection of activity data evidenced by independent audits, server seizures and/or court cases.

Summary: The Best No-Log VPNs

Out of 61 VPNs we reviewed, these three exceeded our strict no-logs requirements:

Private Internet Access (PIA): Best No-log VPN Overall
ExpressVPN: Great for Anonymous Streaming
Proton VPN: 100% Free VPN with a No-Log Policy

Why Trust Us?

We’re fully independent and have been reviewing VPNs since 2016. Our advice is based on our own testing results and is unaffected by financial incentives. Learn who we are and how we test VPNs.

VPNs Tested	61
Total Hours of Testing	30,000+
Combined Years of Experience	50+

If you want to further protect your online privacy, we recommend you sign up to Private Internet Access with a made-up name, throwaway email account, and pay using cryptocurrency.

🔄 Recent Updates

We’ve revamped our guide by removing Perfect Privacy, which is no longer worthy of recommendation, and adding more helpful information on why you should use one of our three VPN choices.

What Is a No-log VPN?

In very simple terms, a no-log (or zero-log) VPN doesn’t collect any identifiable data that can be used to track your online activity.

The “no-logs” claim can be misleading, as it implies no data is stored at all. The reality is that all VPN services collect a small amount of data to provide customer support, maintain device limits, collect subscription payments, and issue refunds.

Each VPN that defines itself as no-logs has a different interpretation of what that actually means, which is why you must read carefully a VPN’s logging policy and terms of service before using it.

For us, a true no-log VPN doesn’t record any internet activity whatsoever, including which websites, apps or services you use, files you download, streaming services you connect to, and so on.

It also doesn’t store connection timestamps, your originating (real) IP address, or any data usage associated with your own activity.

A VPN can claim it’s “no-logs” all it wants, but without proof, it’s just words. That’s why we take a methodical approach to catch providers that aren’t being truthful.

First, we scrutinize a provider’s privacy policy, server infrastructure, and legal jurisdiction. Then we dig for concrete evidence from independent audits, news about server seizures, and court case transcripts.

This approach shows us whether a VPN’s no-logs promise holds up when it matters most.

The Best No-log VPNs Compared & Reviewed

In the table below, you can compare our top four no-log VPNs based on their logging policies, real-world history, jurisdiction, and more:

And here’s a different table showing what data each VPN collects and doesn’t collect:

1. PIA VPN: Best Proven No-log VPN

Ranked #1 out of 61 No-log VPNs

PIA VPN's iOS Application

Private Internet Access

Add to compare

Overall No-logs Rating: 9.3/10

Real-world Proof
10/10
Privacy Policy
10/10
Logging Policy Audit
10/10
Diskless Servers
10/10
Jurisdiction
3.0/10

To learn more, read our VPN testing methodology.

No-logs policy 100% verified by real-world events
Very large RAM-only (diskless) server network
100% open-source applications
Extensive range of advanced privacy settings
Torrenting & P2P traffic allowed on all servers
Very affordable on long-term pricing plans

Firestick app doesn’t work well enough
Independent audits are too superficial
Mac client could be more user-friendly
Based in the US (Five Eyes jurisdiction)

Pricing Plans	$11.99/mo $7.50/mo over 6 months $2.03/mo over 39 months
Free Trial Duration	7 Days
Local Download Speed	96Mbps (4% loss)
Countries with Servers	91

Servers	18,651
Simultaneous Connections	Unlimited
Support	24/7 Live Chat
Compatible with	Windows Mac iOS Android Linux Amazon Fire TV Android TV Apple TV Router Chrome

Private Internet Access’ no-logs policy has been proven multiple times both in court and via server seizures. This alone makes the VPN service an undisputed leader in the realm of internet privacy.

That’s not all. PIA keeps notching excellent results in most of our tests, including speed. It’s therefore not only our #1 choice for privacy in general, but also our go-to VPN for anonymous torrenting and accessing the dark web securely.

PIA only collects your email address, payment data (immediately deleted), and your territory or zip code, in order to provide a quality service.

We believe this amount of data collection is justified, as you wouldn’t be able to open an account or request a refund without it. For even greater privacy, we recommend signing up with a throwaway email address and using cryptocurrency to pay anonymously.

PIA VPN's US servers in the Android app

PIA VPN’s no-log US servers in the Android app.

No-Logs Policy Proven Multiple Times

The first instance of PIA’s no-logs policy being tested was in 2016, when the Russian government seized the company’s servers however the local authorities couldn’t find any user data.

PIA's transparency report on its website

PIA’s transparency report verifies that it’s never provided logs for a court order, subpoena, or a warrant.

In 2018, PIA was subpoenaed by the FBI as part of a court case, but was again unable to provide any logs since it doesn’t collect any.

There wasn’t even any record of the defendant signing up for a PIA account since there wasn’t any applicable email address or payment information.

PIA has also undergone two no-logs audits by Deloitte Romania, most recently in 2024.

While the audits were successful, they weren’t as in-depth and insightful as other VPN audits we’ve seen.

Despite the rather superficial audits, what ultimately matters is that the VPN service proved its no-logs status during court-ordered subpoenas and server seizures. This is always the strongest supporting evidence.

A Great Choice for Anonymous Torrenting

To support its no-logs policy, the company operates its own private DNS servers, which handle your DNS requests directly and keeps them private from your ISP and other third parties.

PIA was also one of the first VPN companies to roll out RAM-only (diskless) VPN servers, which are configured to never write any data to disk and reboot frequently.

The beautiful thing we realized is that the VPN’s heavy encryption and privacy-first configurations haven’t slowed down connection speeds.

It’s in fact remarkable how quick PIA is, especially for downloading torrent and everyday files quickly.

Running Torrenting Test with PIA VPN

Running Torrenting Test with PIA VPN.

If you plan on using a VPN for P2P activities, or to enhance your web browsing privacy, then Private Internet Access will not let you down.

Offers Many Advanced Configurations

All of PIA VPN’s apps offer many advanced privacy and security settings that you can easily configure and tweak based on your preferences.

The video below shows you the options available within the desktop app:

Easily changing privacy and security settings in the PIA VPN desktop app.

These advanced settings include a reliable VPN kill switch, the ability to customize data encryption, and even multi-hop servers.

And the great thing is that this strong focus on user privacy has not come at the expense of performance. Quite the opposite, in fact.

For example, the VPN remains one of the fastest in the industry across many online activities, including web browsing, streaming and file sharing.

US Jurisdiction Is Not a Real Concern

One theoretical drawback for PIA is its US jurisdiction. The United States is often considered hostile to user privacy, due to its membership in the Five Eyes data-sharing alliance and a history of extensive state surveillance.

In practice, this has never compromised PIA’s ability to uphold its no-logs commitment.

Server seizures and court subpoenas have never resulted in the exposure of user activity data, which is a testament to the effectiveness of its no-logs policy. This is what truly matters.

Some have also raised concerns about PIA’s ownership by Kape Technologies, a company formerly known as Crossrider.

In the early 2010s, Crossrider was involved in the practice of inserting adware into desktop computers, but this activity ceased in 2016 and, following leadership changes, the company rebranded as Kape Technologies in 2019.

Since then, Kape has demonstrated a strong commitment to customer privacy, which continues to be supported by the exceptional performance of both PIA and ExpressVPN in all our privacy and security tests.

2. ExpressVPN: Great for Anonymous Streaming

ExpressVPN's iOS Application

ExpressVPN

Add to compare

Overall No-logs Rating: 9.0/10

Real-world Proof
10/10
Privacy Policy
7.0/10
Logging Policy Audit
10/10
Diskless Servers
10/10
Jurisdiction
9.0/10

To learn more, read our VPN testing methodology.

No-logs status proven in a server seizure
13,360 RAM servers in 109 countries
Industry-leading streaming & unblocking capabilities
Built-in rotating IP technology for additional privacy
Most user-friendly apps for all devices including routers
Based in the the privacy haven of the British Virgin Islands

More expensive than PIA VPN
Fewer advanced settings
No split tunneling on macOS

Pricing Plans	$12.99/mo $4.99/mo over 15 months $3.49/mo over 28 months
Free Trial Duration	7 Days
Local Download Speed	98Mbps (2% loss)
Countries with Servers	109

Servers	13,360
Simultaneous Connections	10
Support	24/7 Live Chat
Compatible with	Windows Mac iOS Android Linux Amazon Fire TV Android TV Apple TV Router Chrome

If you’re looking for a faster, more user-friendly VPN, then ExpressVPN is a better choice than PIA.

Its lightning-fast speeds make it the best option for anonymous streaming, especially with Kodi, partly thanks to its superb Firestick VPN app.

While ExpressVPN does collect anonymous server usage data, this information is not personally identifiable. This has been verified by numerous independent audits and, most critically, by past server seizures where no user data was found.

ExpressVPN's desktop and mobile apps side by side

ExpressVPN’s desktop and mobile apps side by side.

Verified No-logs Status

In 2017, ExpressVPN’s servers were seized by Turkish authorities investigating the death of the Russian ambassador, Andrei Karlov.

Despite gaining access to the servers, the agents were unable to find any personal user information or activity on them, proving the VPN’s long-standing claims of being a no-logs service.

This stands in stark contrast to other VPNs, such as PureVPN and HideMyAss, which have cooperated with law enforcement and handed over personal information that even led to the arrests of their own users!

ExpressVPN reinforces its privacy commitment by running its entire network of over 13,360 servers exclusively on RAM. These servers are rebooted frequently, and their data wiped with every reboot, making it impossible to store user logs.

The VPN company is also based in the privacy haven of the British Virgin Islands (BVI), a self-governing territory with strict laws protecting the privacy of individuals and businesses and no data-sharing agreements with other countries.

The Most User-Friendly VPN on All Devices

While PIA VPN is aimed at more advanced VPN users that like to adjust settings, ExpressVPN is much more straightforward and suitable for beginners.

In our experience, it’s the easiest VPN to use thanks to its intuitive apps keeping the same great UI across all platforms.

PIA vs ExpressVPN macOS apps

ExpressVPN has a simpler app interface compared to PIA.

In addition to its world-class computer and mobile software, ExpressVPN has also developed equally eye-pleasing apps for Firestick, Apple TV, and even routers.

The apps aren’t as customizable as PIA’s, but that’s partly because ExpressVPN has chosen a plug-and-play approach.

Many privacy and security features actually work in the background, without the need to tick boxes in order to activate them.

These features include traffic obfuscation if you’re in a highly-censored country, and ShuffleIP, which automatically changes your IP address with every new website or app connection.

And the VPN’s kill switch, enabled by default, is just as effective as PIA’s to keep your real IP address protected. There’s even an Advanced version that cuts off all Networking traffic rather than just your internet connection.

ExpressVPN's Settings in the iOS app

ExpressVPN’s settings in the iOS app.

Great for Streaming Anonymously

Being no-logs isn’t ExpressVPN’s only benefit: it’s also extremely fast connecting all around the world, even to distant server locations.

The high degree of privacy combined with fast speeds really showed their worth when we used the VPN with Kodi. Content loaded quickly and the quality of the streams was even better than what we were expecting.

The VPN’s Fire TV Stick app was a pleasure to use, working flawlessly with Kodi and other IPTV apps. Its design mirrors that of the computer and mobile apps, which makes switching between them effortless.

ExpressVPN's app for Fire TV Stick

ExpressVPN’s impressive app for Fire TV Stick.

3. Proton VPN: 100% Free No-log VPN

Proton VPN's free iOS app

Proton VPN

Add to compare

Overall No-logs Rating: 7.0/10

Real-world Proof
10/10
Privacy Policy
7.0/10
Logging Policy Audit
10/10
Diskless Servers
0.0/10
Jurisdiction
9.0/10

To learn more, read our VPN testing methodology.

Free version as private as paid version
Virtually no-log & no third-party ads
Unlimited data allowance
Based in Switzerland (privacy haven)
No payment details required
Open-source & audited apps

Doesn't let you choose server location
No diskless servers
Blocks BitTorrent traffic using deep packet inspection

Free Trial Duration	---
Local Download Speed	99Mbps (1% loss)
Countries with Servers	5
Servers	340

Simultaneous Connections	1
Support	Email & Online Resources Only
Compatible with	Windows Mac iOS Android Linux Amazon Fire TV Android TV Apple TV Router Chrome

For a completely free VPN, Proton VPN offers an exceptional level of privacy. It operates under a strict no-logs policy and benefits from strong data privacy laws in its Swiss home base.

The VPN is completely free to use, requires no payment details, and even offers uncapped bandwidth — a feature that’s extremely rare among reputable free VPNs.

The big problem with Proton VPN’s free service is that you can’t connect to specific server locations, or use it to download torrent and P2P files.

So, if all you need is a simple “set and forget” VPN to hide your IP address for free, Proton VPN works great. But for anything more demanding, like streaming or downloading torrents, it’s going to let you down.

Proton VPN's free app doesn't let you choose a server location

Proton VPN’s free app doesn’t let you choose a server location on Android.

Open-source Apps That Don't Log Any Data

Proton VPN’s free software uses the exact same no-logs policy as the paid subscription version, which has been independently audited and confirmed during a court case. As its warrant canary states:

“A data request from a foreign country was approved by the Swiss court system. However, as we do not have any customer IP information, we could not provide the requested information and this was explained to the requesting party.”

We also love how the company included its free version in its no-logs audits, as further proof that it really doesn’t log any activity data.

The company has also gone an extra step by making its apps open-source, and which include a kill switch, DNS and IPv6 leak blocking, alternative routing for bypassing strict firewalls, and an ad and tracker blocker.

Proton VPN's free app has many security features

Proton VPN’s free app has many security features.

No Server Selection & No P2P Traffic

So far so good, right? Well, unfortunately there are two significant differences between the free version and the paid version of the Proton VPN.

Firstly, the free app doesn’t let you choose which server location to connect to. All you can do is connect to the nearest free server available.

That might be fine if you don’t mind which IP location you end up being assigned. But if you need an IP address from a specific country, then Proton VPN is not the right free service for you.

Moreover, the company detects and blocks BitTorrent traffic on its free servers. The company uses the nDPI library, or deep packet inspection, to do this as a way to reduce server congestion.

While a 2022 audit concluded that this practice “does not affect the privacy of their users” as “the packet content (e.g. a torrent name) is not being analysed or logged,” we really don’t like this type of traffic blocking.

Popular VPNs That Didn't Make Our List

There are many reputable VPNs that claim to be no-logs, even backed up with in-depth audit results and extensive online resources on online privacy.

That being said, there are very few VPNs with no-log policies that have been actually verified by real-world events, such as law enforcement server seizures, court-ordered data requests, or hacking attempts.

Reading through Mullvad's privacy policy on its website

We manually reviewed every VPN’s logging policy and run it through our ratings calculator.

Below is a selection privacy-focused VPNs that narrowly missed being included in our very strict recommendations list:

NordVPN

NordVPN is a very popular, trustworthy VPN service, which collects very little information and is based in a safe jurisdiction (Panama).

But, it didn’t make our list because it logs your connection timestamp for 15 minutes after a session ends, before it’s permanently deleted.

Its no-logs claim has also yet to be proven through a real-world event, like a court case. Its also undergone far fewer audits than ExpressVPN.

In the past, NordVPN has also stated that it will comply with law enforcement requests for data.

The service’s dedicated IP product is also a cause for some concern. It still hasn’t implemented a privacy-friendly token system, unlike CyberGhost, and therefore activity is linked directly to your NordVPN account.

Surfshark

Surfshark is another privacy-focused VPN that narrowly missed inclusion in our guide.

It has a similar issue to NordVPN, in that it temporarily stores your user ID, connection stamps, and which servers you’ve used. This data is automatically wiped after 15 minutes of your VPN session ending, so it’s not big deal but it’s still not ideal.

Also, when you first launch the VPN app, you have to remember to toggle on the Kill Switch in the Settings. This is an unnecessary extra step that should be fixed by having the Kill Switch enabled by default.

Mullvad

Mullvad is another honorable mention. It’s a good VPN with a genuine no-logs policy that was verified in a 2023 server seizure.

During the raid, Mullvad was unable to produce user data for the Swedish authorities, since it doesn’t store any identifying logs.

The VPN service hasn’t made our list because its overall software disappointed us in some areas: its servers are not the fastest, they cover far fewer countries than what we expect, and its device compatibility is underwhelming.

Also, it hasn’t commissioned a third-party audit on its privacy policy or published any transparency reports.

TorGuard

TorGuard is another good and genuine no-log VPN service. Similar to our top picks, its zero-logs policy was proven in a copyright court case, in which it was unable to produce identifiable logs.

The service even uses diskless servers that automatically delete any data when unplugged.

Unfortunately, TorGuard hasn’t implemented a number of other important privacy initiatives such as transparency reports and logging policy audits.

The VPN itself is not that easy to use, especially on desktop, and its relatively small server park can’t compete against the likes of PIA and ExpressVPN.

IVPN

On paper, IVPN is a very privacy-oriented service and, as things stand, we have no reason to doubt this.

Unfortunately, the VPN service doesn’t use diskless servers and its no-logs policy hasn’t been proven in a real-world case, so we can’t be 100% sure its claims are truthful.

IVPN also has a relatively small server network covering only 40 countries, and it severely underperforms higher-rated VPNs for streaming access around the world.

Additionally, IVPN automatically saves device information on mobile for crash logs.

Types of VPN Logs

There are three different types of VPN logs:

Activity or usage logs: browsing history, DNS requests, URLs visited, your Internet Service Provider (ISP), and usage metadata. This is the worst kind of data a VPN can store because it can be easily used to track a users’ online activity.
Connection logs: individual bandwidth used, date and time you connected to a server, your original IP, and assigned IP address. This can be used in conjunction with activity logs to completely identify you and your browsing history or online activity.
Aggregated logs can include any of the data points above as long as the data is completely anonymized. This means the information cannot be traced back to an individual user. For example, a single VPN server’s bandwidth usage (not of an individual user) and server load data are the most common types of aggregated logs. This is because a VPN will want to keep these numbers low to allow faster speeds on each server.

We always recommend using VPNs that keep no activity or connection logs whatsoever or, at the very least, VPNs that anonymize and aggregate this data across their entire user base.

Why Do Some VPNs Collect Logs?

There are four main reasons why a VPN will collect logs. A majority of these are negative, but a VPN might also have a reasonable explanation for collecting data — like for issuing refunds or customer support.

Turbo VPN's advertising policy and homepage on Android.

Turbo VPN’s Android app shares your data with 199 external parties, including advertising companies.

1. Service Maintainance

A VPN might collect anonymous aggregated data or server load data in order to prevent product abuse and maintain fast speeds.

A VPN might also collect information to create an account or collect a subscription payment if you don’t use an anonymous payment method.

Lastly, most VPNs collect some sort of device information data to limit the amount of device per subscription. In these cases, collecting data in a way that means it can’t be traced back to a single user can be acceptable.

2. Government Intervention

In 2013, an encrypted email service, Lavabit, shut down its service to avoid having to “be complicit with crimes against the American people.” Alongside Lavabit, Silent Mail shutdown its service before it could receive any warrants or subpoenas from the US government.

In 2018, the Australian government passed an anti-encryption law, enabling it to silently perform mass-surveillance on its citizens. Additionally, any tools companies have to develop to allow the government access to user data could be a gold mine for sophisticated hackers.

Recently in 2022, India attempted to instate a new data privacy law that would force VPN providers to log user data for up to five years. Following backlash from VPN providers, in which ExpressVPN and Surfshark removed its Indian servers, the data law has been postponed indefinitely.

3. Selling Data to Advertisers

Some free VPNs will collect user data and sell it to advertisers instead of charging a subscription fee. This is extremely dishonest and unethical, especially if the VPN claims to be a zero-log VPN or privacy-first service.

That’s why it’s so important to use free VPNs that have been verified as safe.

However, it goes beyond just collecting a user’s browsing activity and IP address when connected to a VPN. Only three out of the top 20 free VPNs on iOS we tested respected a users’ decision to block advertisers from tracking user activity outside of the VPN app.

4. Poor Technical Infrastructure

A VPN with a poor technical infrastructure is vulnerable to attacks and can unknowingly leak your data.

As an example, in June 2021, Ukrainian authorities seized two of Windscribe’s OpenVPN servers as part of an ongoing investigation. It turned out that the servers were running an outdated configuration, with unencrypted OpenVPN server configuration and key.

Which VPNs Keep Logs? Full Test Results

To help shed light on this murky aspect of the VPN industry, we fact-checked the logging policies of over 50 of the most popular VPNs on the market.

Key Findings

Our research revealed that the majority of VPNs record some form of user data:

39% log connection timestamps
26% store original IP address
10% record browsing activity data
6% log server IP address

The following table lists all 69 VPNs we’ve analyzed and the specific types of data they log. If you’re searching for a specific VPN, use Ctrl+F to find the provider you’re looking for.

Definitions

Aggregated: Aggregated data has been collected in a group and shows trends in total, never on an individual basis. For example, some VPNs collect aggregated server bandwidth data to make sure servers aren’t overloaded.
Anonymized: Anonymized or de-identified data is encrypted to make sure any third-parties wouldn’t be able to use the data.
Vague: This means a VPN provider hasn’t specified in its Privacy Policy whether this data point is collected.

How We Test & Rate No-Log VPNs

We identified the most trustworthy VPN services that claim to be no-logs and put them through rigorous testing. This helped us see if they truly follow a no-logs policy and if they are worth subscribing to.

Our definition of no-logs includes VPNs that store personal information like an email address, username, password, and any payment information provided. It also includes VPN that aggregate or anonymize data, which cannot be used to identify any single user.

Pie chart showing the breakdown of our no-logs VPN methodology

In the table below, you can compare how the top VPNs performed in each of our testing categories:

Here’s a more detailed explanation of our methodology and review process:

1. Real-world Proof (30%)

Test Conducted: Research the VPN’s company history and record whether there have been any server seizures, hacks, leaks, or legal data requests.
Why It’s Important: It’s the most reliable way to tell whether a VPN is truthful in its logging policy, and the security of its servers and apps.
Optimal Result: Examples where the VPN has been unable to provide data to third parties due to its no-logs policy.

2. Privacy Policy (30%)

Test Conducted: Analyzed the privacy policies of each VPN to identify what data points are being stored, for how long, and whether they’re aggregated or anonymized.
Why It’s Important: Privacy policies reveal whether a VPN actually adheres to its no-logs claim or secretly collects identifying user data.
Optimal Result: The VPN stores no identifying activity or connection logs and protects user privacy.

3. Diskless Servers (20%)

Test Conducted: Researched VPNs to find out whether they had diskless VPN servers.
Why It’s Important: Diskless servers do not store data persistently, meaning if they are unplugged from the power source, all data on the server is permanently deleted. This makes it almost impossible for law enforcement to seize information like they can with physical servers.
Optimal Result: A full diskless VPN server network.

4. Logging Policy Audit (10%)

Test Conducted: Researched VPNs to find out whether any logging policy audits by third parties like Cure53 or Deloitte have been conducted and analyze them thoroughly.
Why It’s Important: Audits from external parties can prove whether a VPN is actually sticking to its logging policy.
Optimal Result: The VPN conducts yearly audits to prove it is not logging activity or connection logs over time.

5. Jurisdiction (10%)

Test Conducted: Researched each VPN’s jurisdiction and data privacy laws of each region.
Why It’s Important: Where a VPN is incorporated will affect its legal obligation to log and store data, or even share it with governmental authorities.
Optimal Result: A privacy-friendly jurisdiction like the British Virgin Islands or a watertight no-logs policy that’s been independently audited and verified in a real-world case.

FAQs

How Do I Research a VPN Logging Policy?

When researching a VPN’s privacy policy, look out for these three things:

What types of data does the VPN store?
Is the data stored aggregated and anonymized?
How long is this data stored for?

It’s best to avoid a VPN that has an excessively short privacy policy or ambiguous terms that don’t address these three things.

As an example, we’ll go through NordVPN’s website and compare it to the privacy policy. NordVPN markets itself as a “zero-log VPN service” on its website.

NordVPN's website.

NordVPN’s website states that it’s a zero-logs VPN service.

But in reading NordVPN’s privacy policy, we found it does store some sensitive data — as most VPNs will do. Importantly, it’s specified that NordVPN saves your username and a timestamp of the last session status.

This would be worrying if it were stored for a long time. However, NordVPN’s privacy policy clarifies that this data is promptly deleted within 15 minutes of your session ending.

NordVPN's Privacy Policy that states it stores your username and timestamp of when you logged in for 15 mins after a session finishes

NordVPN’s privacy policy classifies this data as needed to provide its VPN service.

The average VPN user shouldn’t be worried as the chance of this data being leaked within 15 minutes is extremely low.

However, it does show the fine line between what VPNs claim to be no-logs and what they actually do log.

In this case, NordVPN defines itself as no-logs because even though it does collect some data, it is deleted after a session is terminated.

Are Independent Logging Audits Important?

The problem with no-logs VPN policies is that they are virtually impossible to prove from the outside. That’s why some VPNs hire external auditors to pick apart their no-logging policies and server infrastructure.

In theory, a third-party checking whether a server keeps logs will prevent bias and manipulation of audit results.

But VPNs can manipulate results in an audit by only showing a specific server that’s been wiped clean while the rest are full of stored data.

There’s also no guarantee that a server free of sensitive information over the two-week audit period will not start collecting data after the audit is concluded.

Even if a VPN carries out an extensive third-party audit, which provides major vulnerabilities to fix, the VPN can refuse to release it to the public if the results are negative.

In short, an external audit shows a VPN’s strong commitment to transparency and a private logging policy. But it doesn’t guarantee that an entire server network is completely free of sensitive information.

What Are Diskless VPN Servers?

When you connect to a physical VPN server, any data you transmit is stored inside physical hard drives until it’s manually erased.

If the servers are seized by law enforcement or hacked, and the data hadn’t been erased, they could have access to any data kept inside.

To prevent this vulnerability, some VPNs use diskless server that erase data automatically on a regular basis or when a server is being seized.

RAM (or Random Access Memory) is a type of short-term computer memory that needs a constant source of electricity to keep the information.

If the server is shut down or rebooted, it instantly deletes all the information stored inside.

A diskless network is much more private than a hard drive server network.

However, they’re very rare in VPNs. Only a select few have the resources to implement this advanced server infrastructure.

Do Live Chat Services & Payment Processors Collect Data?

VPN services may use third-party customer service providers (such as Zendesk) and payment processing companies (like Stripe or PayPal) that may collect your data.

Live chat services in particular can log your IP address, email address, and device information during a conversation.

Respectable VPN services will address this in their privacy policy, but it isn’t always easy to find.

A payment company that handles online subscription payments may also have access to your full name, address, and other billing information.

This isn’t necessarily bad, as many financial institutions that process these transactions are regulated by national financial authorities.

It’s also necessary for these companies to take this information in case you want to request a refund at the end of a money-back guarantee period.

Follow these steps to stay anonymous with VPN third parties:

Register with a fake name and throwaway email address.
Use an anonymous payment method, such as a gift card, virtual credit card, cryptocurrencies, or cash.
Only contact customer service using a PGP key or throwaway email if you have any questions.