Callum Tennent oversees how we test and review VPN services. He's a member of the IAPP, and his VPN advice has featured in Forbes and the Internet Society. Read full bio
The best no-logs VPN is Private Internet Access, earning a rating of 9.3/10. It collects zero connection or activity data, has a diskless server network, and its no-logs policy has been proven multiple times. A good free alternative is Proton VPN although you can’t select a specific free server location.
No-log VPNs don’t track or keep records of its users’ online activity. This ensures that if a third party tries to obtain your usage data, like a government or hacker, the VPN company doesn’t hold any internet data associated with you.
It’s almost impossible to tell whether a VPN that labels itself no-logs is actually so. The reality is that many VPNs claim to be no-logs just to convince you to buy their product.
The best way to find out if a VPN is truly no-logs is to review its privacy policy and terms of service, evaluate its server infrastructure and legal jurisdiction, and check if its servers have been seized or audited before.
That’s why we’ve spent dozens of hours testing and reviewing no-log VPNs to find out which are the most private and won’t collect identifiable data.
Summary: The Best No-Logs VPNs
Based on our tests, the four VPNs below are best-suited to more privacy-conscious internet users:
We’re fully independent and have been reviewing VPNs since 2016. Our advice is based on our own testing results and is unaffected by financial incentives. Learn who we are and how we test VPNs.
VPNs Tested
61
VPN Logging Policies Analyzed
61
Total Hours of Testing
30,000+
To further protect your online anonymity, we recommend signing up to Private Internet Access with a throwaway name and email account, and pay using cryptocurrency.
Video Summary
Watch our video below to learn more about no-logs VPNs and why logging policies are so important:
The Best No-Logs VPNs Analyzed
In the table below, you can compare the top four no-logs VPNs based on their logging policies, real-world history, jurisdiction, and more:
Here’s an in-depth table showing the exact data that each of these no-logs VPNs records:
EXPERT ADVICE: To protect your online anonymity, install Private Internet Access, sign up with a throwaway name, email account, and pay using gift cards or Monero.
No-logs policy verified in server seizure & independent audit
Large diskless server network
100% open-source apps
Advanced privacy & security settings
Torrenting allowed on all servers
Costs $2.03/month on a 26-month plan
Based in the US (Five Eyes jurisdiction)
Holding company’s past controversies
Mac client isn’t user-friendly
Fire Stick TV app doesn’t work well
Our top choice for a no-logs VPN is Private Internet Access because its zero-logs policy has been proven multiple times both in court and via a server seizure.
PIA’s Privacy Policy confirms it doesn’t collect your browsing history, IP address, or connection timestamps.
There is a minimal amount of data VPNs collect in order to provide a quality VPN service. PIA collects your email address, payment data (immediately deleted), and your territory or zip code.
We believe this amount of data collection is justified, as you wouldn’t be able to open an account or request a refund without it. You can also sign up with a throwaway email address and use gift cards to pay anonymously.
No-Logs Policy Proven Multiple Times
In July 2016, the Russian government seized PIA’s servers after a new privacy data law was passed that demanded all VPNs must log Russian traffic for up to a year. In response, PIA completely shut down its Russian servers and quit the country.
PIA’s transparency report verifies that it’s never provided logs for a court order, subpoena, or a warrant.
More recently in 2018, PIA was subpoenaed by the FBI but was again unable to provide any logs. What’s more, there was no record of the defendant even signing up for PIA as there was no applicable email address or payment information.
Diskless Servers & Advanced Privacy Settings
PIA operates self-owned DNS servers, preventing exposure of your DNS traffic to third parties, and diskless VPN servers.
These servers are configured to routinely reboot, meaning all data is permanently deleted on a regular basis.
All of PIA’s apps come with advanced privacy and security settings you can easily configure. The video we recorded below shows the options available within the desktop app:
Easily changing privacy and security settings in the PIA VPN desktop app.
PIA’s advanced features include an effective VPN kill switch, split tunneling, malware blocker, and shadowsocks proxy.
Questionable No-Logs Audit
PIA has has had two successful no-logs audits in the past with Deloitte Romania – one in 2024 and one in 2022. But we’ve found some red flags that they might not be as in-depth as other audits.
We’re disappointed to see the 2024 audit seems to be a copy of the 2022 audit, with minor changes and updates to formatting. Half the audit is an index provided by PIA, and not insightful investigation into the VPN’s implementation of a no-logs policy.
It’s important to keep in mind that PIA has proven itself to be no-logs in a random server seizure. This is the strongest evidence a VPN can have that it’s no-logs.
Nonetheless, we’d like to see PIA conduct a high-quality audit next time.
US Jurisdiction & Owned by Kape Technologies
There are two main drawbacks to PIA. Firstly, it’s based in the US. The US is one of the worst jurisdictions for privacy because it’s part of the Five Eyes data sharing alliance and state surveillance.
Secondly, PIA was acquired by Kape Technologies in 2019, previously Crossrider. The company was previously discovered to be infecting Windows and macOS systems with adware. Adware is a form of malware that shows you pop-up adverts for software and services.
But Crossrider shut down its ad platforms in 2016 and re-branded to Kape Technologies in 2019. We’ve since seen no reason to question the legitimacy or business practices of Kape Technologies.
Ultimately, you’re safe using PIA for general-purpose computing, such as protecting your data on public WiFi and bypassing streaming service geo-blocks.
But if you’re a journalist or a political dissident, you might prefer a smaller company like Perfect Privacy or Mullvad.
Based in the British Virgin Islands, a Privacy Haven
No-logs policy proven in a server seizure
3,000 RAM servers in 106 countries
Extremely user-friendly apps & browser extensions
Excellent streaming & unblocking capabilities
Holding company’s past controversies
Expensive subscription
No split tunneling on macOS or iOS
No Linux general user interface
ExpressVPN is a virtually no-logs VPN that’s extremely user-friendly and well-designed.
We call it “virtually no-logs” because it collects anonymous server usage data. But since this data is not personally identifiable, it’s still classified as a no-logs VPN.
ExpressVPN’s privacy policy clearly lists what information it doesn’t collect from a user.
Investigation Proves ExpressVPN Is No-Logs
In 2017, ExpressVPN’s servers were seized by Turkish authorities investigating the death of the Russian ambassador, Andrei Karlov.
However, the authorities were unable to find any personal information about the individual on ExpressVPN’s servers, proving ExpressVPN to be a genuine no-logs VPN service.
This stands in stark contrast to other VPNs, such as PureVPN and HideMyAss, which have cooperated with law enforcement and handed over personal information that lead to arrests of their users.
Safe British Virgin Islands Jurisdiction
The VPN service is based in a privacy haven, the British Virgin Islands (BVI), a self-governing territory that has strict laws protecting the privacy of individuals and businesses.
The BVI are also an excellent location for a VPN because they are not part of any data sharing alliance (such as Five Eyes or EU). Other countries’ authorities aren’t able to force the BVI government to hand over any data collected in the jurisdiction.
User-Friendly on All Devices
While PIA VPN is better for slightly more advanced VPN users, ExpressVPN is ideal for beginners. In our experience, it’s the easiest anonymous VPN available.
All of the VPN service’s apps benefit from a well-designed user interface (UI) across all popular platforms.
It’s easy to change settings and servers in ExpressVPN apps.
There aren’t as many customizable settings as with Private Internet Access, but ExpressVPN does offer all key privacy features, including a VPN kill switch on all platforms as well as IPv6 and WebRTC leak blocking.
Great for Streaming Geo-Restricted Content
Being no-logs isn’t ExpressVPN’s only benefit: it’s also extremely fast and one of the most reliable VPNs for anonymous streaming.
For instance, Kodi users will find it very easy to stream anonymously using the VPN’s highly secure and user-friendly Fire TV Stick app.
ExpressVPN streams US streaming sites from anywhere.
ExpressVPN is also extremely effective at unblocking geo-restricted streaming services. It works with 18 international Netflix libraries, HBO Max, Disney+, Hulu, BBC iPlayer, and more.
Expensive & Owned by Kape Technologies
With its best price at $4.99 per month, ExpressVPN’s subscription is more expensive than the average VPN.
However, we believe it’s still good value for a private VPN that offers IP and DNS leak protection, access to all major streaming services, and Diskless servers in 106 countries.
Similar to PIA, another potential drawback for those skeptical of big business is that ExpressVPN was acquired by Kape Technologies in 2021.
However, ExpressVPN continues to operate independently and there’s no evidence that it doesn’t provide the same level of privacy protection as it did before the acquisition.
Fails to unblock Netflix, Disney+, BBC iPlayer & Hulu
Slower speeds
Less affordable
Perfect Privacy is owned by a small company in Switzerland, which stands in contrast to PIA and ExpressVPN. Its privacy policy confirms that it doesn’t collect “IP addresses, access time or duration, nor bandwidth caused by individual users.”
It also clarifies that it does save “general server information in its website” but doesn’t record any individual usage. This means it can never be linked back to a user.
A screenshot of Perfect Privacy’s privacy policy that shows it doesn’t keep any activity logs, but does collect some personal information for billing.
Perfect Privacy’s no-logs policy even suggests that you can use an anonymous email provider to open an account. You can also pay using Bitcoin, which can be more difficult to trace.
Proven No-Logs VPN In Server Seizure
Perfect Privacy’s no-logs policy was put to the test in September 2016 when Dutch authorities seized two of Perfect Privacy’s Rotterdam servers.
Fortunately “no customer information was compromised due to the seizure” because Perfect Privacy keeps no logs and all the information was fully encrypted.
Diskless Servers & Excellent Security Features
Perfect Privacy has an entirely diskless server network which can be trusted to erase any data stored if there’s ever a server seizure.
It also offers a unique proprietary routing algorithm called Neurorouting. This novel feature ensures that your traffic stays encrypted for as long as possible.
However, Neurorouting is only available on Windows — frequent macOS or mobile users might prefer to use ExpressVPN, which has intuitive and easy-to-use apps on all platforms. In comparison, Perfect Privacy’s apps are much less attractive.
Perfect Privacy lives up to its name, but its apps are old-fashioned and clunky.
Perfect Privacy also offers an effective kill switch, multi-hop VPN servers, an ad blocker, and includes port forwarding in its subscription.
The suite of security features offered by Perfect Privacy is great for advanced VPN users, but can be intimidating to a complete beginner.
Perfect Privacy Is Expensive & Hasn’t Been Audited
Despite its merits, Perfect Privacy has some flaws that prevent it from being a VPN we would recommend to all users.
Firstly, it hasn’t been independently audited. We feel this isn’t too much of an issue, though, as its no-logs claims have been proven in a server seizure. Nevertheless, it’s good to show commitment to continued security by implementing audits.
Secondly, at $8.95 per month, it’s expensive in relation to other VPNs. To compare, Surfshark has a cheaper subscription with diskless servers, unlimited device connections, and is better than Perfect Privacy for streaming.
Lastly, Perfect Privacy has a very small server network, relatively slow speeds, and doesn’t unblock Netflix. Though the VPN service excels in privacy and security, it fails to impress in many other areas.
Blocks BitTorrent traffic using deep packet inspection
Proton VPN does not log any user data, and its Swiss jurisdiction means that it doesn’t have to abide by any data retention laws, either.
It doesn’t require you to enter payment details upon signup and offers uncapped data, which is extremely rare among safe free VPNs.
Proton VPN Free is amazing for privacy, but its server network is extremely limited.
Doesn't Log Any Identifying Data
The free version of the software has the exact same privacy policy as the paid version — a robust no-logs policy that has been independently audited and verified in a legal case. As its warrant canary states:
“A data request from a foreign country was approved by the Swiss court system. However, as we do not have any customer IP information, we could not provide the requested information and this was explained to the requesting party.”
Audited & Open-Source Apps
Proton VPN Free has many of the privacy features we look for in a VPN, including a working kill switch, DNS and IPv6 leak blocking.
We love that the VPN has included its free version in its no-logs audits, confirming that it really isn’t logging data on its free tier.
It’s also gone that extra step to prove its security and privacy by making its apps all open-source.
Small Server Network
In addition to its no-logs status, Proton VPN Free delivers fast speeds on nearby connections.
However, the free VPN’s biggest flaw is its very limited range of free server locations. Proton VPN Free doesn’t let you choose a server location, instead it automatically connects you to your nearest server.
Disappointingly it’s only got 5 free server locations — the Netherlands, Japan, Romania, Poland, and the US.
Torrenting Not Allowed
A major difference between the free version paid version is the detection and blocking of BitTorrent traffic.
With Proton VPN Free, traffic is monitored using the nDPI library, or deep packet inspection, to detect and block torrenting traffic in order to reduce server congestion.
However, we aren’t so worried as the 2022 independent audit concluded: this “does not affect the privacy of their users” as “the packet content (e.g. a torrent name) is not being analysed or logged.”
There are many high-quality VPNs that claim to be no-logs, even backed up with in-depth audit results and extensive online resources on digital privacy.
However, there are very few VPNs that have been actually verified by real-world cases, such as law enforcement seizing servers or hackers exposing customer data.
We manually reviewed every VPN’s logging policy and run it through our ratings calculator.
Here are some privacy-focused VPNs that narrowly missed making our top picks.
NordVPN
NordVPN is a trustworthy VPN service, based in a safe jurisdiction (Panama). However, it just misses out on being in our top no-logs list because it logs your connection timestamp for 15 minutes after a session ends, before it’s permanently deleted.
NordVPN’s dedicated IP feature is also a cause for concern. It still hasn’t implemented a privacy-friendly token system, and activity is linked directly to your NordVPN account.
Mullvad
Mullvad is another honorable mention. It has a genuine no-logs policy, which was verified in a 2023 server seizure.
During the raid, Mullvad was unable to produce user data for the Swedish authorities, as it doesn’t store any identifying logs.
However, it doesn’t list because it hasn’t completed a third-party audit on its privacy policy or implemented transparency reports.
TorGuard
TorGuard is another great, genuine no-logs VPN service.
Similar to our top picks, it’s zero-logging policy was proven in a copyright court case, in which it was unable to produce identifiable logs, and it has diskless servers that automatically delete any data when unplugged.
However, TorGuard hasn’t implemented a number of other privacy initiatives that are present in our recommendations: transparency reports, logging policy audits, or open-source software.
IVPN
IVPN doesn’t have diskless servers and the no-logs policy hasn’t been proven in a real-world case, so we can’t be 100% sure it’s truthful. It’s also got a relatively small server network of only 40 countries.
Additionally, IVPN automatically saves device information on mobile for crash logs.
What Is a No-Logs VPN?
A no-logs or zero-logs VPN is a provider that doesn’t log any identifiable data that can be used to track your online activity.
The no-logs claim can be misleading, as it implies no data is stored at all.
But all VPN services collect a small amount of data to provide customer support, maintain device limits, collect subscription payments, and issue refunds.
Each VPN that defines itself as no-logs has a different interpretation of what that actually means.
This is why you should always read through a VPN’s privacy policy and terms of service before buying so you’re aware of its logging practices.
How to Research a VPN’s Logging Policy
When researching a VPN’s privacy policy, look out for these three things:
What types of data does the VPN store?
Is the data stored aggregated and anonymized?
How long is this data stored for?
It’s best to avoid a VPN that has an excessively short privacy policy or ambiguous terms that don’t address these three things.
As an example, we’ll go through NordVPN’s website and compare it to the privacy policy. NordVPN markets itself as a “zero-log VPN service” on its website.
NordVPN’s website states that it’s a zero-logs VPN service.
But in reading NordVPN’s privacy policy, we found it does store some sensitive data — as most VPNs will do. Importantly, it’s specified that NordVPN saves your username and a timestamp of the last session status.
This would be worrying if it were stored for a long time. However, NordVPN’s privacy policy clarifies that this data is promptly deleted within 15 minutes of your session ending.
NordVPN’s privacy policy classifies this data as needed to provide its VPN service.
The average VPN user shouldn’t be worried as the chance of this data being leaked within 15 minutes is extremely low.
However, it does show the fine line between what VPNs claim to be no-logs and what they actually do log.
In this case, NordVPN defines itself as no-logs because even though it does collect some data, it is deleted after a session is terminated.
Activity or usage logs: browsing history, DNS requests, URLs visited, your Internet Service Provider (ISP), and usage metadata. This is the worst kind of data a VPN can store because it can be easily used to track a users’ online activity.
Connection logs: individual bandwidth used, date and time you connected to a server, your original IP, and assigned IP address. This can be used in conjunction with activity logs to completely identify you and your browsing history or online activity.
Aggregated logs can include any of the data points above as long as the data is completely anonymized. This means the information cannot be traced back to an individual user. For example, a single VPN server’s bandwidth usage (not of an individual user) and server load data are the most common types of aggregated logs. This is because a VPN will want to keep these numbers low to allow faster speeds on each server.
We recommend VPNs keep no activity or connection logs, or VPNs that anonymize and aggregate this data.
Independent No-Logs Audits
The problem with no-logs VPN policies is that they are virtually impossible to prove from the outside. That’s why some VPNs hire external auditors to pick apart their no-logging policies and server infrastructure.
In theory, a third-party checking whether a server keeps logs will prevent bias and manipulation of audit results.
But VPNs can manipulate results in an audit by only showing a specific server that’s been wiped clean while the rest are full of stored data.
Limitations of an audit outlined in IVPN’s No-Log 2019 Audit.
There’s also no guarantee that a server free of sensitive information over the two-week audit period will not start collecting data after the audit is concluded.
Even if a VPN carries out an extensive third-party audit, which provides major vulnerabilities to fix, the VPN can refuse to release it to the public if the results are negative.
In short, an external audit shows a VPN’s strong commitment to transparency and a private logging policy. But it doesn’t guarantee that an entire server network is completely free of sensitive information.
Diskless VPN Servers
When you connect to a physical VPN server, any data you transmit is stored inside physical hard drives until it’s manually erased.
If the servers are seized by law enforcement or hacked, and the data hadn’t been erased, they could have access to any data kept inside.
To prevent this vulnerability, some VPNs use diskless server that erase data automatically on a regular basis or when a server is being seized.
RAM (or Random Access Memory) is a type of short-term computer memory that needs a constant source of electricity to keep the information.
If the server is shut down or rebooted, it instantly deletes all the information stored inside.
A diskless network is much more private than a hard drive server network.
However, they’re very rare in VPNs. Only a select few have the resources to implement this advanced server infrastructure.
PIA implemented RAMDisk servers in June 2020.
Customer Service Providers & Payment Processors
There are also third-party customer service providers (such as Zendesk) and payment companies (e.g. Stripe or PayPal) that might be collecting data.
Live chat customer support services in particular can log your IP address, email address, and device information during a conversation.
This will likely be addressed in a VPN’s privacy policy if it’s a high-quality service — but isn’t always easy to find.
A payment company that handles online subscription payments may also have access to your full name, address, and other billing information.
This isn’t necessarily bad, as many financial institutions that process these transactions are regulated by national financial authorities.
It’s also necessary for these companies to take this information in case you want to request a refund at the end of a money-back guarantee period.
Follow these steps to stay anonymous with VPN third parties:
Register with a fake name and throwaway email address.
Use an anonymous payment method, such as a gift card, virtual credit card, cryptocurrencies, or cash.
Only contact customer service using a PGP key or throwaway email if you have any questions.
Why VPN Services Collect Logs
There are four main reasons why a VPN will collect logs. A majority of these are negative, but a VPN might also have a reasonable explanation for collecting data — like for issuing refunds or customer support.
Turbo VPN’s Android app shares your data with 199 external parties, including advertising companies.
1. Maintaining the VPN Service
A VPN might collect anonymous aggregated data or server load data in order to prevent product abuse and maintain fast speeds.
A VPN might also collect information to create an account or collect a subscription payment if you don’t use an anonymous payment method.
Lastly, most VPNs collect some sort of device information data to limit the amount of device per subscription. In these cases, collecting data in a way that means it can’t be traced back to a single user can be acceptable.
2. Government Intervention
In 2013, an encrypted email service, Lavabit, shut down its service to avoid having to “be complicit with crimes against the American people.” Alongside Lavabit, Silent Mail shutdown its service before it could receive any warrants or subpoenas from the US government.
In 2018, the Australian government passed an anti-encryption law, enabling it to silently perform mass-surveillance on its citizens. Additionally, any tools companies have to develop to allow the government access to user data could be a gold mine for sophisticated hackers.
Recently in 2022, India attempted to instate a new data privacy law that would force VPN providers to log user data for up to five years. Following backlash from VPN providers, in which ExpressVPN and Surfshark removed its Indian servers, the data law has been postponed indefinitely.
3. Selling Data to Advertisers
Some free VPNs will collect user data and sell it to advertisers instead of charging a subscription fee. This is extremely dishonest and unethical, especially if the VPN claims to be a zero-log VPN or privacy-first service.
That’s why it’s so important to use free VPNs that have been verified as safe.
However, it goes beyond just collecting a user’s browsing activity and IP address when connected to a VPN. Only three out of the top 20 free VPNs on iOS we tested respected a users’ decision to block advertisers from tracking user activity outside of the VPN app.
4. Poor Technical Infrastructure
A VPN with a poor technical infrastructure is vulnerable to attacks and can unknowingly leak your data.
As an example, in June 2021, Ukrainian authorities seized two of Windscribe’s OpenVPN servers as part of an ongoing investigation. It turned out that the servers were running an outdated configuration, with unencrypted OpenVPN server configuration and key.
Which VPNs Keep Logs? Full Test Results
To help shed light on this murky aspect of the VPN industry, we fact-checked the logging policies of 70 of the most popular VPN services on the market.
Key Findings
Our research revealed that the majority of VPNs record some form of user data:
39% log connection timestamps
26% store original IP address
10% record browsing activity data
6% log server IP address
The following table lists all 69 VPNs we’ve analyzed and the specific types of data they log. If you’re searching for a specific VPN, use Ctrl+F to find the provider you’re looking for.
Definitions
Aggregated: Aggregated data has been collected in a group and shows trends in total, never on an individual basis. For example, some VPNs collect aggregated server bandwidth data to make sure servers aren’t overloaded.
Anonymized: Anonymized or de-identified data is encrypted to make sure any third-parties wouldn’t be able to use the data.
Vague: This means a VPN provider hasn’t specified in its Privacy Policy whether this data point is collected.
How We Test & Rate No-Logs VPNs
We identified the most trustworthy VPN services that claim to be no-logs and put them through rigorous testing. This helped us see if they truly follow a no-logs policy and if they are worth subscribing to.
Our definition of no-logs includes VPNs that store personal information like an email address, username, password, and any payment information provided. It also includes VPN that aggregate or anonymize data, which cannot be used to identify any single user.
In the table below, you can compare how the top VPNs performed in each of our testing categories:
Here’s a more detailed explanation of our methodology and review process:
1. Real-World Case: 30%
Test Conducted: Research the VPN’s company history and record whether there have been any server seizures, hacks, leaks, or legal data requests.
Why It’s Important: It’s the most reliable way to tell whether a VPN is truthful in its logging policy, and the security of its servers and apps.
Optimal Result: Examples where the VPN has been unable to provide data to third parties due to its no-logs policy.
2. Privacy Policy: 30%
Test Conducted: Analyzed the privacy policies of each VPN to identify what data points are being stored, for how long, and whether they’re aggregated or anonymized.
Why It’s Important: Privacy policies reveal whether a VPN actually adheres to its no-logs claim or secretly collects identifying user data.
Optimal Result: The VPN stores no identifying activity or connection logs and protects user privacy.
3. Diskless Servers: 20%
Test Conducted: Researched VPNs to find out whether they had diskless VPN servers.
Why It’s Important: Diskless servers do not store data persistently, meaning if they are unplugged from the power source, all data on the server is permanently deleted. This makes it almost impossible for law enforcement to seize information like they can with physical servers.
Optimal Result: A full diskless VPN server network.
4. Logging Policy Audit: 10%
Test Conducted: Researched VPNs to find out whether any logging policy audits by third parties like Cure53 or Deloitte have been conducted and analyze them thoroughly.
Why It’s Important: Audits from external parties can prove whether a VPN is actually sticking to its logging policy.
Optimal Result: The VPN conducts yearly audits to prove it is not logging activity or connection logs over time.
5. Jurisdiction: 10%
Test Conducted: Researched each VPN’s jurisdiction and data privacy laws of each region.
Why It’s Important: Where a VPN is incorporated will affect its legal obligation to log and store data, or even share it with governmental authorities.
Optimal Result: A privacy-friendly jurisdiction like the British Virgin Islands or a watertight no-logs policy that’s been independently audited and verified in a real-world case.