The Essentials

Which VPNs Keep Logs? The Truth About VPN Logging Policies (90+ Tested)

Callum Tennent
Callum TennentUpdated

Understanding what type of data your VPN collects is a crucial factor when it comes to protecting your privacy. Find out which providers you can trust in this comprehensive guide to VPN logging policies.

An illustration of a man being watched by his device

When you browse the internet with a VPN you are trusting your provider with a wealth of sensitive information.

Depending on their logging policy, your VPN provider could monitor and store your IP address, choice of server location, and even the websites you visit. In short, there are dozens of sensitive logs that a VPN might collect and share if obliged to do so.

Of course, this is a critical issue if you’re concerned about your digital footprint.

We fact-checked the logging policies of the 90 most popular VPN providers on the market. Our research revealed that the majority of VPNs log some kind of data under the grounds of service improvements or troubleshooting:

  • 46% keep connection timestamps
  • 44% keep bandwidth usage logs
  • 26% log originating IP address
  • 6% log browsing activity data

Some of the most popular VPN providers even collect their users’ web activity and share this information with third parties.

For a list of all 90 VPNs and the data they log, take a look at our VPN Logging Policy Comparison Table.

The best VPN providers will do everything in their power to protect their users’ privacy. This means being completely transparent about what type of data is collected, why this data is necessary, and for how long it is kept.

Unfortunately, this is rarely the case.

The logging policies of popular VPN providers are often vague, complicated, or misleading.

Many providers falsely claim to collect a minimal amount of data or no data at all, while some are deliberately vague about the exact type of data their policy refers to.

To add to the confusion, marketing statements on VPN websites are rarely accurate representations of actual privacy policies. With over 300 VPN providers on the market, it’s difficult to know who to believe.

So how can you find a VPN that is actually worth your trust?

In this guide, we will examine the handful of VPN services that have had their ‘no logs’ policies verified. We’ll cover the different types of VPN logs, why they are kept, and what you can do to protect yourself.

What Types of Data do VPNs Log?

There are three types of data your VPN might record: activity logs, connection logs, and aggregated logs. Understanding what type of data falls into these categories is paramount if you’re to effectively protect your privacy.

1Activity Logs

Collecting activity data is the most invasive type of logging: essentially removing any privacy or anonymity benefit that a VPN might otherwise afford.

Also known as ‘usage logs’, this refers to any data explicitly related to your online activity. This could include:

  • Browsing history
  • DNS requests
  • URLs visited
  • Usage metadata

Hola VPN’s privacy policy provides a good example of activity logging:

A screenshot of Hola VPN's privacy policy

Screenshot from Hola VPN’s privacy policy.

Free VPN applications like Hola VPN are a common culprit for collecting activity data. This data is often shared or sold to third parties for advertising purposes, effectively subsidizing the cost of a subscription.

Some subscription-based ‘no-log’ VPN services like F-Secure Freedome monitor user activity if they are suspicious about an individual or if they are legally compelled to do so. Some, like SkyVPN, record user activity in real-time and then delete it when the VPN session is over:

A screenshot from SkyVPN's privacy policy

Screenshot from SkyVPN’s privacy policy.

Because this data is deleted so quickly, this type of activity logging isn’t too much of a concern. That being said, it’s best to avoid it where possible.

Other providers like Hide.me are technically incapable of collecting activity logs due to the configuration of their network. From a privacy standpoint, these providers are your best option.

Needless to say, any VPN storing activity data should be avoided at all costs. If you’re concerned about activity logging, take a look at the most popular VPNs that log your activity data.

2Connection Logs

Connection logs can include:

  • Bandwidth usage
  • Dates and times of connection
  • Originating IP address
  • VPN server IP address

Connection logs can be collected at the server-level (e.g. total server bandwidth usage) or the user-level (e.g. your originating IP address).

Typically, this data is used to optimize network performance and troubleshoot customer queries.

Server-level connection logs are a great example of why not all logging is a problem. It’s practically impossible for a VPN to maintain performance without logging any data whatsoever. In fact, monitoring and storing the right, non-identifiable data will help ensure you get the best possible experience from your VPN.

However, storing the wrong connection logs could allow a VPN provider to match you to your VPN activity. This could be used to personally identify you, which is a major problem for privacy-conscious users.

If you’re concerned about the type of connection data your VPN is logging, continue reading to find out exactly what kind of logging is unacceptable.

Here is an example of detailed user-level connection logs from Thunder VPN’s logging policy:

A screenshot from Thunder VPN's privacy policy

Screenshot from Thunder VPN’s privacy policy.

Claims that this data is only used to “deliver the best possible experience” or “improve customer service” are rife, but we know from experience that this level of detail isn’t necessary to maintain a well-performing VPN network.

3Aggregated Logs

Some of the most popular VPNs on the market collect aggregated logs. This means the VPN provider is collecting information and supposedly ensuring that it is anonymized and impossible to trace to specific users.

A VPN provider might collect the websites that you visit, the bandwidth you use, or the dates and times you connect to a VPN server. They will then strip this information of any identifying factors and add it to a larger database.

It’s important to be aware that some VPNs claim to keep no logs when they in fact keep aggregated logs. Anchorfree’s privacy policy is a good example of what to look out for:

A screenshot from Anchorfree's privacy policy

Screenshot from Anchorfree’s privacy policy.

Ultimately, the exact type of data being aggregated and the efficacy of the anonymization process will dictate whether or not this type of logging is acceptable. Put simply, you have to trust that your VPN service is anonymizing your data effectively.

If this is a leap of faith you are uncomfortable with, you’re better off choosing a truly no-logs VPN.

4No Logs

A truly no-logs VPN service will not collect or store any activity or connection data that could be used to personally identify you. Most importantly, it will not collect or hold any information transmitted through the VPN tunnel.

This will ensure that no user can be tied to any specific activity or connection on the VPN network. Every user will be private, anonymous, and unknown to even the VPN provider.

The only identifying information these VPNs will have is your email address (for registering your account) and billing (in case you want a refund). Some providers, like ExpressVPN, allow you to pay in Bitcoin to avoid this process altogether.

This means the VPN service cannot be compelled to make user data available to authorities or third parties, as the data simply doesn’t exist.

It’s for this reason that a strong logging policy can offset the issue of a poor jurisdiction, as is the case with Private Internet Access.

It’s important to note that “no-logs” doesn’t necessarily mean that absolutely no data is kept at all. Truly “zero logging” is effectively impossible to implement whilst maintaining a strong network or enforcing restrictions like device limits.

Most VPNs will keep very basic data like aggregate server load information (the number of users or bandwidth used per server). This is a justifiably minimal approach to logging which involves absolutely no identifying information. This is still classed as a no-logs VPN.

Visit the last chapter of this guide for a list of no-log VPNs that have been verified by third parties.

What Kind of Logging is Acceptable?

Some of the best providers on the market keep basic connection data that cannot be used to identify a given individual. For legitimate VPN services that are committed to their users’ privacy, collecting the following information is justifiable:

  • Aggregated Bandwidth Usage
  • Aggregated Connection Logs
  • VPN Server Location
  • Server Load Data
  • Subnet of Originating IP address*

*A fragment of your IP address. This can be used to identify your ISP, but not you personally.

 

What Kind of Logging is Unacceptable?

Virtual Private Networks are privacy tools above all else. For this reason, there are certain types of data that should not be collected under any circumstances. Avoid any VPN service that records the following data:

  • Browsing activity
  • Originating IP Address
  • Assigned VPN Server IP Address
  • Individual Timestamps*
  • Individual Bandwidth Usage*
  • DNS Queries

*This type of data is only dangerous if logged in combination with other detailed connection data.

Which VPNs Keep Logs? (90+ Tested)

An illustration of a hand stealing files from a laptop

To help shed light on this murky aspect of the VPN industry, we fact-checked the logging policies of 90 of the most popular VPN services on the market.

Our research revealed that the majority of VPNs record some form of user data:

  • 46% log connection timestamps
  • 44% log bandwidth usage logs
  • 26% store originating IP address
  • 6% record browsing activity data

The following tables list all 90 VPNs and the specific types of data they log. If you’re searching for a specific VPN, use Ctrl+F to find the provider you’re looking for.

If you’d like to skip these tables, you can jump straight to the VPNs That Keep Activity Logs, or skip to the next section on Reasons for VPN Logging.

Logging Policies 1 - 15

Provider Name VPN 360 Norton Secure VPN SkyVPN Psiphon Astrill VPNHub Free F-Secure Freedome VPN.ac SurfEasy Hola Free VPN VPN99 Buffered VPN McAfee Safe Connect Encrypt.me Le VPN
Browsing Activity Yes* Yes* Yes* Yes No Aggregated Yes* Yes* Yes* Yes Yes Yes Yes No No
IP Address Yes* Yes* Yes* Yes* Yes* Yes* Yes Yes Yes Yes Yes Yes Yes Yes Yes
Server IP Yes No No No No No Yes No No Yes Yes No No Yes Yes
Connection Timestamps Yes No No Yes Yes Aggregated Yes Yes No Yes Yes Yes Yes Yes Yes
Bandwidth Usage Aggregated Aggregated Aggregated Yes Yes Aggregated Yes Yes Aggregated Yes Yes Yes No Yes Yes
Server Location Yes No No Yes No No Yes No No Yes Yes Yes No Yes Yes

*Real-time monitoring, deleted after VPN session.

Logging Policies 16 - 30

Provider Name Private Tunnel Kaspersky Secure Connection Thunder VPN KeepSolid VPN #VPN Proxy Master by Hotspot VPN Proxy Master DotVPN VPNBook BitDefender VPN SuperVPN Free Betternet Free VPN Hotspot Shield Touch VPN Snap VPN
Browsing Activity No No No No No No No No No No No Aggregated Aggregated Aggregated Yes*
IP Address Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes No
Server IP Yes No No No No No No No No No No No No No No
Connection Timestamps Yes Yes Yes Yes Yes Yes Yes Yes Yes No No Yes Yes Yes Yes
Bandwidth Usage Yes Yes Yes Yes No No No No No No No Yes Yes Yes Yes
Server Location Yes Yes Yes No No No No No No No No No No No Yes

*Real-time monitoring, deleted after VPN session.

Logging Policies 31 - 45

Provider Name Turbo VPN Webroot WiFi Security AVG Secure VPN HideMyAss! Hide.me BlackVPN IVPN Mullvad VPN Windscribe Hidester VPN SaferVPN Anonymous VPN ExpressVPN PureVPN TigerVPN
Browsing Activity Yes* No No No No No No No No No No No No No No
IP Address No No No No No No No No No No No No No No No
Server IP No Yes Yes Yes Yes No No No No No No No No No No
Connection Timestamps Yes Yes Yes Yes No Yes* Yes* Yes* Yes Yes Yes Yes Yes Yes Yes
Bandwidth Usage Yes Yes Yes Yes Yes Yes* No Aggregated Yes Yes Yes Yes Yes Yes Yes
Server Location Yes Yes Yes No No No No No Yes* Yes Yes Yes Yes Yes Yes

*Real-time monitoring, deleted after VPN session.

Logging Policies 46 - 60

Provider Name Avast SecureLine Avira Phantom TunnelBear ProtonVPN Surfshark X-VPN AceVPN AirVPN Confirmed VPN DefenceVPN Goose VPN HotVPN ZPN Free NordVPN Perfect Privacy
Browsing Activity No No No No No Aggregated No No No No No No No No No
IP Address No No No No No No No No No No No No No No No
Server IP No No No No No No No No No No No No No No No
Connection Timestamps Yes Yes Yes Yes Yes Yes No No No No No No No No No
Bandwidth Usage Yes Yes Yes No No Yes Yes Yes Yes Yes Yes Yes Yes Aggregated Aggregated
Server Location No No No No No Yes No No No No No No No No No

*Real-time monitoring, deleted after VPN session.

Logging Policies 61 - 75

Provider Name ZoogVPN CyberGhost Ivacy BolehVPN Trust.Zone Zenmate mySteganos Online Shield AzireVPN CactusVPN Celo VPN FastestVPN Free VPN by FreeVPN.org FrootVPN ibVPN IPVanish
Browsing Activity No No No No No No No No No No No No No No No
IP Address No No No No No No Aggregated No No No No No No No No
Server IP No No No No No No Aggregated No No No No No No No No
Connection Timestamps No Aggregated Aggregated Aggregated Aggregated Aggregated Aggregated No No No No No No No No
Bandwidth Usage Aggregated No Aggregated Aggregated Aggregated Aggregated No No No No No No No No No
Server Location No No No No No No No No No No No No No No No

*Real-time monitoring, deleted after VPN session.

Logging Policies 76 - 90

Provider Name OneVPN PersonalVPN Private Internet Access PrivateVPN proXPN Slick VPN Strong VPN SwitchVPN TorGuard VPN.ht VPNArea VPNSecure VPNShazam VyprVPN Yoga VPN
Browsing Activity No No No No No No No No No No No No No No No
IP Address No No No No No No No No No No No No No No No
Server IP No No No No No No No No No No No No No No No
Connection Timestamps No No No No No No No No No No No No No No No
Bandwidth Usage No No No No No No No No No No No No No No No
Server Location No No No No No No No No No No No No No No No

*Real-time monitoring, deleted after VPN session.

Popular VPNs That Keep Activity Logs

The following VPN services log your browsing history and activity data. This is the most egregious form of logging and should be avoided at all costs.

This is by no means an exhaustive list of all VPNs that keep activity logs. You should always personally check your provider’s policy before trusting them with your data.

Provider Name Data Logged Storage Time
Buffered VPN
  • DNS server addresses*
  • IP address*
  • Unique device identifers
  • OS version
  • Network information
  • Session duration
30 Days
Hola Free VPN
  • URLs visited
  • Time spent on web pages
  • Access dates and times
  • Originating IP address
  • Browser type
“As long as necessary”
McAfee Safe Connect
  • URLs visited
  • Time spent on web pages
  • Connection timestamps
  • Originating IP address
  • Unique device ID
  • Browser type
  • Location information
  • File data (emails, attachments, etc.)
“As long as necessary”
Psiphon
  • Domains visited
  • VPN protocol used
  • VPN session time
  • Bandwidth usage
  • Location data
  • ISP
60 days
VPN99
  • URLs visited
  • Unique device ID
  • Originating IP address
  • Connection timestamps
  • OS version
  • Browser type
5 years

*Collected by default through the ‘report operational errors’ feature within the application.

What Are the Reasons for VPN Logging?

There are lots of valid reasons a VPN provider might maintain some basic logs. This could include the following:

1Bandwidth Limits

Free or ‘freemium’ VPNs often impose caps on the amount of data a user can transfer within a given time period. Limiting the amount of bandwidth used by a specific account obviously requires a degree of logging.

While this type of logging isn’t typically an issue, if a VPN claims to be completely ‘zero logs’ but also imposes bandwidth limits, it’s likely their claims aren’t entirely true.

2Device Limits

Limiting the number of devices used per account is one of the most common reasons for maintaining logs. Enforcing these restrictions will almost always require some form of temporary logging, at least during each VPN session.

Exactly how each provider enforces their device limits is subjective. Some privacy policies, like KeepSolid VPN and Windscribe, are transparent about logging the number of simultaneous connections per account. By contrast, some ‘no-logs’ VPNs impose device limits without explaining exactly how.

NordVPN is a great example of a VPN going the extra mile to protect user privacy despite enforcing device restrictions. Rather than storing user connection data, NordVPN relies on a unique algorithm to keep track of simultaneous sessions:

“To limit the number of simultaneous sessions of an active user, an algorithm keeps their username and the timestamp of the last session status while the session is active. This data is wiped within 15 minutes after the session is terminated.”

3Virtual Private Servers

To save on costs, some VPN services rent Virtual Private Servers (VPS). These are significantly cheaper than dedicated physical servers, especially in countries without strong digital infrastructure.

While this might reduce a VPN provider’s overheads, it can be problematic in terms of privacy.

Rental servers can maintain logs of activity regardless of the VPN company’s logging policy. Depending on the jurisdiction of the rented server, local authorities could compel the server host to log or share this data.

In this case, the logging policy of the VPN company is redundant. Local authorities can go directly to the server host to find the information they need.

This problem was demonstrated in 2014 when an EarthVPN user was arrested in the Netherlands. Despite EarthVPN’s no-logs policy, the relevant authorities compelled the virtual server host to hand over the data needed to identify their suspect.

4Legal Obligations

National intelligence agencies like the NSA and GCHQ have the power to force organisations to log and share private information. Given the scope of their bulk surveillance programs, targeting a particular company or server network is particularly easy.

These logging requests may be accompanied by a gag order, which makes it illegal for the company to publicly disclose what they’re being compelled to do. Some VPN companies publish warrant canaries in an attempt to tackle this problem.

For more information on warrant canaries and how a VPN’s location might affect your privacy, you can read our Guide to VPN Jurisdictions.

5Performance Optimization

Maintaining a fast, private, and reliable VPN service doesn’t necessarily require logging, but it definitely helps. Basic connection data can help in selecting the most appropriate server to connect to, or allocating resources to the most popular server locations.

Many VPN providers use performance optimization to justify extensive and invasive logging practices. It’s important to be aware that in most cases, anything above basic connection data is not necessary to maintain a well-performing VPN network.

The Problem With VPN Logging Policies

An illustration of a woman shielding herself from eyes with an umbrella

Unsuspecting VPN users are commonly misled by vague, false, or deliberately confusing logging policies designed to create the illusion of privacy.

If you don’t know what to look for, you could end up using a VPN service that puts you at risk.

If you’re assessing a VPN’s privacy policy or investing in a subscription, you should be aware of the following common problems.

If you’re already familiar with these issues, you can skip straight to How to Protect Yourself.

1False Advertising

With the exception of independent auditing, it’s almost impossible to truly verify a VPN’s logging policy until it’s too late.

To prove this point, there are several examples of supposedly ‘private’ or ‘no logs’ VPN providers that have been caught sharing detailed logs with authorities.

In 2011, London-based VPN provider HideMyAss (HMA) played a key role in the arrest of Cody Kretsinger, a 23 year-old Phoenix resident. Kretsinger was a member of LulzSec, a spinoff of the hacker-activist group Anonymous.

HMA claimed to be a privacy-first service that allowed users to “surf anonymously online in complete privacy”:

A screenshot from an archive of HideMyAss's homepage

Screenshot from an archive of HideMyAss’s homepage, July 18th, 2011.

The FBI traced Kretsinger’s hack to an IP address owned by HMA, and promptly issued a UK court order demanding logs. HMA complied and shared the connection logs that eventually identified Kretsinger.

While it is clear that illegal activities should not be condoned under any circumstances, this incident is just one example of a serious flaw in the VPN ecosystem. Selling a product that explicitly claims to protect a user’s identity and then doing the opposite is undeniably deceptive.

HideMyAss isn’t the only VPN provider with a history of false advertising — IPVanish also has a troubled past when it comes to data logging.

In 2016, IPVanish cooperated with the FBI to assist with a criminal investigation. Despite a privacy policy that was explicit about its zero-logging practices, IPVanish ultimately conceded to legal requests and provided detailed connection data to authorities.

A screenshot from an archive of IPVanish's privacy policy

Screenshot from an archive of IPVanish’s privacy policy, March 13th, 2016.

While this is obviously concerning, it’s important to note that this incident occurred while the company was under entirely different ownership and management. For more information on this case, you can read our full IPVanish review.

It’s likely that there are many more examples of supposedly ‘no-logs’ VPNs sharing data with authorities or making false claims that we will simply never know about. As it stands, it’s important to look into your provider’s history before making a decision.

2Deliberate Ambiguity

In an ideal world, all VPN logging policies would clearly explain what data is kept during and after a VPN session. Unfortunately, many providers rely on ambiguity to help create a false sense of security.

Most users don’t realise that broad phrases like ‘no-logs’ aren’t always what they seem. Some VPN providers take advantage of the fact that there is no standard definition of ‘logs’ across the entire industry.

This loophole allows VPN services to avoid explicitly stating what type of data their ‘no logging’ claims refer to.

A provider might legitimately advertise ‘no-logs’ for activity data, but continue to record personally-identifiable connection data.

Put simply, many VPN providers are labelling themselves as ‘no logs’ by their own standards alone.

While some connection logs are not necessarily bad, making false or contradictory statements only adds to the confusion and distrust when selecting a VPN.

In a similar vein, it’s fairly common for a VPN’s marketing claims to directly contradict their privacy policy. Typically, they will make a bold ‘zero-logging’ claim on their homepage, and then carefully disclose the data they actually keep in their terms and conditions.

ThunderVPN provides a great example of these tactics. The company clearly advertises a “strict” no-logging policy on its Google Play Store listing:

A screenshot from ThunderVPN’s Google Play Store listing

Screenshot from ThunderVPN’s Google Play Store listing.

However, a quick read of its privacy policy proves this to be completely untrue:

A screenshot from Thunder VPN’s privacy policy

Screenshot from Thunder VPN’s privacy policy.

Not only are these practices dishonest, they’re potentially dangerous for unsuspecting VPN users that haven’t read their provider’s policy in full.

If you find a VPN that makes contradictory or misleading statements about their logging practices, it’s sensible to think twice about their trustworthiness. In most situations, it’s unlikely to be a VPN you should trust with your sensitive data.

3Lack of Detail

It’s surprisingly common for less popular VPN providers to operate without a privacy policy at all. Needless to say, if there are no details about data collection on the provider’s website, the VPN should not be trusted.

Similarly, look out for unusually short policies. Lots of providers simply state:

“We do not log any of your activity while connected to the VPN service.”

These statements explain nothing about how your data might be collected in other ways.

Yoga VPN’s privacy policy is a good example of what to avoid. At just 371 words long, the entire document barely explains a single thing about how Yoga VPN operates.

Some services are also worryingly vague about how their terms of service are enforced. Dozens of providers boast about ‘no-logs’ but also warn users that they will “investigate suspicious behaviour” or “ban abusive users” in the same sentence.

The question then stands: if a VPN provider does not log your IP address or activity, how are they able to investigate suspicious behaviour?

If a VPN’s logging policy is short or vague, contact the provider’s support team for more details. Don’t use a product that’s not willing to invest the time to be clear and transparent about their practices.

4Jurisdiction

Logging policies and jurisdictions are closely intertwined. While obscure jurisdictions can be great for privacy, they can also cause issues in terms of accountability.

It’s much harder to hold a remote business accountable for violating false advertising laws or deceiving customers. If a VPN in Panama deliberately misleads a customer in Germany, there’s not a lot that can be done.

More importantly, a VPN provider’s jurisdiction will affect its legal obligation to log data and share it with authorities. A service based in the US, for example, could be compelled to monitor its users in secret.

These invasive jurisdictions are less of an issue if a VPN is truly no-logs. However, choosing a service outside of these countries may offer more protection.

To learn more about data sharing amongst the five, nine, and 14 eyes alliances, read our Guide to VPN Jurisdictions.

How to Protect Yourself

If you’re concerned that your VPN might not be fully protecting your privacy, there are several steps you can take to further safeguard your sensitive data.

1Choose a VPN with a Verified Policy

There have been several instances where legal cases and real-world events have verified a VPN provider’s zero-logging policy.

Services like ExpressVPN and Private Internet Access have had their servers seized and been unable to cooperate due to a lack of retained data. What’s more, both providers have had their logging policies verified by third party auditors.

Other VPN providers that successfully passed an independent audit include:

  • Hide.me
  • IVPN
  • Mullvad VPN
  • PureVPN
  • TunnelBear
  • Surfshark
  • IPVanish
  • VyprVPN

If you’re concerned about VPN logging, it’s safer to choose a VPN with a proven record.

2Combine a VPN with Tor

If configured correctly, using a VPN in combination with the Tor browser can move you a step closer towards anonymity.

It’s worth remembering that the Tor browser is slow at the best of times. Combining a VPN with Tor will considerably reduce your VPN’s performance and connection speed.

3Layer VPN Services

Using multiple VPN services concurrently will add another layer of protection to your identity.

The simplest way to do this is to set up a VPN router and connect your device. Install a VPN from a different provider on the same device and then run the application. You will then be passing your data through both providers simultaneously.

Just like using a VPN in combination with Tor, layering multiple VPN services will have a considerable impact on performance.

4Choose a Privacy-Friendly Jurisdiction

Subscribing to a VPN based outside of key intelligence-sharing countries is the safest option.

Remember that operating outside of these invasive jurisdictions doesn’t necessarily mean a VPN provider can be trusted. The VPN company could still cooperate with foreign authorities and even log your data if they are so inclined.

Verified No-Logs VPN Services

An illustration of a man protecting sensitive data from eyes

There have been several occasions where legal cases, independent audits, and real-world events have verified a VPN provider’s logging policy.

While each of the following services keep limited, non-identifiable connection logs, unlike other VPNs in this guide, they clearly explain this in their privacy policies and have passed full third-party assessments.

Most importantly, these VPN providers did not compromise user privacy and anonymity when pressed for logs by authorities.

We will examine these providers below and the exact circumstances under which their ‘no logs’ policies have been verified.

1NordVPN

With over 12 million customers, NordVPN is one of the largest VPN providers in the world. The company is headquartered in the legal jurisdiction of Panama, which means your data is safely beyond the reach of invasive EU and US data retention laws.

Panama does not require businesses to retain any user data whatsoever, nor is it part of any international alliances that might compel it to share intelligence with other countries. This means NordVPN has the power to deny any third party data requests, so there is no way your online activity can be traced back to you.

NordVPN doesn’t monitor your activity or store any user logs whatsoever.

While NordVPN does log aggregate server loads, this information is by no means personally identifiable and helps to maintain performance across the network.

In 2018, NordVPN completed a full, independent audit to verify its no-logs claims. The audit was conducted by PricewaterhouseCoopers, who had full access to the company’s servers, code, employees, and databases.

The audit officially verified NordVPN’s logging policy and confirmed that the company does not store IP addresses, connection logs, traffic data, or any information related to browsing activity.

For more details, take a look at our full NordVPN review.

2ExpressVPN

  • Non-Identifiable Connection Logs
  • TrustedServer System
  • Based in British Virgin Islands
  • Extensive Third-Party Audit
  • Real-Life Verification
  • Read our full ExpressVPN review

ExpressVPN is operated by Express VPN International Ltd., a company based in the British Virgin Islands.

The British Virgin Islands has complete sovereignty over its own data regulations and is therefore an excellent choice of location for a privacy-minded VPN service.

While foreign governments can still demand information, ExpressVPN has made it clear that it will never concede to these requests and more importantly, that it doesn’t have any personally identifiable data to share in the first place.

The only information ExpressVPN retains is the location of your chosen VPN server, the date of connection, and the total amount of data transferred.

While this seems more extensive than necessary, the most important factor is that this data can never be used to identify you or your activity.

This was put to the test in December 2017, when an investigation into the assassination of Andrei Karlov put the company’s logging policy in the spotlight.

Turkish authorities attempted to force ExpressVPN to provide customer data and seized one of the company’s local servers. The authorities were unable to obtain any information because there was simply no data available.

ExpressVPN later issued a statement on the case:

“As we stated to Turkish authorities in January 2017, ExpressVPN does not and has never possessed any customer connection logs that would enable us to know which customer was using the specific IPs cited by the investigators.

Furthermore, we were unable to see which customers accessed Gmail or Facebook during the time in question, as we do not keep activity logs.”

Every server in the ExpressVPN network has also been upgraded to run in RAM-disk mode. This is a major improvement from a privacy and security standpoint, removing the need for traditional hard drives and guaranteeing that all information is wiped every time the server is powered off and on again.

The company has also been independently audited by PricewaterhouseCoopers, who validated their no-logging claims and privacy protections. To find out more, read our full ExpressVPN review.

3Private Internet Access

  • Zero-Logs VPN
  • Regular Transparency Reports
  • Based in British Virgin Islands
  • Extensive Real-Life Verification
  • Incredibly Fast Speeds
  • Read our full Private Internet Access review

Private Internet Access (PIA) is an incredibly fast VPN based in the United States. While its jurisdiction is far from ideal, its stance on logging has been independently verified on several occasions.

PIA keeps absolutely no VPN logs. You can use the service with complete confidence that your data is not being monitored or stored, nor can it be traced back to you. In addition, the company regularly releases full transparency reports, which you can read here.

Private Internet Access is unique in that its logging policy has been externally verified on two separate occasions.

In 2016, the FBI subpoenaed PIA in connection with a user that was suspected of making bomb threats. Though they were facing official demands for logs, the VPN service simply had no data to provide, as described in the official court documents.

PIA was subpoenaed for evidence again in a second case from June 2018. Once more, the company had no available logs to hand over.

Based on these two cases, it is safe to consider Private Internet Access a verified no-logs VPN provider.

Read our full Private Internet Access review for more information.

Don't Be Afraid to Ask Questions

VPN logs aren’t always a bad thing. Ultimately, their importance depends on the level of anonymity you’re looking to achieve.

The main issue, however, is a widespread lack of honesty and transparency. A legitimate VPN provider will leave you with absolutely no doubt that your personal information is in safe hands.

If you see that the claims on a provider’s homepage do not align with its privacy policy, take your money elsewhere. If something looks ambiguous or suspicious, don’t hesitate to contact the provider’s support team.

The key is to understand exactly how VPN services can manipulate their policies. Once you have a solid understanding, you can then look for honest providers and take extra precautions if you need higher levels of anonymity.

With your privacy at stake, it’s your right as a user to expect transparency at the very least.

About the Author


  • Headshot of Top10VPN.com Site Editor Callum Tennent

    Callum Tennent

    Callum is our site editor and a member of the IAPP and the EC-Council's Knowledge Review Committee. He oversees all our VPN testing, reviews, guides and advice. Read full bio