NordVPN Passes Third Independent No-Logs Audit

NordVPN, a CNET pick for one of the best VPNs, recently completed a third-party audit of its no-logs claims, the company said Tuesday. The audit was conducted by Deloitte -- one of the "Big Four" auditing firms -- between Nov. 21 and Dec. 10, 2022, which confirmed in its Independent Reasonable Assurance Report that NordVPN didn't record or store any logs of user activity during the time of the audit.

"Nord guarantees a strict no-logs policy for NordVPN Services, meaning that your internet activity while using NordVPN Services is not monitored, recorded, logged, stored, or passed to any third party," NordVPN says in its Privacy Policy. "We do not store used bandwidth, traffic logs, IP addresses, or browsing data."

If a VPN provider doesn't collect or store logs of its users' activity, the provider wouldn't be able to furnish any such data should authorities request it. Though a VPN's no-logs claims can never be fully verified with 100% certainty, a third-party audit can offer substantial assurance that the VPN provider's claims are genuine and is a key element in providing transparency to consumers.  

As part of its assessment of NordVPN's no-logs claims, Deloitte inspected the server configuration and deployment processes of NordVPN's standard VPN, double VPN, obfuscated, Onion Over VPN and P2P servers. Deloitte found that, as of Dec. 10, 2022, "the NordVPN service is implemented as described."

"Our users need to know that they can trust us. When people use a VPN service, they need to know that it won't monitor their data," NordVPN product strategist Vykintas Maknickas said. "They need to have confidence in the security and effectiveness of its features and infrastructure. That's what our audit process is all about."

NordVPN's no-logs claims were previously audited and confirmed by PwC in 2018 and 2020.