NordVPN Passes Third Independent No-Logs Audit

Deloitte concludes that NordVPN didn't record or store any logs of user activity.

Attila Tomaschek
Attila is a Staff Writer for CNET, covering software, apps and services with a focus on virtual private networks. He is an advocate for digital privacy and has been quoted in online publications like Computer Weekly, The Guardian, BBC News, HuffPost, Wired and TechRepublic. When not tapping away on his laptop, Attila enjoys spending time with his family, reading and collecting guitars.
Expertise Attila has nearly a decade's worth of experience with VPNs and has been covering them for CNET since 2021. As CNET's VPN expert, Attila rigorously tests VPNs and offers readers advice on how they can use the technology to protect their privacy online.
Attila Tomaschek
2 min read
Nord VPN

NordVPN's latest independent audit from Deloitte helps give credence to the VPN provider's no-logs claims.

Sarah Tew/CNET

NordVPN, a CNET pick for one of the best VPNs, recently completed a third-party audit of its no-logs claims, the company said Tuesday. The audit was conducted by Deloitte -- one of the "Big Four" auditing firms -- between Nov. 21 and Dec. 10, 2022, which confirmed in its Independent Reasonable Assurance Report that NordVPN didn't record or store any logs of user activity during the time of the audit.

"Nord guarantees a strict no-logs policy for NordVPN Services, meaning that your internet activity while using NordVPN Services is not monitored, recorded, logged, stored, or passed to any third party," NordVPN says in its Privacy Policy. "We do not store used bandwidth, traffic logs, IP addresses, or browsing data."

If a VPN provider doesn't collect or store logs of its users' activity, the provider wouldn't be able to furnish any such data should authorities request it. Though a VPN's no-logs claims can never be fully verified with 100% certainty, a third-party audit can offer substantial assurance that the VPN provider's claims are genuine and is a key element in providing transparency to consumers.  

As part of its assessment of NordVPN's no-logs claims, Deloitte inspected the server configuration and deployment processes of NordVPN's standard VPN, double VPN, obfuscated, Onion Over VPN and P2P servers. Deloitte found that, as of Dec. 10, 2022, "the NordVPN service is implemented as described."

"Our users need to know that they can trust us. When people use a VPN service, they need to know that it won't monitor their data," NordVPN product strategist Vykintas Maknickas said. "They need to have confidence in the security and effectiveness of its features and infrastructure. That's what our audit process is all about."

NordVPN's no-logs claims were previously audited and confirmed by PwC in 2018 and 2020.