Top 10 VPN Logging Policies & Verified No-Log VPNs

top VPNs logging policies explained

Most VPNs with a half decent landing page advertise themselves as being log-free or having no logs. But is it really the case?

People subscribe to a VPN for a number of reasons, and in many cases, it’s all about unlocking geo-restricted content (particularly Netflix), etc.

But let’s face it: the reason you subscribe to a VPN is because you want to be hidden and safe. It’s obvious. A VPN must be able to hide all your activities and your identity away from prying eyes so you can do whatever you want away from anyone’s reach – even the government. It should be, after all, your right.

Of course, even if you use a VPN (and no matter which VPN you use), there are digital footsteps. These take the form of logs in your VPN’s server which might be kept or deleted depending on the logging policies of your VPN provider. Which begs the question…

What Exactly Are Logs?

Logs, in general, are bits of information you leave while being connected to the Internet. The data is available to your VPN provider – the websites you visit, when you visit the sites, what you do on those sites, the personal information share, usernames, passwords, other identification details; this might help service providers to track information back to a specific user.

This information stored is referred to as a “log”.

There are different types of logs for different use cases. Your VPN provider may retain some information (that they will eventually wipe off from their servers) or they may choose to record and keep (and sell) everything. This all depends on the nature of the information and the VPN services themselves… so what are the kinds of VPN logs?

Kinds of VPN Logs

In order to further understand no-log policies, you need to have a brief knowledge of the kinds of logs that your VPNs keep.

There are 2 major types of logs – activity and connection logs.

Activity logs, or sometimes called usage logs, are those which contain all your activities on the Internet. These logs pose a great threat to your safety and anonymity.

These include:

  • All the websites and IPs you’ve visited.
  • The applications you have used.
  • Connection times.
  • Metadata.

Fortunately, some of the best premium VPNs do not retain this type of data. Some examples of them are NordVPN, ExpressVPN, CyberGhost, VyprVPN, and Private Internet Access.

But free VPNs retain all of this for the sole purpose of selling your data to the highest bidder. This can be advertisers who want to push personalized ads or even governments seeking to track every click. Not cool!

Another kind of logs is connection logs. Connection logs are often called “harmless” logs.

These are already given since the moment you visit a website, your connection is timestamped and traced back to your ISP so you can be identified. It’s a slight snoop in your activity, but it’s not as intrusive as activity logs. However, this can pose as a security risk depending on the extent of the log and the length of time such logs are kept for. In some extreme cases, these logs are never deleted.

Connection logs are often used by VPN providers to make sure their service isn’t being abused by free trial accounts, hackers, and extreme pirates.

Now that you know what kind of logs are being kept, it’s time to fully know what kind of processes your premium VPN providers go through do to ensure your anonymity.

What exactly are they tracking, to what extent, and how do they keep things leak-proof?

Top 10 VPN Logging Policies

Logging policies can also vary on different points.

VPN providers claim that they have no logs yet rent third-party servers. Not only do the third-party services have access to your log, but they also do not have the same level of security as your VPN provider which will definitely leave you vulnerable.

Consequently, you need to choose a VPN that will guard not only your activities on the Internet but your personal information and activity on multiple levels. It’s not easy to discern which VPN is actually protecting you over a “bad” VPN, so we’ve taken the time to review the no log policies of the VPNs we always recommend.

Take the time to learn if these VPNs below are keeping you safe! We’ve marked what each VPN is logging and for what purpose (in parenthesis).

1. NordVPN

“We don’t track, collect, or share your private data. It’s none of our business.”

NordVPN wouldn’t be our top-rated VPN for no reason. It’s natural to think that when you’re looking for a premium VPN and one ranks 1st on the list, you know there would be no privacy issues.

True enough, NordVPN has a strict no-log policy. Consumers are ensured that none of their data, traffic logs, and browsed content is being spied on by third parties or even the government.

NordVPN collects:

  • Email address (Marketing)
  • Cookies (Marketing)
  • Payment data (Payment Fraud Protection / Refunds)
  • Timestamp of last session status (Service Improvements)
  • Customer service information (Service Improvements)

They collect the minimum information with justifications; the data is being used to improve services and prevent account abuse.

The data will all be encrypted and cannot identify you. It’s all for the sake of user convenience so NordVPN’s logging policy is all clear.

Furthermore, NordVPN operates in Panama so it’s away from the prying eyes of any surveillance alliances. There has been no breaches or leaks, or any news around them cooperating with government investigations so far.

Want to know how NordVPN made it to the top of our list? Read more about NordVPN here.

2. ExpressVPN

“Your DNS traffic is your business. Protect it.”

With ExpressVPN being one of the most prominent VPN providers in the market, it’s a no-brainer that it also values the privacy of its customers.

On the website, they state that they do not and will never log IP addresses, browsing history, traffic destination, and DNS queries. While you may feel somewhat secure about this, it doesn’t erase the fact that they collect some information…

ExpressVPN collects:

  • ExpressVPN apps and app versions successfully activated (Service Improvements / Refunds)
  • Dates (not times) when connected to the VPN service (Service Improvements / Refunds)
  • Choice of VPN server location (Service Improvements / Optimization)
  • Total amount (in MB) of data transferred per day (Service Improvements / Tracking Abuse)

We do remind you that these particular data are not sufficient to determine the individuality of a particular user, so you can rest your head on this one – you will remain anonymous despite these.

Apart from their no logging policy, they also operate their own DNS on every server, meaning there are no third party DNS. Identifiable data is never stored on any server.

What’s more favorable is that ExpressVPN is based in the British Virgin Islands. This means that they are far from intrusion by government entities around the world. Talk about independence.

Curious about ExpressVPN? Read more about it here.

3. VyprVPN

“We don’t log VPN user activity. We’re audited to prove it to you.”

Not too long ago, VyperVPN had some issues with its claim of absolute no-log policy.

They stated on their website that they required some logging of VPN service data in the past for the convenience of their customers. It helped them to filter the unnecessary content and optimize the experience of their users.

And with their commitment to being fully transparent, they enumerated the information they formerly logged and retained for 30 days which included:

  • Customer’s source IP address
  • VyprVPN’s IP address assigned to the user
  • Connection start and end times
  • Total number of bytes used

In November 2018, the company made the decision to hire an independent auditor – security firm Leviathan – to strengthen its commitment to being a No-Log Policy VPN.

Subsequently, in March 2019, it changed its policies to further confirm that truly, they keep no activity logs of its users whatsoever.

VyprVPN collects:

  • Personal Data from registration (Service Improvements / Refunds)
  • Customer support inquiries (Service Improvements / Refunds)
  • Third-party party payment processors (Refunds / Fraud Detection)
  • Third-party party analytics software and cookies (Marketing)

Way to go, VyperVPN!

Do you want to know more about VyperVPN? Read about it here.

4. CyberGhostVPN

“The only way to secure your data is not to store it.”

But is it really the case, CyberGhostVPN?

The VPN company claims that it fully implements a no-log policy for the activity of its users.

CyberGhostVPN collects the personal and non-personal data of its users from account registrations and support inquiries. The former includes data such as registration information for the proper administration of the accounts of its users. The latter, on the other hand, consists of data which is exchanged between the user’s browser and the company’s affiliates or their server.

CyberGhost collects:

  1. Personal data during registration (Service Improvements / Refunds)
  2. IP address during payment – not connected to VPN (Fraud Detection)
  3. Third-party party analytics software and cookies (Marketing)
  4. Connection attempt, country of origin, CyberGhost VPN version, “etc” (Service Improvements)

This poses no threat if the company could just invite a security firm to run an audit and publish the results.

Data concerning the performance of their services are shared with a third-party called MixPanel. It may not be that alarming because it’s a tool for improving the product with user experience data. It acts as sort of a gauge to determine satisfactory performance but for some users who don’t like third party analytics, they also happen to use VWO, Facebook, Yahoo, Twitter, Bing, Instabug, BugSplat, OpenX, etc.

The two most worrying parts are: they track when and how often you are connecting to their VPN servers which they use to optimize their services by identifying peak hours and such…

…And the usage of “etc” in their list of data collected during connection attempt. Etc? Really? This is a broad statement.

They claim that they don’t track its users’ internet traffic performed using the VPN and identifying information. They don’t quite clearly state what they do track under “etc”…

Need some convincing? Check out our review of CyberGhostVPN here.

5. Private Internet Access (PIA) VPN

Private Internet Access. As secure as the name may sound, can PIA really attest to this fact?

It may come as a red flag for some because of the fact that it’s based in the US, but don’t worry, you’re safe and secure because PIA has proven no intrusion of the government and its no-log policies in court.

Yes, you heard that right. PIA has proven its no-log policies and has protected the privacy of its users in court. And not just once, but twice!

PIA deserves all the praise it receives from the privacy community. After all, it values its customers’ anonymity and security – and has “definitive” proof. They don’t bother spelling it out in their Terms of Service because of this.

If you’re not convinced, check out our review of PIA here.

6. Ivacy VPN

“No data logging to worry about.”

Who would have thought? Ivacy VPN advertises itself as one of the most extremely affordable VPNs in the market.

Some users might think that with cheap subscriptions come faulty security. Well, we hate to break it to you but it’s a misnomer for Ivacy VPN.

It certainly values the privacy of its customers because they seem to collect the bare necessities.

Ivacy collects:

  • Billing information (Refunds / Fraud Detection)
  • Ivacy VPN software and app-related data such as events, failed connection attempts, application, aggregated bandwidth (Service Improvements / Abuse)
  • Support-related emails and chat log (Service Improvements)

Data pertaining to inactive customers is purged after 12 months.

Ivacy also uses a handful of product tools such as MixPanel, Firebase, Crashlytics, Google Analytics, and iTunes. That said, they still promise to protect you from ISP tracking and third party spying.

Need some more convincing? Check out our review of Ivacy VPN here.

7. Trust.Zone

Trust is a very big word, especially for VPN providers.

Trust.Zone is another VPN that claims zero logging. They claim that all their VPN servers do not store log files to keep the privacy of their users secure and safe.

Trust.Zone collects:

  • Billing information (Refunds / Fraud Detection)
  • Support-related emails and chat log (Service Improvements)
  • Third-party payment processors (Refunds / Fraud Detection)
  • Third-party analytics software and cookies (Marketing)

Collecting personal information from the account registration process is the norm. E-mail addresses are used for marketing newsletters and product updates so you can just use a new email account.

We cannot say the same for the third parties who process the payments made on their site. Hence, it’s advisable to use cryptocurrency for payments to keep your information safe.

One thing to note is they mention something about usage data being anonymous. So are they collecting anonymized usage data and how secure is this?

Read our review about Trust.Zone here to see if it’s for you.

8. Windscribe VPN

“Take your browsing history to your grave.”

Some VPN privacy policies lay out all the details necessary for a secure and safe experience – but Windscribe is one of the most transparent when it comes to explaining their log policy.

Their policy breaks down what they collect in various steps:

  • When you visit their website, they use 3rd party tracking and analytics (Marketing)
  • When you sign up, they log your email (Marketing)
  • When you pay, a 3rd party payment processor takes your billing information (Billing / Fraud Detection)

Windscribe collects:

  • Total amount of data transferred within a 30-day window (Free Trial Abuse)
  • Timestamp of your last activity (Free Trial Abuse)
  • Number of connections (Free Trial / Device Limitation Abuse)

And they’re quite honest about what’s being stored in the servers’ memory which is immediately wiped when you disconnect:

  • OpenVPN/IKEv2 username
  • Time of connection
  • Amount of data transferred

As stated in their privacy policy, they keep logs of the bandwidth you consume on their network and a record of your last connection to their servers. A little scary, but they are honest about it.

The deal breaker for some might be the fact that they operated in Canada. In case you didn’t know, Canada is one of the founding members of the Five Eyes Alliance.

All in all, we’re quite happy to see such a transparent no-log policy. But if you are perceptive about total privacy, then you should think twice before subscribing to this one due to their jurisdiction.

If you need more facts, check out our review of Windscribe VPN here.

9. ibVPN

“Will you really be invisible with ibVPN?”

Perhaps, you will. They start off their privacy policy with “We collect personally identifiable information about you…” but goes on to say they don’t collect or log any traffic or use of their VPN service.

ibVPN is based in Romania so you know they aren’t legally obliged to keep logs of the activities of their users.

If you’re looking for further proof, take it from one of the founders himself, Dan Gurghian.

ibVPN collects:

  • Billing information (Refunds / Fraud Detection)
  • Support-related emails and chat log (Service Improvements)
  • Third-party payment processors (Refunds / Fraud Detection)
  • Third-party analytics software and cookies (Marketing)

They store limited data but it’s for the sake of monitoring users who abuse the free trial they provide. It also allows them to stop spamming and to prevent other users from doing things which are not allowed in some of their servers. They also go on to say that they “cannot relate any specific activity with any specific user” in case they do have to comply with the law and share what little information they have.

If you want to know more about ibVPN, you can check out our review here.

10. VPN is a less popular VPN in the market but with its clear no-log policy, it does not disappoint.

They want to stray away from possible legal liability both ways, so they strictly do not log the data of its users. collects:

  • Personal data you share during signup (Billing / Marketing)
  • Non-persistent log of connection data which includes customers’ randomly generated usernames and assigned IP addresses (Service Improvements)
  • Third-party marketing and product tools (Marketing / Service)

Do note that they only keep the connection data for troubleshooting purposes and this is wiped clean once the issue is resolved.

Furthermore, they represent that all the possible data they receive on their servers always remain anonymous, so your identity is protected.

One fact worth noticing is that VPN is based in Malaysia which supports no data retention. It’s a long stretch away from being investigated by any government entities.

If you want to know more about VPN, check out our review here.

5 Verified No-Log VPNs

Premium VPNs sometimes go to the extent of proving their stance on privacy issues such as logging policies through other methods apart from just the common marketing copy on their website. It’s needed. After all, it’s one of the primary reasons why a customer should subscribe in the first place.

Users, on the other hand, need additional confirmation. For a very meticulous one, just an assertion of not keeping logs will not suffice. There has to be some definitive proof that indeed, a VPN can brand itself as “safe”.

Only a few VPNs have attained a verified status in the Internet community, and each of these can fully attest to the safety of its customers on its platform. Take a look!

1. NordVPN

If you need to verify further whether or not you can trust NordVPN with your browsing activities, then check this out.

In order to strengthen their commitment to being a log-free VPN, they hired an independent audit company just recently. In case you were wondering, the audit was done by none other than PricewaterhouseCoopers AG, one of the big 4 auditing firms in the world.

The audit report wasn’t available at first given the confidentiality of the details, but in January 2019, the company cited that the report is now available to be viewed by NordVPN subscribers and free trial users.

So there you have it, folks. NordVPN is tried and tested to be log-free.

2. ExpressVPN

ExpressVPN is a top-tier VPN for a reason. Its vast number of subscribers and considerable recommendation on the Internet are proof that it also values privacy and security above anything else.

But it’s hard to prove a no-log policy claim unless backed up by some sort of documented evidence – that’s why ExpressVPN has also expressed its willingness to undergo an audit.

Recently, ExpressVPN invited Cure53, a cybersecurity firm to conduct a review of their privacy policies. The inspection ranged from testing the extension in browsers to other issues that possibly needed fixing.

Cure53’s report on its findings is viewable on its website, but you can also find a summary of it on ExpressVPN’s website. The report affirms ExpressVPN’s no-log policy, so you can rest assured knowing that your information won’t be stored or kept.

3. VyperVPN

VyprVPN has had its own fair share of doubts in the past, presumably because of its minimal logging policies which included IP addresses, bandwidth consumption, and others.

When the company sought to prove how it can compete with other VPNs which upheld no-log policies in good light, so they decided to hire the services of Leviathan Security to perform an independent audit.

Fast forward to the present, VyprVPN now boasts itself as the first VPN provider who has been publicly audited – which further reinforced their claim of being log-free.

In case you want to read it, VyperVPN’s audit documents are available here for viewing.

4. CyberGhostVPN

While CyberGhostVPN may not have an independent audit to back its claim of no logs, it’s still a VPN provider that keeps true to its word.

In March 2012, the VPN provider successfully passed an audit conducted by QSCert for the Information Safety Management System (ISMS). The mark signified that the internal processes laid out by the company for its users have passed the industry’s standards.  Additionally, the certification is renewed yearly so you’re certain that it keeps up with current standards.

That being said, it looks like CyberGhost VPN is living up to its reputation of being a no-log VPN by conducting a yearly transparency report.

5. Private Internet Access

If most VPNs had their activities audited for the sake of proving their no-logs policy, Private Internet Access did it in the most convincing way possible.

The VPN provider has proven its no-log policies in court.

If you can’t comprehend what’s amazing about this claim, do take note that PIA operates in the US. For your knowledge, the country is known as being part of the Five Eyes Alliance, an organization which focuses on surveillance and intelligence.

This means that Private Internet Access fully favors the privacy of their users over what the government is demanding.

So it’s no wonder that PIA’s victory is celebrated by its loyal users and the community alike. It’s actually one of the most trusted VPNs in the industry when it comes to privacy, so you can rest assured that PIA is one of the safer choices you can make.

Protect Your Privacy Through a VPN With Proven No-Log Policy

High speeds, geo-unlocks, and smooth UX are a must-haves for VPNs, but privacy and security should be the most important.

Your information being readily available for snooping by third parties is a scary thought. To be safe, always make sure that your VPN doesn’t keep notes about what you’re doing.

And with all these facts we’ve given, you’re ready to make the most educated decision you can make. It’s a matter of preference on your part, but it’s truly up to you to choose which VPN do you want to put your trust on.

Choose a VPN which does not compromise your privacy and security.

Us? We choose NordVPN.

Published by

David Schultz

Internet and Privacy Law | David Schultz is a Cyber Security Attorney based in Europe.

Leave a Reply

Your email address will not be published. Required fields are marked *

Exit mobile version