NordVPN’s no-logs policy aces test second time in a row
3 min read
In late 2018, we ordered an industry-first independent assurance engagement to verify our no-logs claim – a cornerstone of our privacy mission. But our commitment didn’t end there, which is why we recently ordered a second expanded assurance engagement in 2020. What was true then is true now – we do not monitor your internet activity for any reason.
We were the first to engage PricewaterhouseCoopers AG Switzerland to independently analyze our service and evaluate our no-logs claims. Now, we’ve asked them for an even broader assurance engagement of our service.
How NordVPN was examined
This was a limited assurance engagement. It involved interviews with our employees, server configuration inspections, technical log inspections, and inspections of other servers in our infrastructure. Practitioners also verified that we were actually using the configurations that they had inspected.
This was broader than our previous requests. We expanded the scope by including numerous specialized server types that hadn’t been included in the previous assurance engagement. Our obfuscated, Double VPN, and P2P servers were in scope of the engagement.
The assurance engagement is a “point in time” assessment. Right now, the practitioners can only report on what they saw when they were granted access to our services. The assurance engagement was performed from May 20th to the 28th, 2020 and the assurance report issued on the 28th May 2020.
On the 28th May 2022 the practitioners saw no signs that we had violated our no-logs promise (NordVPN users can access the full assurance report on our website).
Why did we do this?
VPN use is based on trust. When users connect to our servers, they trust us to provide them with the security and privacy they need – without peeking over their shoulders. It takes more than just a guarantee to maintain and cultivate that trust.
By engaging PricewaterhouseCoopers AG Switzerland as an independent Big Four audit firm, we hope current and future users will understand that we take our no-logs claim seriously. We will always do everything we can to protect your security and privacy, and we will never log user activity for anyone.
This assurance engagement is not the end of that process. We will conduct more assurance engagements in the future, and we are also exploring ways to offer constant third-party no-logs verification.
We do not track or log customer’s browsing data. We only gather the bare minimum amount of data required to provide a stable and secure service. Pricewaterhouse-Cooper AG Switzerland has examined our servers to check our claim.
