NordVPN has completed an industry-first audit of its no-logs policy

Several months ago, we promised a major independent audit to back up the claims we make about our product – that we don’t log identifiable user information under any circumstances. That audit result – an industry-first step towards transparency – has finally arrived.

The good news is that we are very pleased with the results of the audit. We believe that they accurately reflect our responsibilities to our clients and the values our service is built upon.

However, in order to uphold the integrity of the audit and its results, we are currently significantly limited in what we can publicly say about it. We cannot publish it or quote it. Here’s what we can tell you right now:

• The audit was performed by one of the Big 4 auditing firms, making it one of the most dependable and capable auditors in the world.

  UPDATE (February 21st, 2019): The auditing firm has authorized us to reveal its name. As NordVPN users already know, the audit was performed by PricewaterhouseCoopers AG, Zurich, Switzerland.

• Initially, only NordVPN clients and a pre-selected list of journalists will be able to view the actual audit report itself. We cannot cite the audit report or speak specifically about its contents, though these conditions may change in the future. NordVPN users will be able to access the report through their user accounts and journalists will be able to see the report after accepting specific terms in regards to the distribution of audit report.

  UPDATE (January 28th, 2019): The audit report is now available to all NordVPN subscribers.

• The audit can only refer to our service and server configurations as of November 1st 2018. Because a digital service can be reconfigured, we understand why the audit cannot apply its conclusions to a broader scope of dates. The same, however, is true for any digital service – even open-source code doesn’t reveal what a service provider does with their servers. With that being said, this audit represents the greatest level of transparency we can achieve with our servers short of rendering them insecure by opening them to the public and surrendering our intellectual property.

Between October 29th and November 8th, we invited the independent auditors to review our servers and code and to interview the employees in charge of maintaining our service. As far as we could tell, no stone was left unturned. The auditors’ goal was to see if our service lives up to our claims of providing a no-logs VPN service, and we believe we’ve passed the test.

As you may now understand, achieving full transparency can be difficult for a service that pledges to keep its users anonymous and secure. Even open-source code won’t help, as it says very little about what happens on the provider’s servers. By allowing these auditors into our servers, we’ve set a new standard for other leading VPNs in the market. We also intend to regularly audit our service in the future. Hopefully, other VPNs will follow suit, as that can only lead to more privacy and security for everyone!

If you have any questions about the audit, please contact us at press@nordvpnmedia.com.