NordVPN passes its no-logs assessment for the sixth time

Assurance report: Key highlights

At the end of 2025, we commissioned Deloitte Lithuania, a Big Four audit firm, to perform an independent reasonable assurance engagement on our no-logs claims. Deloitte conducted the procedures in accordance with the International Standard on Assurance Engagements 3000 (Revised) (ISAE 3000 (Revised)) — the same internationally recognized framework used in our previous assessments. This engagement marks the sixth time our no-logs policy has been independently verified.

Some of the main points you should know about the engagement include:

• A deep dive into our systems. To complete the assurance engagement, Deloitte’s practitioners interviewed NordVPN employees and closely inspected our server infrastructure, configurations, and deployment processes. They reviewed multiple server types, including standard VPN, Double VPN, obfuscated servers, and Onion Over VPN, paying special attention to privacy-related settings and no-log configurations.
• A point-in-time assessment. The assurance engagement took place between November 10 and December 12, 2025, with Deloitte assessing our systems exactly as they operated during that period. The final assurance report was issued on December 12, 2025. Like all previous engagements, this was a point-in-time assessment, conducted according to ISAE 3000 (Revised) standards set by the International Auditing and Assurance Standards Board (IAASB).
• The results. Based on the procedures performed and evidence obtained, Deloitte concluded that NordVPN’s IT systems and supporting operations are designed and implemented in line with our no-logs statement. Because of the technical nature of the report, we don’t publish excerpts publicly. Users can read the full report by logging in to their Nord Account.

Why do we keep conducting these attestations?

Trust matters. And trust isn’t built on promises alone. That’s why we invite independent practitioners to review our systems year after year.

Independent no-logs assurance engagements give our users concrete proof that we deliver on what we promise: a VPN service that does not track, monitor, or store browsing activity. By repeating these assessments year after year, we aim to maintain transparency, strengthen trust, and give our users confidence that their online activity remains private.

Why people trust NordVPN

NordVPN combines a strict no-logs policy with industry-leading security and performance. Once connected, all traffic between your device and the VPN server is encrypted, protecting you from prying eyes.

On top of that, features like Threat Protection Pro™ help block malicious websites, stop trackers, and scan downloads for malware, adding another layer of protection to your everyday browsing. With high-speed VPN protocols, specialty servers, and an easy-to-use VPN service with apps across all major platforms, NordVPN is a simple, reliable choice for anyone who values online privacy.