You have legitimate concerns about privacy and therefore we expressly describe all processing of personal data done by us. We want you to understand what limited information we collect and what may happen to that information when you use any of the NordVPN Services.
Our top priority is customer data security. Operating under the jurisdiction of Panama allows us to guarantee our no logs policy. We process only minimal user data – only as much as it is absolutely necessary to maintain our services.
NordVPN processes user data only to a very limited scope – only as much as it is absolutely required for provision of the NordVPN Services, processing of payments for the NordVPN Services, as well as functioning of the NordVPN website and mobile applications.
Personal data is processed by NordVPN automatically and manually. Unless expressly noted otherwise, NordVPN or a designated subsidiary in your country shall act as the responsible personal data controller for any data processed. NordVPN uses third party data processors only for processing of payment data, emailing service and basic website and app analytics.
NordVPN guarantees a strict no-logs policy for NordVPN services, meaning that your activities using NordVPN Services are provided by automated technical process, are not monitored, recorded, logged, stored or passed to any third party. We do not store connection time stamps, session information, used bandwidth, traffic logs, IP addresses or other data. From the moment a NordVPN.com user turns on the NordVPN.com software, their Internet data becomes encrypted. Any online traffic coming from user’s device is no longer visible to ISP, third-party snoopers or cyber criminals. Further, NordVPN have a strict no logs policy when it comes to seeing user activity online: NordVPN is based in Panama, which does not require data storage.
Anyone may browse our website, install NordVPN application and mobile applications without signing up for the NordVPN Services, however the functionality of the NordVPN Services will be very limited or absent. If you want to engage full functionality of the NordVPN Services, you need to create a user account and provide basic personal data indicated below.
If you choose to create a user account, you must provide the following basic information:
You must maintain this information current, truthful, complete and accurate. You warrant that you are authorized to provide such information. You authorize us to verify your information at any time. If it is found to be untrue, inaccurate, not current or incomplete, we retain the right, in our sole discretion, to suspend or terminate your user account and your access to the NordVPN Services.
In order to maintain the VPN service, the NordVPN also processes limited technical information, which sometimes may be considered personal data. This information is used for improving the functionality and usability of our website and NordVPN Services. If you decide not to provide this limited information, we may not be able to provide you with the full scope of the NordVPN Services. Said information may also include:
You can set up warnings for every time the Site places a cookie in your browser, or you can choose to disable all cookies. You can do both through your browser settings. Since each browser has a different procedure for managing cookies, look at your browser’s Help Menu to learn the correct way to do it.
Alternatively, you can disable all cookies by visiting the Network Advertising Initiative Opt Out page or by using the Google Analytics Opt Out Browser add-on. Please note that choosing to disable cookies may negatively affect some of the features that make your Site experience more efficient.
Persons younger than 18 shall not use the NordVPN Services and provide any personal data to us without the supervision of the parents or guardians. Based on the above, it is presumed that any person using the NordVPN Services and supplying personal data to us is at least 18 years of age. If a person younger than 18 years old or a person, supplying wrongful data, become known to NordVPN, such person and all their data may be immediately and without any notice withdrawn by suspending their access to NordVPN Services.
Your personal data is processed for the purpose of providing you the best NordVPN services under the legal basis of performance of the contract between you and NordVPN, as provided in our Terms of Service.
NordVPN may process your personal data (email address) for direct marketing purposes in the following cases: when we obtain your consent to such processing (the legal basis for processing, in this case, is your consent) or when applicable law permits us to contact you without a separate consent (under the legal basis of a legitimate interest).
You may request us to inform you about the personal data that we have collected about you, to request any changes or correction of inaccurate information, to object to certain processing of personal data (e.g. for marketing purposes), to provide you with a copy of your personal data in a structured, commonly used and machine-readable format, to transmit (if technically feasible) your personal data to another controller, or to erase your personal data. You also may request to restrict the processing of your personal data (when there is a legal basis for that). In cases where your personal data is processed on a separate consent basis, you have the right at any time to withdraw your consent to the processing of your personal data.
If you disagree with your data processing by NordVPN, you are free not to use the NordVPN Service, and to discontinue using it at any time. You may request us to discontinue processing of your personal data, in which case your data will be processed only as much as it is necessary to effect the discontinuation of your use of the NordVPN Services (e.g., final settlement, or deleting all personal data based on your email address), or finalizing other NordVPN’s legal relationship with you (e.g. accounting, invoicing, processing refunds).
Due to technical reasons (such as backup copies of the databases) your personal data may be finally deleted only within 60 days or longer, if it is mandated by the statutory requirements.
NordVPN stores limited personal data for the whole period when the NordVPN Services are used and for no longer than 2 years after last use of the App and/or the Services.
Your data is processed under the jurisdiction of the Republic of Panama. If the data is processed by a designated subsidiary in your country, then the domestic law of your country may be applicable at our discretion.
NordVPN would like to remind you that you are yourself responsible for the security of your data. We ask you to be careful when using and storing personal data containing files on your devices, as well as the devices itself. Please ensure that nobody accesses and uses your devices without your consent.
You shall be extra careful and not disclose your personal information to unrelated third parties, since such information may be used in different ways and against your interests, including activities such as fraud, invasion of privacy, identity theft, etc.
In order to ensure security of the personal data, NordVPN employs various administrative, technical and physical security measures, however it is your responsibility to exercise caution and reason when using the NordVPN Services. You will be personally responsible if such action violates any third party’s privacy or any other rights, or any applicable law. Under no circumstances, NordVPN is liable for the consequences of your unlawful activities, your willful and negligent activities violating applicable laws or third party rights, as well as any circumstances, which may not have been reasonably controlled or foreseen.