VPN Logging Policies Explained
A VPN's logging policy determines what data the provider records about your connection and activity. This is the single most important privacy factor when choosing a VPN, because it determines what could be handed to authorities or exposed in a data breach.
Types of Data VPNs May Log
| Data Type | Privacy Impact | Can Identify You? |
|---|---|---|
| Traffic/content logs | Records what websites you visited and data transmitted | Critical risk |
| Connection timestamps | Records when you connected and disconnected | Medium risk |
| Assigned VPN IP | Which VPN server IP you used at what time | Medium risk |
| Real IP address (incoming) | Your actual ISP IP at time of connection | High risk |
| Bandwidth usage | Total data transferred per session or account | Low risk |
| Diagnostic/crash logs | Error reports that may include connection metadata | Low risk |
What "No-Logs" Actually Means
The term "no-logs" is often used loosely. A genuine no-logs policy means the provider does not retain any data that could link a specific user to a specific network activity. Key distinctions:
- True no-logs: No connection timestamps, no assigned IPs, no incoming IPs, no traffic data. Confirmed by independent audit (e.g., Cure53, Deloitte, PwC).
- Minimal logs: Aggregate bandwidth or server load data only - Cannot identify individual users.
- Misleading no-logs: Claims "no traffic logs" but still logs connection timestamps and real IPs - Enough to identify users under subpoena.
- Real-world proof: Providers like Mullvad, ProtonVPN, and ExpressVPN have been subpoenaed or had servers seized with no user data recovered.
Audit History by Provider
| Provider | Auditor | Year | Scope |
|---|---|---|---|
| Mullvad | Cure53 | 2022, 2023 | Apps + infrastructure + no-logs |
| ProtonVPN | SEC Consult | 2022 | Apps + no-logs |
| NordVPN | PwC, Deloitte | 2020, 2022 | No-logs policy |
| ExpressVPN | KPMG, Cure53 | 2022, 2023 | No-logs + app security |
| Surfshark | Cure53 | 2021, 2023 | No-logs + infrastructure |
| Private Internet Access | Deloitte | 2022 | No-logs policy |
| CyberGhost | Deloitte | Annual | No-logs policy |
For jurisdiction context, see VPN Jurisdiction and the 14 Eyes. To verify your VPN is not leaking data in real time, run our VPN Leak Test.
How We Evaluate VPNs
Every recommendation in our VPN guides is weighed against the same five criteria:
- No-logs policy and audits - We prioritise providers whose no-logs claims have been verified by independent auditing firms, and we note real-world events (subpoenas, server seizures) that tested those claims.
- Leak-test results - A VPN must not expose your real IP, DNS servers, or WebRTC addresses. You can run the same checks we use with our free VPN Leak Test.
- Speed impact - We favour providers supporting modern protocols (WireGuard, or equivalents like NordLynx and Lightway) that keep overhead low.
- Jurisdiction - Where a provider is incorporated determines which governments can compel it to hand over data.
- Price transparency - Clear renewal pricing and honest refund terms. We avoid quoting specific prices in guides because promotions change frequently - Always check current pricing on the provider's site.
Our assessments are based on published third-party audits, vendor documentation, and our own leak-testing tooling - We do not have insider access to any provider's infrastructure. These pages are reviewed periodically and updated when audits, ownership, or features change.
Once you have picked a provider, two practical checks matter more than any review: if your connection fails, see how to fix a VPN that won't connect; and to confirm you are actually protected, learn how to test if your VPN is working.
ⓘ Affiliate disclosure: Some links to VPN providers in these guides are affiliate links - We may earn a commission at no extra cost to you. This never affects rankings or evaluations.
Last updated: June 2026