- New audit confirms NordVPN services do not store user identification logs
- A true no-logs VPN protects users from requests and data leaks
- This is NordVPN’s sixth independent log-free audit since 2018
NordVPN’s latest no-logs audit once again validates the company’s long-standing privacy claim: it does not retain any identifying logs of its users.
Deloitte conducted the no-logs assessment in late 2025, examining the full range of NordVPN services. These include your Standard VPN, Double VPN, Onion Over VPN, and Obfuscated Servers. The audit was carried out over one month, applying the rigorous ISAE 3000 (revised) framework.
The findings show that NordVPN’s architecture deliberately omits any collection of user-identifying metadata, such as IP addresses or timestamps. Even its most advanced features, which route traffic through multiple layers or disguise connections, were found to comply with the same strict no-logs policy.
This sixth independent verification reinforces NordVPN’s reputation as not only one of the best VPN services available today, but also one of the few VPN providers with a proven, repeatable track record of true privacy protection.
What the audit (didn’t) find
Deloitte Lithuania auditors spent several weeks investigating NordVPN’s entire infrastructure, from the data center servers that power the standard VPN to the more complex Double VPN, Onion Over VPN, and obfuscated servers.
By interviewing staff, reviewing configuration files, and inspecting active system logs between November 10 and December 12, 2025, auditors confirmed that no tracking or logging of users’ online traffic is done.
The no-logs assurance engagement was commissioned to evaluate how NordVPN’s IT systems and support operations are built and managed. Auditors examined the configuration of those systems and the operational processes that provide the virtual private network (VPN) service, verifying that each component aligned with the company’s no-logs policy.
Their review found that the same no-logs controls were applied consistently across VPN, Double VPN, Onion Over VPN, and obfuscated servers, and that none of the systems examined retained traffic-related metadata such as IP addresses, timestamps, bandwidth usage, or session identifiers.
Conducted in accordance with the International Standard on Assurance Compromise 3000 (Revised), the compromise provides independent, standards-based verification that NordVPN’s public no-logs claim is technically accurate and consistently applied.
The full warranty report is available to NordVPN subscribers through the Nord account control panel.
Why NordVPN Logless Auditing is Important to Users
A verifiable no-logs policy is the cornerstone of any VPN that aims to protect privacy. When a provider does not actually keep traffic or connection logs, it dramatically reduces the amount of data that could be compromised in the event of a breach or subpoena.
Repeated independent verifications set NordVPN apart in a crowded VPN market. Many VPN services claim to be log-free, but few have subjected those claims to rigorous third-party audits. NordVPN has already passed six such commitments, reinforcing transparency and trust.
In fact, since its first independent evaluation in 2018, NordVPN has periodically examined its no-logs claims. “The sixth independent evaluation demonstrates our commitment to keeping our no-logs promise year after year, under rigorous scrutiny,” said Marijus Briedis, CTO of NordVPN.
This latest independent review from Deloitte wasn’t the only audit of NordVPN in 2025. Cure53 conducted a large-scale security audit of NordVPN’s systems during May, June, and October of last year, finding no critical flaws. NordVPN also earned near-perfect test scores in six categories in a West Coast Labs audit.
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
