Independent auditors confirm NordVPN never stores your data – for the 6th time

• New audit confirms NordVPN’s services store no user-identifying logs
• A true no-logs VPN protects users from data requests and breaches
• This marks NordVPN’s sixth no-log independent audit since 2018

NordVPN’s latest no-logs audit once again validates the company’s long-standing privacy claim: it doesn’t retain any identifying logs of its users.

Deloitte carried out the no-logs assessment at the close of 2025, examining the full range of NordVPN services. These include its standard VPN, Double VPN, Onion Over VPN, and obfuscated servers. The audit took place over a month-long window, applying the rigorous ISAE 3000 (Revised) framework.

Findings show that NordVPN’s architecture deliberately omits any collection of user-identifying metadata such as IP addresses or timestamps. Even its most advanced features, which route traffic through multiple layers or disguise connections, were found to adhere to the same strict no-logs policy.

This sixth independent verification reinforces NordVPN’s reputation as not only one of the best VPN services available today, but one of the few VPN providers with a proven, repeatable track record of true privacy protection.

What the audit did (not) find

Deloitte Lithuania’s auditors spent several weeks probing NordVPN’s entire infrastructure, from the data-center servers that power the standard VPN to the more complex Double VPN, Onion Over VPN, and obfuscated servers.

By interviewing staff, reviewing configuration files, and inspecting live system logs between November 10 and December 12, 2025, auditors confirmed that no tracking or logging of users' online traffic occurs.

The no-logs assurance engagement was commissioned to evaluate how NordVPN’s IT systems and supporting operations are built and managed. The auditors examined the configuration of those systems and the operational processes that deliver the virtual private network (VPN) service, checking that every component aligns with the company's no-logs policy.

Their review found that the same no-logs controls were applied uniformly across the VPN, Double VPN, Onion Over VPN, and obfuscated servers, and that none of the examined systems retained traffic-related metadata such as IP addresses, timestamps, bandwidth usage, or session identifiers.

Conducted under the International Standard on Assurance Engagements 3000 (Revised), the engagement provides an independent, standards-based verification that NordVPN’s public no-logs claim is technically accurate and consistently enforced.

The full assurance report is available to NordVPN subscribers via the Nord Account control panel.

Why NordVPN's no-log audit matters to users

A verifiable no-logs policy is the cornerstone of any VPN that claims to protect privacy. When a provider truly doesn’t keep traffic or connection records, it dramatically reduces the amount of data that could be compromised in the event of a breach or a subpoena.

Repeated independent verifications set NordVPN apart in a crowded VPN market. Many VPN services make no-logs claims, but few have subjected those claims to rigorous, third-party audits. NordVPN has now passed six such engagements, reinforcing transparency and trust.

Since its first independent assessment in 2018, in fact, NordVPN has had its no-logs claims examined on a regular basis. "The sixth independent assessment demonstrates our commitment to upholding our no-logs promise year after year, under rigorous examination," said Marijus Briedis, CTO at NordVPN.

This latest independent review from Deloitte wasn’t NordVPN’s only audit in 2025. Cure53 conducted a large-scale security audit of NordVPN’s systems throughout May, June, and October last year, finding no critical flaws. NordVPN also had near-perfect scores in tests across six categories in an audit from West Coast Labs.

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!