VPNRank.io
Privacy & Security

What Is a No-Logs VPN? How to Tell a Real Claim From Marketing

Connection logs versus usage logs, what independent audits and court cases actually prove, why RAM-only servers matter, and the warning signs of a fake no-logs promise.

Diego PereyraBy Diego PereyraPublished 8 min read

vpnrank.io is reader-supported: we may earn a commission if you buy through links in this article. This never affects our rankings.

Conceptual illustration of data streams dissolving as they pass through a VPN server rack, representing a no-logs policy.

A no-logs VPN is a service that does not record what you do online or store the details that could link internet activity back to you. The claim is meaningful only when a provider defines exactly which logs it avoids, keeps as little identifying data as possible, and lets independent auditors or court records confirm it. Most homepages skip that part.

What "logs" actually means

Before you can judge a no-logs promise, you need to know what a VPN could log in the first place. Every VPN server sees your traffic pass through it, so the question is never whether data touches the server but whether any of it is written down and kept. There are two broad categories, and they matter very differently for your privacy.

Usage (activity) logs

These are the records that actually describe your behaviour: the websites you visit, DNS queries, the apps or services you connect to, files you download, and search terms. Usage logs are the ones that can expose who you are and what you did. A serious no-logs VPN keeps none of these, full stop. Any provider that retains activity logs is not, by any honest definition, no-logs.

Connection (metadata) logs

Connection logs are the surrounding details: your real IP address, the VPN IP you were assigned, connection timestamps, session duration, and how much data you moved. Individually these feel harmless, but combined with timestamps they can sometimes be used to correlate a specific person with specific activity. The strongest policies avoid these too, or strip them of anything that could identify an individual.

  • Aggregate diagnostics (total server load, crash reports) are usually fine and don't identify you.
  • Timestamped connection logs tied to your real IP are the dangerous grey area — they enable correlation.
  • Any log of destinations, DNS, or content is a usage log and disqualifies a no-logs claim.

What a genuine no-logs policy looks like

A credible no-logs policy is specific, not slogan-shaped. Instead of a vague "we respect your privacy," it enumerates exactly what is and isn't collected, and it usually admits the small, non-identifying things it does keep to run the service. That honesty is a feature: a policy claiming to collect literally nothing is often less trustworthy than one that explains its narrow exceptions.

The best policies commit to not storing your browsing history, traffic destination, DNS queries, or original IP address, and they explain the operational data they do handle — like the total number of active sessions used for load balancing — in plain language. Jurisdiction matters here too: providers based in countries with no mandatory data-retention laws have more room to keep this promise. Our VPN privacy guide breaks down which providers publish policies this detailed.

How independent audits back up the claim

You cannot see inside a VPN's servers, so the next best thing is a reputable outside firm that can. Independent no-logs audits send auditors into the provider's infrastructure to inspect server configurations, interview engineers, and review technical logs, then publish whether they found evidence of logging. This is the single strongest signal that a claim is more than marketing.

The gold standard is an ISAE 3000 assurance engagement carried out by a major accounting or security firm. NordVPN, for example, has now passed a series of these assessments — PwC in 2018 and 2020, followed by Deloitte in 2022, 2023, 2024 and again in 2025 — with auditors reporting no evidence of logging each time. ExpressVPN has run repeated audits with KPMG and a source-code review of its server system by the security firm Cure53. When reading an audit, check three things:

  1. 1Who ran it — a recognised firm (Deloitte, KPMG, PwC, Cure53) carries far more weight than an unnamed "third party."
  2. 2What it covered — a full no-logs assurance engagement is stronger than a narrow policy review or a marketing summary.
  3. 3How recent it is — infrastructure changes constantly, so a five-year-old audit tells you little about today.

It's worth reading past the press release to the report itself, which reputable providers make available (sometimes behind a login or a terms acknowledgement). The scope section is the part that matters: it tells you which servers were examined, whether the auditors could actually access live systems or only reviewed documentation, and what specific controls were tested — for instance, whether the provider collects activity logs or connection logs, and whether RAM-only server technology behaves as described. A confident, detailed scope is a good sign; a one-page summary with no methodology is not.

One caveat: most audits are a snapshot in time (an ISAE 3000 "Type I" checks the design of controls at a specific date, rather than how they held up over a whole period). Recurring, dated audits year after year are more reassuring than a single one-off, because they show the provider re-opening its infrastructure to scrutiny even after the marketing win is banked. If you want to see how the audit history stacks up against price, the VPN Price Index and our main VPN rankings track both.

Transparency reports and warrant canaries: the ongoing signal

An audit is a photograph; a transparency report is closer to a running video. The most privacy-focused providers publish a regular report listing how many data requests, subpoenas, and court orders they received in a period — and, crucially, how much data they were actually able to hand over. When a provider consistently reports "requests received, zero user data produced," that pattern is powerful evidence the no-logs architecture is doing its job.

A related tool is the warrant canary: a public statement that a provider has not received a secret government order it would be legally barred from disclosing. If the canary quietly disappears or stops being updated, privacy-conscious users treat that as a warning. Neither mechanism is a guarantee on its own, but a provider that publishes both a recurring transparency report and a maintained canary is showing its work in a way a slogan never can.

When court cases test the claim in the real world

Audits are strong, but the most convincing proof is when law enforcement demands data and a provider genuinely has nothing to hand over. These cases are rare because they depend on a criminal investigation, but a handful have put no-logs claims to the ultimate test — and the results are a matter of public record, not marketing copy.

  • In early 2017, Turkish authorities seized an ExpressVPN server while investigating the assassination of Russia's ambassador to Turkey, Andrey Karlov. Because the company kept no connection or activity logs — and is based in the British Virgin Islands, which has no data-retention mandate — investigators recovered nothing that could identify a user.
  • Private Internet Access has been subpoenaed for user logs in at least two separate US federal cases (2016 and 2018). In court filings, the company could only confirm the rough region a cluster of IPs came from and produced no logs identifying an individual, because it retained none.

A no-logs claim that has survived a subpoena is about as verified as it gets. When you're comparing providers for sensitive use, it's worth searching whether their policy has ever been tested this way — and pairing it with basic hygiene like checking for a DNS leak or a WebRTC leak, since a leak can expose your real IP no matter how clean the logging policy is.

Why RAM-only servers make no-logs harder to fake

A policy is a promise; RAM-only servers are an architecture that makes the promise physically easier to keep. Traditional servers write to hard drives that retain data even after a reboot, which means logs can linger by accident or be recovered later. RAM-only (diskless) servers store everything in volatile memory instead.

Because RAM needs constant power to hold data, every reboot or power-off wipes the server completely — the entire operating system and configuration reload from a central, read-only image. NordVPN calls its version colocated RAM-only infrastructure; ExpressVPN calls its TrustedServer. The practical benefits are the same:

  • Nothing persists on disk, so there's no historical data for a thief, hacker, or authority to seize.
  • Every server runs an identical, verified software image, reducing the chance of a rogue or misconfigured machine quietly logging.
  • It aligns the technology with the policy, so "we don't keep logs" isn't relying on staff discipline alone.

RAM-only servers aren't a magic guarantee — a compromised provider could still capture live traffic in memory — but combined with audits they're a strong sign a company has engineered privacy in rather than bolted it on. Most top-ranked services now run this way across their fleet, whether you use them on a laptop, a router, or an Android TV device.

No-logs matters even if you only use a VPN for streaming

People often assume logging policies only matter for high-stakes privacy, but they apply to everyday use too. If you use a VPN mainly to watch shows while travelling, a logging provider could still record which streaming services and regions you connect to — data that has commercial value and can be requested by third parties. A clean no-logs policy protects casual users, not just activists.

The same providers that top the privacy rankings also tend to be the most reliable for unblocking, which is convenient. If your main goal is catching up on shows from another country, our streaming VPN guide and service-specific pages for Netflix and BBC iPlayer weigh unblocking performance alongside the audit record, so you don't have to trade privacy for a picture that buffers.

Warning signs of a fake no-logs claim

Not every "no-logs" badge is earned. Free and low-cost VPNs in particular have been caught retaining and even selling the very data they claimed not to keep. You don't need to be a security expert to spot the tells — a few minutes reading the actual privacy policy usually reveals whether the headline claim holds up. Watch for these red flags.

  • A privacy policy that contradicts the homepage — the marketing says "zero logs" but the fine print reserves the right to store IPs, timestamps, or "aggregate usage."
  • No independent audit at all, or a vague reference to a "third-party review" with no named firm, date, or report.
  • Headquarters in a country with mandatory data-retention laws, which can legally compel logging regardless of the policy.
  • A free service with no clear business model — running a global server network costs money, and user data is often the product.
  • Broad, undefined data-sharing clauses with "partners" or "affiliates" buried deep in the terms.

When in doubt, treat a no-logs claim as a hypothesis to test rather than a fact to accept. Cross-check it against a recent named audit, any court-case history, a published transparency report, RAM-only infrastructure, and a jurisdiction friendly to privacy. If a provider ticks those boxes, the claim is credible; if it leans on a slogan alone, assume the logs might exist. Our independent VPN rankings apply exactly this test.

Frequently asked questions

Is a no-logs VPN completely anonymous?

No single tool makes you fully anonymous. A genuine no-logs VPN prevents your provider from recording your activity and hides your IP from the sites you visit, which is significant. But payment records, browser fingerprinting, and logging into personal accounts can still identify you. Treat no-logs as a strong privacy layer, not a cloak of total anonymity.

What's the difference between connection logs and usage logs?

Usage (activity) logs describe what you do online — sites visited, DNS queries, downloads, search terms — and are the most sensitive. Connection logs are metadata like your real IP, session timestamps, and bandwidth used. A true no-logs VPN keeps zero usage logs; the best also avoid identifying connection logs, since timestamps plus IPs can sometimes be used to link a person to activity.

How can I actually verify a VPN's no-logs claim?

Look for three kinds of evidence. First, a recent independent audit by a named firm such as Deloitte, KPMG, or PwC under a standard like ISAE 3000. Second, any real court case where the provider was subpoenaed and had no data to hand over. Third, RAM-only server infrastructure. A provider that offers all three has moved well beyond marketing.

Do RAM-only servers guarantee no logs?

They make logging much harder but don't guarantee it. RAM-only (diskless) servers wipe everything on reboot because volatile memory needs power to hold data, so nothing persists to be seized later. However, a compromised provider could still capture live traffic in memory while it flows. RAM-only servers are strongest when paired with independent audits confirming the policy in practice.

Can a VPN be forced to start logging by law enforcement?

It depends on jurisdiction. In countries with mandatory data-retention laws, providers can be legally compelled to log and hand over data. That's why base country matters: services headquartered in privacy-friendly jurisdictions with no retention mandate — and that keep no data to begin with — have genuinely had nothing to give when subpoenaed, as public court cases have shown.

Are free VPNs ever truly no-logs?

Rarely, and you should be sceptical. Running a global server network is expensive, so a free provider needs a revenue source — and too often that source is your data. Several free VPNs have been caught retaining or selling the information they claimed not to keep. A few reputable providers offer limited free tiers, but for a verifiable no-logs guarantee, an audited paid service is safer.

The best VPNs of 2026, ranked

Now you know how — here are the VPNs we recommend, independently tested and ranked for speed, streaming, privacy and value. Any of them works for everything in this guide.

Editor’s Choice — Best VPN 2026
Visit ExpressVPN
1GET 79% OFF + 4 months FREE
ExpressVPN logo
9.9
Outstanding

ExpressVPN Ultra fast & secure. Great for privacy, downloads, and everyday browsing on all your devices. 24/7 live chat support.

3,000+ servers in 105 countries
Proprietary Lightway protocol
Works with all popular platforms, apps & services
Try risk free for 30 days
Visit IPVanish
2GET 83% OFF
IPVanish logo
9.8
Excellent

IPVanish Fast speeds with unlimited device connections. Strong no-logs privacy and 24/7 live chat support. Great for families.

3,200+ servers in 112+ countries
Unlimited simultaneous connections
Company-owned server network
Try risk free for 30 days
Visit NordVPN
3GET 74% OFF
NordVPN logo
9.7
Excellent

NordVPN Excellent speeds with one of the largest server networks. Strong security features and easy-to-use apps. 24/7 live chat support.

7,400+ servers in 118 countries
NordLynx protocol for top speeds
10 simultaneous devices
Try risk free for 30 days
Visit Proton VPN
4GET 70% OFF
Proton VPN logo
9.6
Excellent

Proton VPN Swiss-based VPN with strong privacy focus. Audited no-logs policy and open-source apps. Great for privacy-conscious users.

15,000+ servers in 120+ countries
Swiss-based — strongest privacy laws
Open-source & independently audited
Try risk free for 30 days
Visit CyberGhost
5GET 86% OFF + 2 months FREE
CyberGhost logo
9.5
Great

CyberGhost Fast speeds and strong privacy tools. Simple apps, automatic WiFi protection, and 24/7 live chat support.

Servers in 100 countries
Automatic WiFi protection
No activity logs & no IP/DNS leaks
Try risk free for 45 days
Cheapest VPN
Visit TotalVPN
6GET 80% OFF
TotalVPN logo
9.4
Great

TotalVPN Affordable VPN with strong privacy and reliable speeds. Easy-to-use apps for all major devices. No-logs policy.

Servers in 50+ countries
Fast & secure connections
Strict no-logs policy
Try risk free for 30 days
Visit Private Internet Access
7GET 85% OFF + 2 months FREE
Private Internet Access logo
9.3
Great

Private Internet Access High-speed VPN with a large server network and advanced security settings. Ad blocker included and 24/7 live chat support.

Servers in 91 countries
Ad & tracker blocker included
No activity logs & no IP/DNS leaks
Try risk free for 30 days
Visit Surfshark
8GET 88% OFF + 3 months FREE
Surfshark logo
9.2
Great

Surfshark Unlimited device connections at a budget-friendly price. Includes ad blocker and strong privacy tools. Great value for money.

3,200+ servers in 100 countries
Unlimited simultaneous connections
CleanWeb ad & malware blocker
Try risk free for 30 days

Rankings are based on our independent testing methodology. We evaluate speed, privacy, security features, and value for money. We may earn affiliate commissions from links on this page, which helps fund our testing — this does not influence our rankings.