Home → Guides → Integritet

Integritet

What a no-logs policy really means

"No-logs" is the most marketed phrase in the VPN world, and one of the most misunderstood. Here's what it should mean, what it can't mean, and how to tell a real claim from a slogan.

admin

Lead VPN Tester & Editor

Updated June 2026

7 Fact-checked

Every VPN claims to keep “no logs.” It’s printed on homepages and pricing pages like a law of nature. But the phrase has no fixed legal definition, so it can mean anything from “we genuinely store nothing that could identify you” to “we keep plenty, just not the one thing we’re being asked about.” If you’re choosing a VPN for privacy, knowing how to read the claim matters more than the claim itself.

Why logs exist at all

A VPN is software running on servers that have to actually work, handle reconnects, stop one account from being shared across a thousand devices, and bill you. Some data is involved in all of that. The privacy question isn’t “does the provider touch any data?” (impossible) but “does it retain anything that could later tie your traffic back to you?” That’s the line that separates the categories below.

The two kinds of logs

Not all logs are equal. The distinction that matters:

Usage (activity) logs, the dangerous kind

Websites and services you visited
DNS queries
Files downloaded or content accessed
Your real IP paired with timestamps of activity

A genuine no-logs VPN keeps none of these. If a provider can reconstruct what you did online, the policy is meaningless.

Connection (metadata) logs, the grey area

Timestamps of when a session started or ended
Bandwidth used
The VPN server you connected to
Aggregate, non-identifying diagnostics

Some of this can be harmless when aggregated and stripped of identifiers. But minimal connection data, especially anything tying your source IP to a timestamp, can still be used to correlate activity. The best providers keep as little as technically possible.

Watch the wording

“We don’t log your browsing activity” is not the same as “we keep no identifying logs.” Read for what a policy does keep, not just what it promises not to. Vague claims often hide a meaningful exception.

Why proof beats promises

Anyone can write “no-logs” on a website. What separates a real commitment from marketing is evidence you can check:

Independent audits. A reputable firm inspects the servers and configuration and publishes findings. The best providers do this repeatedly, not once.
Real-world tests. Has the provider’s policy survived a court order or seizure? Cases where authorities demanded data and the VPN had nothing to hand over are the strongest possible proof.
Open-source apps. Public code lets independent researchers verify what the software does and doesn’t send back.
RAM-only (diskless) servers. Servers that run entirely in memory wipe all data on every reboot, making long-term retention structurally difficult.

★ AUDITED & OPEN-SOURCE

Proton VPN

9.5 · Excellent

The privacy benchmark — fully open-source, independently audited, and protected by Swiss privacy law. Fast servers unblock the major platforms, and there's a genuinely free plan with no data limit.

Open-source & independently audited Swiss privacy jurisdiction Genuine free plan

$4.49 + months free · 2-yr plan

Read full review Get Proton VPN

Proton VPN is a strong reference point here: its apps are open-source, its no-logs policy has been independently audited, and it operates from Switzerland, which has no data-retention mandate for VPNs. NordVPN and Surfshark also publish independent audits and run RAM-only server fleets if you want alternatives.

Proton VPN — Best overall

NordVPN — Best all-rounder

Surfshark — Best budget VPN

Compare audited no-logs VPNs

Jurisdiction: where “no-logs” can be undermined

A policy only holds if the law lets it. A provider based in a country with mandatory data-retention rules may be legally compelled to log, no matter what its homepage says. Two things to weigh:

Retention laws. Countries with strong privacy traditions and no retention mandate (Switzerland, Panama, the British Virgin Islands) let a no-logs policy mean what it says.
Intelligence-sharing alliances. The “Five/Nine/Fourteen Eyes” arrangements get a lot of attention. They matter less if there’s nothing to hand over, which loops right back to keeping no logs in the first place.

The real test

The strongest no-logs policy is one that has already been tested in court or by a server seizure and produced nothing. When you evaluate a provider, search for exactly that history.

How to vet a policy in five minutes

1
Open the actual privacy policy
Skip the marketing page. Read the document that legally binds the provider.
2
Search for what’s retained
Look for the words “retain,” “store,” and “collect.” Note connection metadata, not just activity logs.
3
Check for an independent audit
Find the auditor’s name and the date. One audit years ago is weaker than a recent, repeated one.
4
Check the jurisdiction
Confirm the legal home has no data-retention mandate that could override the policy.
5
Look for a real-world test
Search for any court order or seizure the provider has faced and what data it could produce.

Is any VPN truly 100% no-logs?

No provider can prove a perfect negative, but audits, RAM-only servers, open-source code, and court-tested history get you as close as realistically possible.

Are connection logs a dealbreaker?

Not always. Aggregated, non-identifying connection data can be fine. The red flag is anything that ties your real IP to timestamps of activity.

Does jurisdiction really matter if there are no logs?

Yes, because the law decides whether a provider can be forced to start logging. A privacy-friendly jurisdiction protects the policy itself.

VPN Runner is reader-supported. If you sign up for a VPN through a link on our site, we may earn a commission — at no extra cost to you. It never affects our ratings or rankings: we test every service the same way and pay for our own subscriptions.