In late 2018, we ordered an industry-first independent assurance engagement to verify our no-logs claim – a cornerstone of our privacy mission. But our commitment didn’t end there, which is why we recently ordered a second expanded third-party examination. What was true then is true now – we do not, nor will we ever, monitor your internet activity for any reason.

We were the first to engage an industry-leading auditing and assurance firm – PricewaterhouseCoopers AG Switzerland (PwC Switzerland) – to independently analyze our service and evaluate our no-logs claims. Now, we’ve asked them for an even broader assurance engagement of our service.

How NordVPN was examined

This was an exhaustive assurance engagement project. It involved interviews with our employees, server configuration inspections, technical log inspections, and inspections of other servers in our infrastructure. PwC Switzerland’s practitioners also verified that we were actually using the configurations that they had inspected.

assurance engagement project. It involved interviews with our employees, server configuration inspections, technical log inspections, and inspections of other servers in our infrastructure. PwC Switzerland’s practitioners also verified that we were actually using the configurations that they had inspected. This was much broader than our previous requests. We expanded the scope by including numerous specialized server types that hadn’t been included in the previous assurance engagement. Our obfuscated, Double VPN, and P2P servers were all tested.

than our previous requests. We expanded the scope by including numerous specialized server types that hadn’t been included in the previous assurance engagement. Our obfuscated, Double VPN, and P2P servers were all tested. The assurance engagement is a “point in time” assessment. Right now, the practitioners can only report on what they saw when they were granted access to our services. The assurance engagement was performed from May 20 to the 28th, 2020.

During the specific window when PwC Switzerland had access to our service, their conclusion was that they saw no signs that we had in any way violated our no-logs promise (NordVPN users can access the full report on our website).

Why did we do this?

VPN use is based on trust. When users connect to our servers, they trust us to provide them with the security and privacy they need – without peeking over their shoulders. It takes more than just a guarantee to maintain and cultivate that trust.

By engaging a widely trusted, independent firm like PwC Switzerland, we hope current and future users will understand that we take our no-logs claim seriously. We will always do everything we can to protect your security and privacy, and we will never log user activity for anyone.

This assurance engagement is not the end of that process. We will conduct more examinations in the future, and we are also exploring ways to offer constant third-party no-logs verification.

For more cybersecurity news and tips, subscribe to our monthly newsletter below!