Reading Time: 22 minutes

 

First things first, let’s just get one thing straight, there’s no such thing as a No Log VPN Service. “No Logs” is just a simple marketing term used to attract potential buyers.

VPN providers use these terms very liberally, however, most of the times it is not actually true. Think of it this way, if I lend you money, I’ll at least need to know your name, right?

That said, a bit of data logging isn’t necessarily bad, and something you shouldn’t worry about. I mean, as long your VPN logs aren’t disclosing your actual address or phone number, you should be good.

However, if a provider logs extensively, you must avoid it. Since there’s a strong link between VPN logs and jurisdictions, you must choose wisely.

Trust me!

To make it easier for you, I’ll deconstruct the logging policies of 101 VPN providers in this guide. I’ll also tell you which providers operate under the 5, 9 &14 eyes jurisdictions and which providers actually disclose their transparency reports.

For a quick overview, these are the 3 providers that are totally SAFE and keep no logs whatsoever:

  • ExpressVPN
  • NordVPN
  • Surfshark

 

Types of VPN logs

 

Types-of-VPN-logs

Generally speaking, there are two main logs that VPN providers keep, usage logs and connection logs. By contrast, usage logs are much more invasive than connection logs.

For more clarity, let’s take a look at each of these VPN logs…

Usage Logs

As the name suggests, usage logs basically store the records of your online or browsing activities.

This type of data logging is common with free VPNs. They log your data and sell it to third-party advertisers for targeted marketing.

To make it easier for you, here’s what usage logs are comprised of:

Browsing History

This includes user’s internet traffic, browsing history, downloaded files, purchase history, sent messages and even software used.

Connection Times

This includes the start and ends timestamps of the VPN servers you use.

IP Addresses

This includes your actual IP address. Think of this address as your home address. IP address combined with a timestamp is enough to expose your online activities.

Luckily, most VPN providers that offer paid subscriptions, no longer store connection logs. One such VPN provider is ExpressVPN.

Back in Dec 2017, ExpressVPN’s servers got seized by Turkish investigators for being supposedly associated with the assassination of the Russian Ambassador, Andrei Karlov.

Since ExpressVPN didn’t log usage or activity logs, Turkish authorities weren’t able to find any logs to support their investigation.

On the other hand, one VPN provider that received a major backlash for selling user logs is Hotspot Shield.

After Center for Democracy & Technology requested an investigation into Hotspot Shield logs, the company was found to not only log excessively but was also accused of using JavaScript injection for advertising and mishandling customers’ payment information. [Source]

Connection Logs

Like I said, connection VPN logs are relatively harmless and the most common form of logs that VPN providers keep. Connection logs are also stored for a much shorter period of time, typically for only 15-days at max.

Here’s what connection logs encompass:

Connection Timestamps

This includes the start and ends timestamps of the VPN servers you use.

Original IP Address

The IP address associated with your phone or computer.

VPN Provider’s IP Address

The IP address assigned by your VPN provider.

Data Transferred

The amount of data sent and received in bytes while connected to the VPN server.

Connection logs are much harder to trace back to the original source. Since connection logs are overwritten every 15-days or so, it makes it virtually useless for any investigation.

This is why connection logs are mostly used for service optimization and potentially dealing with user problems.

 

VPN Transparency Reports

VPN-transparency-reports

transparency report or clearance report is a recurring document disclosed by companies in the interest of the general public. This document is regularly published and discloses a variety of statistical information related to requests for user data, or records.

Transparency reports offer an insight into what data the government has gained access to through subpoenas, warrants and other methods.

Google was the first to release a transparency report back in 2010, followed by Twitter in 2012. But ever since Edward Snowden publically disclosed global surveillance operations in 2013, more and more businesses are compelled to issue their recurring transparency reports.

VPN providers such as Avast Secure Line, CyberGhost, HideMyAss, and few others have been issuing transparency reports since 2014 onwards.

If you’re wondering does Avast vpn keep logs, well let me tell you they don’t, at least when it comes to usage logs.

If you’re interested in finding out which other VPN providers offer transparency reports, perhaps you’d find my VPN transparency guide useful. I’ve rounded up a list of 123 VPN providers that either release or don’t release transparency reports.

If a VPN provider doesn’t offer transparency reports, just know they might be hiding something from you.

Logs & Jurisdiction, is there a link?

link-between-VPN-Logs-and-Jurisdiction

Yes! Data logging and jurisdictions have a significant impact over one another.

To be more specific, jurisdictions play an important role in determining whether a VPN provider is obligated to log user data or not.

As I said earlier, “No logs” is a term that is often used quite liberally. With a bit of manipulation, VPN providers can make it seem like they don’t log user data.

Even if you consider data retention to not be a big issue, there’s always a concern that a VPN Server ( Virtual or Physical) might be headquartered in a jurisdiction under the surveillance of the 5 eyes alliances.

Take for example the United States. Even though the country has no mandatory data retention laws, it still falls under the jurisdiction of FVEY and could be compelled to hand over user data.

 

101 VPN Logging Policies Explained – Can You TRUST Your VPN?

In this section, I’m going to go through the logging policies of 101 VPN providers and see if they actually don’t log user data.

Factors on which I will be evaluating each VPN provider include:

  • Jurisdiction
  • Connection logs
  • Usage logs
  • Transparency reports

VPN jurisdiction is an important factor but “if it is a matter of national security, VPNs based outside 5, 9, and 14 eyes jurisdiction can over-ride data protection laws and handover user’s personal information. Take the case of China, it is not a part of an Eyes country yet the state regularly collects personal data for its new social credit system,”

Therefore, when you are selecting a VPN, you should look for connection and usage logs, and if a VPN issues transparency reports.

Let’s start with NordVPN…

 

1# NordVPN

Jurisdiction – Panama (Safe)

Connection Logs – No

Usage Logs – No

Transparency Report – No

Taking a look at the privacy policy of NordVPN and they clearly mention that they guarantee a strict no-logs policy. NordVPN logging policy also explicitly mention that they’re based in Panama and aren’t required to log user data.

Digging in a bit deeper and they exactly mention what data is not logged by NordVPN.

  • Connection timestamps
  • Session information
  • Used bandwidth
  • Traffic logs
  • IP addresses or other data

NordVPN-privacy-policy

It’s nice to see that NordVPN logs nothing, no usage or connection logs what so ever.

While they don’t keep usage and connection logs, they still do log some information.

Here is a list of other data NordVPN logs:

  • Server load information – Monitoring the server performance.
  • Customer service information – Communications through Contact Us and Community pages.
  • Cookies – Google Analytics, Affiliate cookies, Cookies for personalizing the content of the Site.

This data is pretty much used for promotions and site optimization. Nothing an average VPN user should worry about.

That said, if you don’t feel comfortable with this type of logs, NordVPN even offers “opt out” options for cookies and Google Analytics.

So does NordVPN keep logs?

Overall they don’t log anything too intrusive, however, one thing that I don’t like about their privacy policy, is the amount of time they store personal data for.

Under the heading “Term for storing personal data”, they mention that they store personal data for no longer than 2 years.

NordVPN-terms-of-storing-personal-data

Compare logging policies of the provider with its competitor here in our Express VPN vs NordVPN Comparison Guide.

 

2# PureVPN

Jurisdiction – Hong Kong (Safe)

Connection Logs – Yes

Usage Logs – No

Transparency Report – No

Does PureVPN keep logs? Well yes, but they only keep connection logs.

Similar to NordVPN, PureVPN also claims to be a no log VPN. Right of the bat, PureVPN mentions that they don’t keep logs of the following user data:

  • Browsing activities
  • Connection logs
  • Records of the VPN IPs assigned to you
  • Your original IPs
  • Your connection time
  • The history of your browsing
  • The sites you visited
  • Your outgoing traffic
  • The content or data you accessed
  • The DNS queries generated by you

PureVPN-logging-policy

The first paragraph of their privacy policy nicely summarizes that neither store any kind of usage logs.

Now coming to the things they actually do log. Under the heading called “Information We Collect at Signup”, PureVPN states that they collect the following information:

  • Your Name
  • Email Address
  • Payment Method

This is just standard information, however, they still offer justification for it. Take a look at the screenshot below:

how-purevpn-use-your-information

Aside for your name, email address and payment methods, PureVPN also stores connection logs, however, they do exempt few parameters.

These connection logs also played a pivotal role in apprehending a cyber stalker, which I covered in detail in our PureVPN review. The provider’s CEO also gave an explanation about disclosing the information to the authorities and how they have revamped their privacy policy.

Here’s what they do store in their connection logs:

  • The day you connected to a specific VPN location and from which Internet Service Provider

Here’s what they don’t store in their connection logs:

  • Your origin IP
  • Your VPN IP
  • The specific time when you connected to our server
  • Your activities after connecting to our server

In addition to the above-mentioned connection logs, PureVPN also logs total consumed bandwidths.

PureVPN-logging-policy-total-bandwidth-consumed

Contradicting Statement

While PureVPN mentions that they don’t log IP addresses in the starting paragraph of their privacy policy, if you scroll down to the “Standalone DNS Service – Gravity” heading, they mention that their Gravity feature does require your IP address to function.

PureVPN-logging-policy-gravity

To summarize here’s all the other data PureVPN logs

  • Software Analytics, Stats & Diagnostics
  • Data from Emails, Live Chats, and Feedback Forms
  • Cookies

 

3# CyberGhost

Jurisdiction – Romania (Safe)

Connection Logs – Yes

Usage Logs – No

Transparency Report – Yes

Similar to PureVPN, CyberGhost also clearly states what data they don’t login their privacy policy.

Here’s all the information that’s not monitored, recorded, logged or stored by the Company:

Usage Logs:

  • Browsing history
  • Traffic destination
  • Data content
  • Search preferences

Connection Logs:

  • IP address
  • Connection timestamp
  • Session duration
  • DNS queries

cyberghost-logging-policy

Now for the part that CyberGhost actually logs:

  • your name
  • address
  • e-mail address
  • username
  • payment information

This is already too much data, however, it gets even worse from here…

Contradicting Statement

Although CyberGhost claims that they don’t store connection logs, if you look under the “Information related to your account (“Personal Data”)”, you’ll see that they actually log user IPs.

cyberghost-contradicting-statement

Aside from the above mentioned contradicting statement, CyberGhost logs too much unnecessary personally identifiable user data.

  • Approximate location (country only)
  • Transaction information
  • Items purchased
  • Price paid
  • Billing method
  • Partial credit card information
  • Chargeback requests
  • Canceled orders

cyberghost-unnecessary-logs-privacy-policy

In their defense, they do mention that the above mention personal data is neither associated with any kind of activity done within the CyberGhost app nor is it logged, recorded or stored at all.

Personally, I’m not too sure about it…

Aside from collecting personal information that I talked about earlier, CyberGhost also collects Anonymous or “Non-personal Data”.

According to their privacy policy, CyberGhost logs the following Nonpersonal information:

  • Data relating to the browser you are using
  • Mobile/desktop device
  • General properties and metadata
  • OS version
  • Preferred language
  • Date and time of your visit
  • The referring website and your preferences in our Websites during your visit

Another Contradicting Statement

As I said earlier, CyberGhost does store connection logs.

Even though they explicitly mention that they don’t store connection logs, their privacy policy states that they log Connection Attempt and Connection Successful.

Take a look at the screenshot below…

cyberghost-another-contradicting-statement

 

4# Surfshark

Jurisdiction – British Virgin Islands (Safe)

Connection Logs – No

Usage Logs – No

Transparency Report – No

Now we get to Surfshark’s privacy policy. Under the “What information is collected” heading, Surfshark mentions the following user data they do not log:

  • IP addresses
  • Browsing history
  • Session information
  • Used bandwidth
  • Connection timestamps
  • Network traffic and other similar data

surfshark-logs-privacy-policy

This takes care of usage and connection logs, let’s see what data they actually log…

Under the “Personal Information” heading, Surfshark states that they only collect:

  • User’s e-mail address and encrypted password
  • Basic billing information and order history

Other information logged by Surfshark

  • Diagnostics
  • Traffic data through Google Analytics
  • unique, user-resettable IDs for advertising
  • Cookies and web beacons
  • IP address when you visit the Surfshark website

 

5# ExpressVPN

Jurisdiction – British Virgin Islands (Safe)

Connection Logs – No

Usage Logs – No

Transparency Report – No

Does ExpressVPN keep logs? Well here’s what they mention in their privacy policy:

  • No logging of browsing history
  • Traffic destination
  • Data content, or DNS queries

ExpressVPN also explicitly mention that they do not collect logs of user activities.

ExpressVPN also doesn’t collect connection logs as well.

  • No logs of your IP address
  • Outgoing VPN IP address
  • Connection timestamp, or session duration

Now for the data that they actually log…

ExpressVPN collects four types of general information:

  • Information related to your account (“personal information”)
    • Includes your name
    • Email address
    • Payment information
  • Aggregate Apps and VPN connection summary statistics
  • Anonymous VPN connection diagnostics and crash reports
  • IP addresses (Only for users who choose to use the MediaStreamer service)

To summarize their logging policy, ExpressVPN mentions a fairly simple and easy to understand summary. Take a look the screenshot below…

expressvpn-logging-policy-privacy-policy

 

6# Private Internet Access

Jurisdiction – USA (Under 5 eyes surveillance)

Connection Logs – Not sure

Usage Logs – Not Sure

Transparency Report – Yes

Now coming to the privacy policy of PIA. Their privacy policy is very confusing. I can’t tell if they collect usage and connection logs or not.

All they mention is the personal information that they collect.

From Clients:

  • E-mail Address

Payment Data (They don’t save your full credit card details)

  • Temporary cookie to improve the delivery of services ( For affiliates)

From the Website and Email:

  • Google analytics data
  • Information collected from the “Contact Us” page
  • The email address of any e-mails that PIA receive.

private-internet-access-personal-information-we-collect-privacy-policy

Aside from being unsure about whether they log usage and connection logs, another thing that caught my eye in their privacy policy, is the heading called “DISCLOSURE AND USE OF PERSONAL INFORMATION”.

This heading basically states that they will comply with all valid subpoena requests.

Although they do mention that their legal team scrutinized every legal request they get, however, considering that they agree to comply with law enforcement agencies in the first place, is alarming, to say the least.

But what really puts me into a confusing spot is that PIA has been tested previously by authorities into revealing information about users and they came out clean.

In 2016, FBI sent out a subpoena to PIA to disclose information about a suspect who used the said VPN to snoop on a female coworker’s calls and texts, Facebook activities, and even showed up at her doorstep.

 

7# IPVanish

Jurisdiction – USA (Under 5 eyes surveillance)

Connection Logs – No

Usage Logs – No

Transparency Report – No

IPVanish also claims to be a No log VPN, however, considering that it operates from the U.S, I doubt that they don’t log any user data.

Let’s check out their privacy policy to find out…

Here’s what IPVanish claims they don’t login their privacy policy:

  • Connection
  • Traffic
  • Activity data

IPVanish-privacy-policy

However, it is also mentioned in their privacy policy that they monitor site activity for performance and functionality improvement.

In addition to mentioning it in the first paragraph, IPVanish again mentions that they do not collect, monitor, or log any traffic or use of its Virtual Private Network service, under the “Information we collect” heading.

IPVanish-information-we-collect-privacy-policy

Okay, so it’s clear that they don’t log connection and usage data, so what exactly do they log then? Let’s find out.

Here’s all the personal information that IPVanish logs:

  • Active email address
  • Active payment method

Additionally:

  • Name
  • street address
  • city
  • state
  • The country, and billing zip code

Aside from personal information, IPVanish also collects site-related data. Here’s what they collect:

  • Site visitor data using cookies, pixels, Google Analytics and other similar technologies
  • Page requests
  • Browser type
  • Operating System
  • Bounce rate
  • Average time spent on our Site

 

8# Astrill

Jurisdiction – Seychelles (Safe)

Connection Logs – Yes

Usage Logs – No

Transparency Report – No

Astrill VPN logs a whole lot of data. However, they claim in their privacy policy that all logged records are removed once you disconnect from the VPN app. Besides, they only store connection logs and not your usage or activity logs.

Here are all the information Astrill VPN logs:

Active Sessions

  • Connection time
  • IP address
  • Device type
  • Astrill VPN application version

astrill-VPN-privacy-policy-logging-policy-1

In addition to that, Astrill also logs bandwidth usage.

astrill-VPN-privacy-policy-logging-policy-2

Furthermore, Astrill VPN also logs last 20 connection records such as connection time, connection duration, country, device type, and Astrill client application version number.

However, they claim that this information is only used by the customer support team and automatically removed in case of no activity is performed in the past 30 days.

astrill-VPN-privacy-policy-logging-policy-3

That a lot of information for a so-called no log VPN, don’t you think?

 

9# HideMyAss

Jurisdiction – UK (Under 5 eyes surveillance)

Connection Logs – Yes

Usage Logs – No

Transparency Report – Yes

Here’s what HideMyAss mention in their privacy policy

  • License ID
  • connect and disconnect timestamps
  • Amount of data transmitted (upload and download)
  • Subnet of the IP address used to connect to HideMyAss VPN
  • The IP address of VPN server you connect to

hide-my-ass-logging-policy-privacy-policy

Okay, so they do collect connection logs, what about usage logs? Let’s find out…

Scrolling further through their privacy policy and they mention that they don’t store the following:

  • The originating IP address you use to connect to HMA
  • Resources and websites you use
  • Data sent or received using HMA

hide-my-ass-logging-policy-privacy-policy -1

So that takes care of usage logs as well. They truly don’t store usage or activity logs.

HMA also doesn’t store logs for an insanely long time period, in fact, logs are only kept for 30-days and removed on a monthly basis.

hide-my-ass-logging-policy-privacy-policy-2

Overall their logging policy seems alright to me, however, they do operate from the UK which is indeed a cause for concern.

 

10# TorGuard

Jurisdiction – USA (Under 5 eyes surveillance)

Connection Logs – Not sure

Usage Logs – Not sure

Transparency Report – No

TorGuard VPN’s privacy policy is very vague. They don’t mention anything about usage logs nor do they mention anything about connection logs.

It’s very weird and not something I’ve encountered with recognized VPN providers. What’s even more frustrating is the fact that they’re operating under the jurisdiction of the 5 eyes.

Anyways, here’s all the information they say they collect in their privacy policy:

  • Payment information
  • Anonymized Google analytics
  • Affiliates data
  • Apache Web server logs
  • Contact data through live chat or support tickets
  • E-mails that they receive

torguard-logging-policy-privacy-policy

 

11# TunnelBear

Jurisdiction – Canada (Under 5 eyes surveillance)

Connection Logs – Yes

Usage Logs – No

Transparency Report – Yes

TunnelBear doesn’t collect any usage logs, however, they do collect connection logs and other operational data.

Here’s all the data they say they log in their privacy policy:

  • Account User Data
  • Operational Data
  • Personal and Financial Data Collected at Payment
  • Cookies and Persistent Trackers

Here’s what TunnelBear doesn’t log:

  • IP addresses when visiting TunnelBear website
  • IP addresses upon service connection
  • DNS Queries while connected
  • Any information about the applications, services or websites while connected to TunnelBear

However, since there are no usage logs being kept by TunnelBear, it is among the very few free VPN that doesn’t keep logs.

 

12# CactusVPN

Jurisdiction – Canada (Under 5 eyes surveillance)

Connection Logs – No

Usage Logs – No

Transparency Report – No

CactusVPN also claims that they don’t log anything in their terms and conditions. Let’s take a close look and see what they actually mean by that.

Here’s what CactusVPN claims they don’t keep logs of:

  • Data relating to your activities
  • Not record, monitor, log or store any of your information
  • None of your information will be passed on to a third party
  • We do not store any IP addresses, traffic logs, connection timestamps, used bandwidth or session duration

Here’s what CactusVPN keeps logs of:

  • E-mail address
  • Country
  • State (only for Canada)
  • City, Address, Zip code
  • Partial credit card details (card type, last four digits)
  • Emails or support tickets they receive
  • Invoices
  • Transactions details (payment method, amount, date)
  • Information required to log into their VPN and Smart DNS services

 

13# Opera (Browser) VPN

Jurisdiction – Norway (Under 9 eyes surveillance)

Connection Logs – Not sure

Usage Logs – No

Transparency Report – No

There’s not a lot of information available regarding logging in Opera (Browser) VPN’s privacy policy, however, based on limited information, they don’t collect the following information:

  • Information related to your browsing activity
  • Originating network address

Although it’s clear that they don’t log usage data, there’s no information available regarding whether they store connection logs or not.

 

14# Trust.Zone

Jurisdiction – Seychelles (Safe)

Connection Logs – Not sure

Usage Logs – Not Sure

Transparency Report – No

Trust. Zone also has a very vague privacy policy, it’s very hard to tell what they explicitly log and what they don’t.

Here’s what I can interpret from their logging policy…

  • Email address when registering on their website
  • Payment specific information

That’s perfectly understandable.

Contradicting statement

One statement in their privacy policy is very confusing. Check out the screenshot below and then allow me to explain what I mean.

trust.zone-logging-policy-privacy-policy

They first say their servers don’t store any logs, and then they say all usage data is anonymous and not connected to your real or public IP address.

Isn’t that a contradicting statement?

 

15# SurfEasy

Jurisdiction – Canada (Under 5 eyes surveillance)

Connection Logs – Yes

Usage Logs – Temporary

Transparency Report – No

SurfEasy claims they only store usage logs temporarily. In addition to mentioning this in their privacy policy, SurfEasy also mentions that “they do not store originating IP address when connected to the SurfEasy service”.

Because they don’t store this information:

SurfEasy cannot disclose information about the applications, services or websites visited or used while connected to SurfEasy.

Here are all the data SurfEasy collects:

  • Aggregate bandwidth usage
  • Temporary usage data
  • Internet and data traffic, such as destination website or IP address and originating IP address
  • In-app telemetry data

 

16# BolehVPN

Jurisdiction – Seychelles (Safe)

Connection Logs – Yes

Usage Logs – No

Transparency Report – No

BolehVPN claims that they’re a no log VPN service and doesn’t log the following user data:

  • User activity including user access
  • DNS requests
  • Timestamps
  • Bandwidth usage or user’s IP addresses

Here’s what they say they do log in their privacy policy:

We do monitor general overall traffic of the server and number of connections in which the server is pushing through but not on an individual level.

 

17# Encrypt.me

Jurisdiction – USA (Under 5 eyes surveillance)

Connection Logs – Yes

Usage Logs – No

Transparency Report – No

Encrypt.me has a fairly straight forward privacy policy.

Here’s what they log:

Anonymized visitor information

  • Google Analytics
  • New Relic
  • DoubleClick

When you sign up for a free trial

  • Email address
  • Any affiliate tracking data:
    • your IP address
    • the referring affiliate
    • an optional campaign banner ID

When you sign up for a paid account

  • Name
  • Billing address
  • Credit card information

This is not normal

encrypt.me-logging-policy-privacy-policy

Although they claim that they don’t collect usage logs, however, if you scroll down to the Android section, they mention that they do indeed monitor general behaviors inside the app.

Connection Logs:

  • The number of bytes sent and received
  • The length of time connected
  • The IP address connected from and the (virtual) IP we assign
  • The source port of the outgoing connection with start and end times

 

18# ZoogVPN

Jurisdiction – Greece (Safe)

Connection Logs – No

Usage Logs – No

Transparency Report – No

ZoogVPN is another one of those VPNs with a very vague privacy policy. Nowhere do they mention anything about connection and usage logs.

The only information they claim to collect is:

  • Email address for account management as a login
  • Valid password during the registration process

 

19# IronSocket

Jurisdiction – Hong Kong (Safe)

Connection Logs – Yes

Usage Logs – No

Transparency Report – No

IronSocket begins their privacy policy by mentioning that they don’t log “the content you access while using our Services”.

Here’s what IronSocket VPN logs when you use the app:

  • Time and date of the session connection and disconnection
  • The IP address used for the session and which server was connected to
  • A numerical representation showing total bytes transferred per session

 

20# Blockless

Jurisdiction – Canada (Under 5 eyes surveillance)

Connection Logs – Yes

Usage Logs – Not sure

Transparency Report – No

Blockless VPN is yet again another VPN with peculiarly vague privacy policy. They don’t mention anything about connection and usage logs.

This is the only information they say they collect;

  • Your first and last names;
  • Your contact information (such as your personal or work e-mail addresses, telephone numbers, or both, and mailing address);
  • IP address;
  • Credit card information; and
  • Any other information which you may provide to us at any time.

Now you might have noticed IP address mentioned above, so I’m guessing this is mentioned in the context of connection logs.

 

21# UnoTelly

Jurisdiction – Canada (Under 5 eyes surveillance)

Connection Logs – Yes

Usage Logs – No

Transparency Report – No

UnoTelly mentions that they don’t log the following information in their Privacy policy:

As a general rule, UnoTelly does not, and will not, actively monitor user activity or maintain direct logs to any customer’ s internet activities.

Here’s what they do log:

  • Login time
  • Logout time
  • Bandwidth

Everything is fine about their privacy policy, except for the part where they say “We also keep a minimum amount of log to satisfy the jurisdictional requirements of our VPN server and only release to authorized parties if it required by law”.

unoTelly-VPN-privacy-policy-logging-policy

What logs are they talking about? Then again, they don’t claim that they’re a no log VPN service in the first place.

 

22# OneVPN

Jurisdiction – Hong Kong (Safe)

Connection Logs – Not sure

Usage Logs – Not sure

Transparency Report – No

OneVPN only logs the following information:

  • Name
  • Email address

They don’t mention anything about connection or usage logs in their privacy policy.

 

23# My Private Network

Jurisdiction – Hong Kong (Safe)

Connection Logs – Yes

Usage Logs – No

Transparency Report – No

My Private Network starts its privacy policy by mentioning that they don’t log the following:

  • We do not retain or store any information regarding your internet activity, i.e. no firewall logs at all.
  • We do not retain or store any information on the bandwidth you use.
  • We do not retain or store any of your DNS queries.

So it’s clear that they don’t collect usage data.

Here’s what they do collect:

  • A username and password
  • Your email address

In addition to that, My Private Network also mentions in their privacy policy that they stores connection logs:

When you connect to our services, we record the time and date of your connection and disconnection.

Even though they store connection logs, they only keep it for 7-days.

My-private-network-logging-policy-privacy-policy

 

24# Anonine

Jurisdiction – Seychelles (Safe)

Connection Logs – Yes

Usage Logs – No

Transparency Report – No

Here’s what Anonine claims they don’t log in their privacy policy:

  • Logs
  • Connection timestamp
  • Connection duration
  • Locations and servers to which a user is connected
  • IP addresses
  • DNS requests

Here’s what they collect:

  • Email Address for registration
  • Username and Password
  • Payment History
  • Traffic used against a specific ID

So it’s clear that don’t log usage data, however, they do keep connection logs as evident by the fact that they keep track of used traffic.

 

25# EarthVPN

Jurisdiction – Northern Cyprus (Safe)

Connection Logs – Not sure

Usage Logs – No

Transparency Report – No

Here’s all the information that EarthVPN states they log in their privacy policy:

  • “Personal Information” includes your first name, username
  • Email address, password (encrypted)
  • IP address

Here’s what EarthVPN doesn’t log:

EarthVPN neither logs VPN usage nor user activity.

So it’s clear that they don’t log usage data, however, they don’t explicitly mention anything about connection logs.

 

26# BoxPN

Jurisdiction – Seychelles (Safe)

Connection Logs – Not sure

Usage Logs – Not sure

Transparency Report – No

Another VPN provider that deserves to be added to the list of vague VPN policies, is BoxPN. Their privacy policy is seriously very vague and hardly contains any logging information.

Here’s everything they say they collect:

  • E-mail Address they receive
  • Payment data
  • Google analytics data
  • Submissions on the ‘Contact Us’ page
  • User’s cookies

 

27# LiquidVPN

Jurisdiction – USA (Under 5 eyes surveillance)

Connection Logs – Yes

Usage Logs – No

Transparency Report – No

LiquidVPN clearly mentions in their privacy policy that they “do not monitor this kind of traffic”. That takes care of usage logs.

On the other hand, LiquidVPN does store plenty of connection logs. Here’s everything they keep logs of:

  • Total number of active user logins per account
  • Current Account status (logged in or logged out)
  • Number of active sessions allowed per account
  • The last public IP you were assigned
  • Failed Logins

liquidVPN-privacy-policy-logging-policy

 

28# ShadeYou

Jurisdiction – Netherlands (Under 9 eyes surveillance)

Connection Logs – No

Usage Logs – No

Transparency Report – No

ShadeYou VPN has one of the most comprised privacy policy I have ever come across. That said, they do make it very easy to know what they log and don’t log.

Anyways, here’s what ShadeYou doesn’t keep logs of:

ShadeYouVPN.com does not collect information about the activities of our clients on the network. We do not keep logs, so we simply do not have data that could be transferred to third parties.

Sounds like a pretty sturdy logging policy to me.

 

29# ZPN

Jurisdiction – United Arab Emirates (Safe)

Connection Logs – Yes

Usage Logs – No

Transparency Report – No

ZPN doesn’t explicitly mention what information they log. In fact, I had to check out their terms of service to find out that they log bandwidth usage.

In their privacy policy, they mention this:

To maximize your privacy we collect the minimum information required, and that is your email address. We do not request or store your name, IP address, physical addresses, phone number or any other personal information.

 

30# PandaPow

Jurisdiction – Hong Kong (Safe)

Connection Logs – Yes

Usage Logs – No

Transparency Report – No

PandaPow clearly mentions in their privacy policy that they don’t log user activities such as:

  • Emails
  • Chats
  • VOIP calls
  • Websites visited

Although they don’t collect usage logs, they do store connection logs.

“In addition to any personal information you provide us, we may store the following pieces of data: IP address, times when connected to our service, the total amount of data transferred, and transfer speed information”.

 

31# VyprVPN

Jurisdiction – Switzerland (Cooperative)

Connection Logs – No

Usage Logs – No

Transparency Report – No

VyprVPN majorly revamped its privacy policy. From its inception until 2018, the company used to log and retain the following data for 30-days:

  • Customer’s source IP address (generally the IP address assigned by the customer’s ISP)
  • VyprVPN’s IP address assigned to the user
  • Connection start and end times
  • Total number of bytes used

Fast forward to 2018 and VyprVPN no longer logs:

  • Source IP address
  • The IP address assigned to the user when using VyprVPN
  • Connection start or stop time
  • User’s traffic or the content of any communications

VyprVPN even conducted an independent audit by Leviathan Security Group just to provide concrete proof of their no logs policy. You can read the VyprVPN’s Audit report here.

It is blatantly obvious that they don’t log connection and usage logs. The only thing that they do log is a bit of personal data like:

  • Your name
  • Email address
  • Phone number
  • Payment information and/or physical address

Although they don’t keep logs and even offer an Audit report to back their claims, the fact that they’re headquartered in a cooperative region, Switzerland, people can question the legitimacy of their no logs policy. After all, who can forget Switzerland’s snooping scandal of 1989?

 

32# VPNTunnel

Jurisdiction – Seychelles (Safe)

Connection Logs – No

Usage Logs – No

Transparency Report – No

VPNTunnel only logs very limited data. Although they mention that they don’t log user’s online activities, it’s not clear whether they keep connection logs or not. However, according to their support team, no logs are kept.

Here’s all the other information they keep track of:

  • E-mail Address we receive
  • Payment data
  • Google analytics data

VPNTunnel privacy policy.

 

33# SwitchVPN

Jurisdiction – India (Safe)

Connection Logs – No

Usage Logs – No

Transparency Report – No

SwitchVPN doesn’t mention anything about being no log VPN in their privacy policy. However, they still claim that they don’t log traffic and usage of their service.

switchVPN-logging-policy-privacy-policy

Here’s what they do keep logs of:

switchVPN-logging-policy-privacy-policy-1

 

34# FinchVPN

Jurisdiction – Malaysia (Safe)

Connection Logs – Yes

Usage Logs – No

Transparency Report – No

FinchVPN has a pretty outdated privacy policy. Based on what I can see, their privacy policy hasn’t been updated since November 2016.

Anyways, according to their privacy policy, they only collect connection logs and don’t monitor any the websites you connect to, aka usage logs.

Here are all the connection logs they keep:

  • Timestamp
  • traffic amount and user id when you connect and disconnect to the VPN service

 

35# SlickVPN

Jurisdiction – Italy (Under 14 eyes surveillance)

Connection Logs – No

Usage Logs – No

Transparency Report – No

SlickVPN’s privacy policy is very concise and doesn’t mention anything about connection logs. However, they do mention that they don’t “track the browsing activities of the user who are logged to the SlickVPN service”.

 

36# AirVPN

Jurisdiction – Italy (Under 14 eyes surveillance)

Connection Logs – No

Usage Logs – No

Transparency Report – No

AirVPN’s privacy policy is very hard to deconstruct, information is scattered pretty much all over the place. It took me quite a while to find out that they, in fact, don’t log the following user data:

Activity traffic and/or traffic content and/or IP addresses of the customers or users are not inspected, logged or stored into any mass storage device.

That takes care of both connection and usage logs.

 

37# TigerVPN

Jurisdiction – Slovakia (Safe)

Connection Logs – Yes

Usage Logs – Yes

Transparency Report – No

This one VPN I cannot recommend at all. Not only do they mention that they collect connection logs, but they also explicitly mention that they log usage and tracking data. Just check out their privacy policy for yourself.

Connection Logs:

  • VPN protocol and version
  • Operating system
  • app version
  • traffic statistic
  • connection session (server location)
  • favorite servers [optional]
  • debug information [optional]

Here’s the screenshot where they say they log usage data:

tigerVPN-privacy-policy-no-logs-policy

I can’t recommend you try this VPN!!!

 

38# Zenmate

Jurisdiction – Germany (Under 14 eyes surveillance)

Connection Logs – Yes

Usage Logs – No

Transparency Report – No

ZenMate has a strict no-logs policy. It doesn’t collect usage logs, however, it does track data transferred, aka connection logs.

Even though they mention quite a lot about IP address in their privacy policy, if you carefully read it, they claim that they only use it temporarily.

 

39# LeVPN

Jurisdiction – Hong Kong (Safe)

Connection Logs – Yes

Usage Logs – No

Transparency Report – No

LeVPN is also a no log VPN service. Here’s what they claim in their privacy policy, “We do not store details of, or monitor, the websites you connect to when using our Le VPN Service”.

However, they do store connection logs such as:

  • A time stamp and IP address when you connect and disconnect to our Le VPN service, and
  • The amount of data transmitted (up- and download) during your session together with the IP address of the individual VPN server used by you.

 

40# Mullvad

Jurisdiction – Sweden (Under 14 eyes surveillance)

Connection Logs – No

Usage Logs – No

Transparency Report – No

Mullvad’s privacy is a bit half backed if I’m saying that correctly. I say this because they don’t provide any direct link to their logging policy, it’s just mentioned there, but it doesn’t go anywhere.

However, if you scroll down on their privacy policy page, you see that they don’t log the following information:

  • No logging of traffic
  • No logging of DNS requests
  • No logging of connections, including when one is made, when it disconnects, for how long, or any kind of timestamp
  • No logging of IP addresses
  • No logging of user bandwidth
  • No logging of account activity except total simultaneous connections (explained below) and the payment information detailed in this post.

They not only don’t collect usage data, but they also don’t collect any connection logs as well.

 

41# CyberSilent

Jurisdiction – Poland (Safe)

Connection Logs – No

Usage Logs – No

Transparency Report – No

CyberSilent doesn’t offer too much explanation about what logs they keep. More specifically, they don’t mention anything about connection logs in their privacy policy.

As far as usage logs are concerned, they explicitly mention that they don’t “keep any logs or monitor user activity”.

 

42# Hotspot Shield

Jurisdiction – USA (Under 5 eyes surveillance)

Connection Logs – Not sure

Usage Logs – No

Transparency Report – Yes

Hotspot shield is one of the world most popular VPN service, however, they also keep logs despite claiming that they’re a no log VPN service.

They don’t collect usage logs, however, it’s not clear whether they store connection logs or not from their privacy policy.

hotspotshield-privacy-policy-no-logs-policy

Here’s what they collect when you launch their app:

Device-specific information, such as the unique mobile ID, hardware model, operating system version, language, and network information.

They also use IP addresses, however, they don’t log it.

 

43# Froot VPN

Jurisdiction – Sweden (Under 14 eyes surveillance)

Connection Logs – No

Usage Logs – No

Transparency Report – No

FrootVPN is one of the very few VPN that doesn’t keep logs. They Don’t keep logs of anything. It is explicitly mentioned in their privacy policy that they don’t store any traffic data, nor do they store any logs.

They also clearly mention that they never monitor or log your internet activity.

frootVPN-no-logs-policy-privacy-policy

 

44# Buffered

Jurisdiction – Gibraltar (Safe)

Connection Logs – Yes

Usage Logs – No

Transparency Report – No

Buffered VPN’s privacy policy is very hard to comprehend. I had to read their privacy policy multiple times just to find out what they log and don’t log.

Anyways, here’s what they log when you use their service:

devices identifiers, including unique identifiers, operating system’s version, language, IP addresses, network information, user information on the operating system, routing tables, DNS server addresses, other filesystem information.

However, they claim that this information is used for troubleshooting.

 

45# Anonymous VPN

Jurisdiction – Seychelles (Safe)

Connection Logs – Yes

Usage Logs – No

Transparency Report – No

Anonymous VPN claims in their privacy policy, that they don’t “collect any kind of VPN activity logs, browsing behavior or any activity related to your VPN connection”

However, they do collect your average connection logs such as:

  • Choice of server location,
  • Times when our VPN Services was used by user
  • Amount of data transferred by one user in one day

46# Goose VPN

Jurisdiction – Netherlands (Under 14 eyes surveillance)

Connection Logs – Yes

Usage Logs – No

Transparency Report – No

Goose VPN has a very clear cut privacy policy. Goose VPN clearly mentions that they only store bandwidth usage as connection logs.

As far as usage logs are concerned, they explicitly state that they don’t store “internet activities of users”.

 

47# Spyoff VPN

Jurisdiction – San Marino (Safe)

Connection Logs – No

Usage Logs – No

Transparency Report – No

Spyoff VPN’s privacy policy is nothing but gibberish, you can’t anything out of it. Even after reading it multiple times, I couldn’t find anything related to logs.

I contacted them through email and they said this:

We do not keep any records concerning traffic logs or connection logs, timestamps, bandwidth, IP addresses.

I’ll take their word for it.

 

48# SaferVPN

Jurisdiction – USA (Under 5 eyes surveillance)

Connection Logs – Yes

Usage Logs – No

Transparency Report – No

SaferVPN is very explicit about what they log. They begin their privacy policy by stating that they “do not collect, log or store any browsing activity, data or IP addresses”.

Scrolling down their privacy policy it’s obvious that they do store connection logs. Here’s what they collect:

  • Date and time on which the Session began, date and time on which the Session ended,
  • The amount of data transmitted during each Session,
  • To which location (e.g. USA East) (We do not hold servers’ IP addresses),
  • And from which country you connected from (We do not hold IP addresses).

 

49# AceVPN

Jurisdiction – USA (Under 5 eyes surveillance)

Connection Logs – No

Usage Logs – No

Transparency Report – Yes

AceVPN doesn’t have too much information in their privacy policy, however, they do have a specific section about logs.

Here’s what they say:

We do not log VPN traffic. We do not spy on our users nor monitor their bandwidth or Internet usage. Our VPN servers do not store any personal identifying information (PII).

Based on what they say, they don’t store both connection and usage logs.

 

50# Betternet VPN

Jurisdiction – Canada (Under 5 eyes surveillance)

Connection Logs – No

Usage Logs – No

Transparency Report – Yes

Betternet is also fairly straight forward in their privacy policy. They start their privacy policy by stating that they don’t keep logs of online activities and never associate any domains, or applications that you access while using Betternet VPN.

Scrolling down their privacy policy and it is obvious that they collect connection logs. Here’s are all the connection logs they collect when you use their app:

  • Your IP
  • Duration of your VPN session

However, they claim that your IP is deleted when you disconnect from the VPN app.

 

51# ProtonVPN

Jurisdiction – Switzerland (Cooperative)

Connection Logs – Yes

Usage Logs – No

Transparency Report – Yes

 

52# Seed4.me VPN

Jurisdiction – Taiwan (Safe)

Connection Logs – Yes

Usage Logs – No

Transparency Report – No

 

53# VPN Book

Jurisdiction – Switzerland (Cooperative)

Connection Logs – Yes, but deleted on a weekly basis

Usage Logs – No

Transparency Report – No

 

54# Windscribe

Jurisdiction – Canada (Under 5 eyes surveillance)

Connection Logs – Yes

Usage Logs – No

Transparency Report – Yes

 

55# Unlocator

Jurisdiction – Denmark (Under 14 eyes surveillance)

Connection Logs – Yes

Usage Logs – Yes, but purged after 24 hours

Transparency Report – No

 

56# VPN.ht

Jurisdiction – Belize (Safe)

Connection Logs – No

Usage Logs – No

Transparency Report – No

 

57# Security Kiss

Jurisdiction – Ireland (Safe)

Connection Logs – Yes

Usage Logs – No

Transparency Report – No

 

58# Security Kiss

Jurisdiction – Ireland (Safe)

Connection Logs – Yes

Usage Logs – No

Transparency Report – No

 

59# Proxpn

Jurisdiction – USA (Under 5 eyes surveillance)

Connection Logs – No

Usage Logs – No

Transparency Report – No

 

60# Keep Solid Business VPN

Jurisdiction – USA (Under 5 eyes surveillance)

Connection Logs – Yes

Usage Logs – No

Transparency Report – No

 

61# Hide.me

Jurisdiction – Malaysia (Safe)

Connection Logs – Yes, but stored temporarily

Usage Logs – No

Transparency Report – Yes, but outdated

 

62# VPNArea

Jurisdiction – Bulgaria (Safe)

Connection Logs – No

Usage Logs – No

Transparency Report – No

 

63# VPN Baron

Jurisdiction – Romania (Safe)

Connection Logs – Yes

Usage Logs – No

Transparency Report – No

 

64# VPN Secure

Jurisdiction – Australia (Under 5 eyes surveillance)

Connection Logs – No

Usage Logs – No

Transparency Report – No

 

65# Ivacy

Jurisdiction – Singapore (Safe)

Connection Logs – No

Usage Logs – No

Transparency Report – No

 

66# IBVPN

Jurisdiction – Romania (Safe)

Connection Logs – No

Usage Logs – No

Transparency Report – No

 

67# Shellfire VPN

Jurisdiction – Germany (Under 14 eyes surveillance)

Connection Logs – No

Usage Logs – No

Transparency Report – No

 

68# IVPN

Jurisdiction – Gibraltar (Safe)

Connection Logs – No

Usage Logs – No

Transparency Report – No

 

69# TorVPN

Jurisdiction – UK (Under 5 eyes surveillance)

Connection Logs – Yes

Usage Logs – No

Transparency Report – No

 

70# Perfect Privacy

Jurisdiction –Switzerland (Cooperative)

Connection Logs – No

Usage Logs – No

Transparency Report – No

 

71# OVPN

Jurisdiction –Sweden (Under 14 eyes surveillance)

Connection Logs – No

Usage Logs – No

Transparency Report – Yes

 

72# OverPlay

Jurisdiction –UK (Under 5 eyes surveillance)

Connection Logs – No

Usage Logs – No

Transparency Report – No

 

73# StrongVPN

Jurisdiction –UK (Under 5 eyes surveillance)

Connection Logs – No

Usage Logs – No

Transparency Report – No

 

74# Private Tunnel

Jurisdiction –USA (Under 5 eyes surveillance)

Connection Logs – Yes

Usage Logs – No

Transparency Report – No

 

75# Freedome VPN

Jurisdiction –Finland (Safe)

Connection Logs – Yes

Usage Logs – No

Transparency Report – No

 

76# VPN.Asia

Jurisdiction –Belize (Safe)

Connection Logs – No

Usage Logs – No

Transparency Report – No

 

77# NVPN

Jurisdiction –Bosnia (Safe)

Connection Logs – No

Usage Logs – No

Transparency Report – No

 

78# VPN Unlimited

Jurisdiction –USA (Under 5 eyes surveillance)

Connection Logs – Yes

Usage Logs – No

Transparency Report – No

 

79# AzireVPN

Jurisdiction –Sweden (Under 14 eyes surveillance)

Connection Logs – No

Usage Logs – No

Transparency Report – Yes

 

80# ActiVPN

Jurisdiction –France (Under 9 eyes surveillance)

Connection Logs – Yes

Usage Logs – No

Transparency Report – No

 

81# BlackVPN

Jurisdiction –Hong Kong (Safe)

Connection Logs – No

Usage Logs – No

Transparency Report – No

 

82# CitizenVPN

Jurisdiction – Denmark (Under 9 eyes surveillance)

Connection Logs – Yes

Usage Logs – No

Transparency Report – No

 

83# CrypticVPN

Jurisdiction – USA (Under 5 eyes surveillance)

Connection Logs – No

Usage Logs – No

Transparency Report – No

 

84# CryptoStorm

Jurisdiction – Iceland (Safe)

Connection Logs – No

Usage Logs – No

Transparency Report – No

 

85# DefenceVPN

Jurisdiction – Canada (Under 5 eyes surveillance)

Connection Logs – Yes

Usage Logs – No

Transparency Report – No

 

86# Disconnect.me

Jurisdiction – USA (Under 5 eyes surveillance)

Connection Logs – Not Sure

Usage Logs – Not Sure

Transparency Report – No, but they claim they don’t get any request from the government

 

87# DotVPN

Jurisdiction – Hong Kong (Safe)

Connection Logs – Yes

Usage Logs – Not Sure

Transparency Report – No

 

88# Doublehop

Jurisdiction – Seychelles (Safe)

Connection Logs – No

Usage Logs – No

Transparency Report – No

 

89# Faceless.Me

Jurisdiction – Cyprus (Safe)

Connection Logs – Yes

Usage Logs – No

Transparency Report – No

 

90# FlowVPN

Jurisdiction – Canada (Under 5 eyes surveillance)

Connection Logs – Yes

Usage Logs – Yes

Transparency Report – No

 

91# FlyVPN

Jurisdiction – USA (Under 5 eyes surveillance)

Connection Logs – Yes

Usage Logs – No

Transparency Report – No

 

92# Freedom-IP

Jurisdiction – France (Under 14 eyes surveillance)

Connection Logs – Yes

Usage Logs – No

Transparency Report – No

 

93# FrostVPN

Jurisdiction – USA (Under 5 eyes surveillance)

Connection Logs – Yes

Usage Logs – No

Transparency Report – No

 

94# GhostPath

Jurisdiction – USA (Under 5 eyes surveillance)

Connection Logs – No

Usage Logs – No

Transparency Report – No

 

95# GoTrusted

Jurisdiction – USA (Under 5 eyes surveillance)

Connection Logs – Yes

Usage Logs – No

Transparency Report – No

 

96# HideIP VPN

Jurisdiction – Moldova (Safe)

Connection Logs – No

Usage Logs – No

Transparency Report – No

 

97# HolaVPN

Jurisdiction – Israel (Cooperative)

Connection Logs – Yes

Usage Logs – Yes

Transparency Report – No

 

98# Identity Cloaker

Jurisdiction – Czech Republic (Safe)

Connection Logs – Yes

Usage Logs – No

Transparency Report – No

 

99# IPinator

Jurisdiction – USA (Under 5 eyes surveillance)

Connection Logs – Yes, but only stored as aggregated logs

Usage Logs – No

Transparency Report – No

 

100# IPinator

Jurisdiction – Cyprus (Safe)

Connection Logs – No

Usage Logs – No

Transparency Report – No

 

101# OctaneVPN

Jurisdiction – USA (Under 5 eyes surveillance)

Connection Logs – Yes

Usage Logs – No

Transparency Report – No

 

Key Takeaway!

So there you have it, folks, 101 VPN privacy policies finally deconstructed.

I’ve spent 120 hours filtering through thousands upon thousands of words to bring you the most updated and accurate information possible.

As you might have already seen, there are only a handful of VPNs that actually don’t keep logs, rest of them, in fact, do store VPN logs one way or the other.

Some choose to be very explicit about it, other’s choose to be sketchy and outright don’t disclose their logging policy.

Although I’ve already made it way easy for you to choose a safe VPN provider, here’s how you can research yourself:

  • Make sure your VPN provider doesn’t store usage logs
  • Make sure your VPN provider doesn’t store excessive connection logs

Additionally, if your VPN provider offers a transparency report or an independent audit report, that’s even better.

As for VPN jurisdiction, Governments outside of the ‘eyes’ jurisdiction may also be able to demand or access VPN user data under their domestic criminal or national security laws, potentially without a warrant or other due process protections against abusive government searches.

Therefore, when selecting a VPN, the types of logs kept by the provider and the presence of any reports that highlights its transparency are key to a trustworthy service.

Not at all Likely Extremely Likely