NordVPN Says It Passed Its Sixth Independent No-Logs Audit
Trust is hard to earn and easy to lose. NordVPN says it has passed its sixth independent assurance engagement to confirm its no-logs policy. Conducted by Deloitte Lithuania under the ISAE 3000 (Revised) standard, this assessment aims to provide concrete proof that your data remains private. For those asking is NordVPN safe, this report is a crucial piece of evidence. Here is the full breakdown of the scope, the dates, and what it actually means for you.
At a Glance
- The Claim: NordVPN does not track, collect, or store user connection data.
- The Auditor: Deloitte Lithuania (Big Four firm).
- The Standard: ISAE 3000 (Revised).
- The Result: Systems were found to align with the no-logs statement during the assessed period.
The Core Claim
NordVPN states it has again passed an independent assessment confirming it does not track, collect, or store users' connection data. This marks the sixth time the company has submitted its policies and infrastructure to independent verification.
The company positions these recurring engagements as "concrete proof" of their commitment to transparency, arguing that trust in the VPN industry cannot be built on promises alone. By engaging external auditors, they aim to increase user confidence that activity remains private. If you want to see how this security translates to daily usage, speed, and streaming, you can check our comprehensive NordVPN review.
Who Checked the Logs?
The assessment was performed by Deloitte Lithuania, described as a "Big Four audit firm". This adds a layer of credibility compared to internal reviews or smaller, less regulated auditing bodies.
The type of work performed was an independent reasonable assurance engagement. The framework used was ISAE 3000 (Revised), which is the International Standard on Assurance Engagements. The page also references the International Auditing and Assurance Standards Board (IAASB) in relation to the standards used, indicating a formal adherence to global auditing protocols.
Scope & Procedures
This wasn't just a quick glance at a spreadsheet. According to NordVPN, Deloitte's team executed a thorough review of the infrastructure.
| Action | Details |
|---|---|
| Interviews | Deloitte interviewed NordVPN employees to understand processes and policy enforcement. |
| Inspections | The auditors inspected server infrastructure, configurations, and deployment processes. |
| Server Coverage | The review covered Standard VPN, Double VPN, Obfuscated servers, and Onion Over VPN. |
| Focus Area | "Special attention" was put on privacy-related settings and no-log configurations. |
NordVPN reports that Deloitte concluded NordVPN's IT systems and supporting operations are "designed and implemented in line with" their no-logs statement.
Critical Dates
The timing of an audit is crucial. This was a point-in-time assessment, meaning the systems were verified as they operated during a specific window.
Limitations to Note
What's not shown publicly
While the news is positive for privacy advocates, there are limitations to transparency that users should be aware of:
- Point-in-Time: This is not continuous monitoring. It verifies the state of the systems between November 10 and December 12, 2025.
- Access Restricted: NordVPN does not publish excerpts of the report on their public blog due to the "technical nature" of the document.
- Login Required: To view the full report, you must be a customer and log in to your Nord Account. This creates a barrier for prospective buyers who want to verify the claims before purchasing.
Alongside the audit news, NordVPN highlights features like Threat Protection Pro to block malicious websites and trackers, reinforcing that their security model goes beyond just server configuration.
FAQs
Who conducted NordVPN's 2026 no-logs audit?
The assurance engagement was conducted by Deloitte Lithuania, a "Big Four" audit firm, under the ISAE 3000 (Revised) standard.
Can I read the full NordVPN audit report?
NordVPN does not publish the report publicly due to its technical nature. However, active customers can access the full report by logging into their Nord Account.
Does this audit guarantee 100% privacy forever?
No audit provides a lifetime guarantee. This was a "point-in-time" assessment covering the period from November 10 to December 12, 2025. It verifies systems as they operated during that specific window.
