Deloitte, a market-leading Big Four firm, conducted the engagement, which validated NordVPN's commitment to privacy for the fourth time and confirmed that the company does not track or log users' online traffic.
“While we work hard to create and develop world-leading cybersecurity solutions to protect our customers, we also take privacy very seriously, and we are fully committed to our promise to not monitor or record the online traffic of our users. We firmly believe that a no-logs policy should be an industry standard and that an independent assurance engagement by a trusted Big Four firm reassures customers of our commitment to a safer and radically better internet,” says Marijus Briedis , CTO at NordVPN .
Deloitte practitioners interviewed NordVPN workers and evaluated server infrastructure, server configuration, and technical logs during the engagement process. From November 30 to December 7, 2023, they got access to NordVPN services and analyzed privacy-related configuration settings and procedures on Obfuscated, Double VPN, Standard VPN, Onion Over VPN (TOR), and P2P servers.
There was no evidence that NordVPN violated the company's no-logs policy, according to practitioners. They backed NordVPN's claim that it does not record any incoming or outgoing traffic data, such as IP addresses, browser history, or websites visited.
NordVPN completed its first independent no-log engagement in 2018, followed by second and third assessments in 2020 and 2022, demonstrating the company's ongoing commitment to privacy. These independent audits ensure NordVPN clients are getting what they paid for: a VPN service that does not track or log their browser activity.
