When accessing the web via a VPN, the main concerns for most users are security and privacy. A VPN service is supposed to make you feel safe while unlocking all the virtual doors that are otherwise sealed shut. That is why it is surprising that many services still disregard the needs and desires of their users and keep logs of their activities, making it possible for governments and third parties to gain insight into what you are doing online. Luckily, NordVPN is not one of them.
Legislature
NordVPN is located in Panama, which does not have any mandatory data retention laws. In other words, NordVPN is NOT obligated to record and store user data in order to hand it over to third parties. This means that even if the company gets served a warrant and/or gag order, it will simply have nothing to give since it neither tracks nor logs sensitive user info. Bottom line, your Internet traffic and history will be safe from any prying eyes, including your ISP, hackers, government, and international spy networks.
Logging Policy
Unless noted otherwise, your personal data is processed automatically and manually with a designated subsidiary in your country acting as the responsible personal data controller. Since canceling PayPal, NordVPN has unified all the payment methods on the official website so third parties are only in charge of basic app and website analytics and emailing service.
The company guarantees a strict no-logging policy, which means that NordVPN services will be provided by automated technical processes and not monitored, recorded, and passed to any third parties. The company will never store your session information, connection time stamps, traffic logs, used bandwidth, IP addresses, and other personal data. From the moment you turn on your NordVPN client, your Internet data becomes encrypted and therefore invisible to your ISP, cybercriminals, and numerous third-party snoopers.
To create your personal account, you have to provide NordVPN with your:
- Email address – This ensures that the company can communicate with you and inform you about any relevant updates, announcements or potential error reports. A valid email address is also essential to establish a VPN connection and retrieve a lost password.
- Payment data – This only applies if you are using conventional payment methods (credit cards, for example). If you are using cryptocurrencies, you will remain perfectly anonymous even after making the purchase.
In order to keep its service running, NordVPN is forced to collect some technical information, including:
- Server load info – In order to recommend optimal servers to its customers and avoid overcrowding, the company has to monitor server performance.
- Customer service info – All your communications and inquiries received through the Community Area and Contact Us Pages will be stored inside NordVPN’s database.
- Cookies – In order to improve user experience, NordVPN utilizes Google Analytics, affiliate cookies, and cookies that personalize the content of the official website (setting your default language, for example).
NordVPN will hold the collected data no longer than 2 years after the last recorded use of its service/app. You can always request a list of the collected data, correction of inaccurate info, and complete data erasure. You can also object to certain modes of personal data processing (marketing, for example).
The official website also features a warrant canary with the grand total of zero National Security Letters, gag orders, and warrants from any government organizations. The warrant canary is updated on a daily basis.