NordVPN's sixth independent audit confirms no-logs policy.

Deloitte's ISAE 3000 audit at the end of 2025 found NordVPN's systems do not retain traffic-related metadata across its VPN services, marking the company's sixth independent no-logs verification.

Deloitte completed a no-logs assurance engagement of NordVPN's services at the end of 2025. The review applied the ISAE 3000 (Revised) standard and covered the standard VPN, Double VPN, Onion Over VPN, and obfuscated servers. Auditors examined system configurations, interviewed staff, and inspected live system logs between November 10 and December 12, 2025. This is the sixth independent verification of NordVPN's no-logs claim since the company's first assessment in 2018. Audit findings: - The engagement was conducted under ISAE 3000 (Revised) and ran from November 10 to December 12, 2025. - Deloitte's auditors reviewed configurations, interviewed staff, and inspected live system logs and operational processes. - The review found no retention of traffic-related metadata such as IP addresses, timestamps, bandwidth usage, or session identifiers across the examined systems. - The same no-logs controls were applied uniformly across the standard VPN, Double VPN, Onion Over VPN, and obfuscated servers. - This assessment is the sixth independent no-logs verification for NordVPN, following regular reviews that began in 2018. Summary: The audit provides an independent, standards-based verification of NordVPN's public no-logs claim and adds to a sequence of repeat assessments. The full assurance report is available to NordVPN subscribers via the Nord Account control panel. Undetermined at this time.