Privacy & security

VPN logs explained

“No-logs” is the headline on almost every VPN site. The trouble is that it is a claim, not a feature you can see. Here is how to read it like a skeptic — and tell a promise worth trusting from a slogan.

6 min readUpdated Mar 7, 2026
Illustration of privacy protection on a laptop

What “logs” actually means

A log is simply a record a provider keeps about you or your connection. Every online service keeps some — a VPN is no different. The word on its own tells you nothing. What matters is what is recorded, how long it is kept, and whether it can be linked back to a real person. A provider can keep plenty of records and still be private, or keep almost none and still be careless. The label “no-logs” only becomes meaningful once you know which records it is promising not to keep.

The three kinds of logs

It helps to split logs into three buckets. Most arguments about no-logs policies are really arguments about which bucket a provider is talking about.

  • Usage logs — the records that describe what you did: sites visited, DNS requests, your real IP tied to a session. This is the bucket that matters most. A genuine no-logs VPN keeps none of it.
  • Connection logs — metadata about the connection itself: timestamps, session length, bandwidth used, the server you joined. Some of this is harmless; some can become identifying when combined with timestamps and your source IP.
  • Aggregate logs — anonymous, pooled numbers like total server load or how many people use a feature. These cannot single you out and are normal to keep.

Why jurisdiction matters

A no-logs policy is a promise about what a provider chooses to keep. Jurisdiction is about what it can be forced to keep or hand over. The country where a VPN is legally based decides which courts, agencies, and data-retention rules apply to it. A provider in a country with no mandatory logging laws has more room to keep its promise than one that can be quietly ordered to start recording.

You do not need to memorize treaties or alliances to use this. Just treat jurisdiction as one input among several: a thoughtful provider explains where it is based and why, rather than hoping you never ask. Each provider review notes the jurisdiction so you can weigh it alongside the audit history.

What actually backs up a no-logs claim

Anyone can write “no-logs” on a homepage. The difference between a slogan and a policy you can trust is evidence. Four kinds of proof carry real weight:

  • Independent audits — an outside firm inspects the servers and configuration and publishes what it found. One audit is a snapshot, so look for providers that repeat them rather than auditing once and never again.
  • Court-tested cases — moments when a provider was legally asked for data and, by its own account, had nothing to hand over. A claim that has survived real-world pressure is stronger than one that never has.
  • RAM-only servers — infrastructure that runs entirely in memory and wipes on every reboot, so there is no disk where logs could quietly accumulate.
  • Transparency reports — regular, public summaries of the legal requests a provider received and how it responded.
Illustration of a global VPN server network
RAM-only servers hold nothing on disk, so a reboot wipes any data that could have been logged.

Green flags vs red flags

Green flagsRed flags
Defines exactly what is and is not keptVague phrases like “minimal logs,” left undefined
Recent, repeated independent auditsOne old audit, or none at all
States its jurisdiction openlyNo clear answer on where it is based
Uses RAM-only servers and says soSilent about how servers store data
Publishes regular transparency reportsNo record of legal requests, ever
Plain-language privacy policyPromise lives only in the marketing headline

Quick signals to read any no-logs claim.

Frequently asked questions

Can a no-logs VPN see my activity?

While you are connected, your traffic passes through the provider’s servers, so in principle it could observe it. A genuine no-logs setup means it does not record or store that activity, so there is nothing to keep, sell, or hand over later. The promise is about what is retained, not about what could theoretically be seen in the moment.

What is a warrant canary?

A warrant canary is a public statement a provider posts saying it has not received a secret legal order it would be barred from disclosing. The idea is that if the statement quietly disappears or stops being updated, attentive users can infer something changed. It is a signal, not proof — useful as one data point among audits and transparency reports.

Does jurisdiction really matter?

It matters as one factor, not the whole story. Jurisdiction shapes what a provider can be legally compelled to do, but a well-run VPN in a less ideal location can still out-protect a careless one in a “privacy-friendly” country. Weigh jurisdiction alongside audits, server design, and track record rather than treating it as a single pass-or-fail test.

Is any connection data ever okay to keep?

Some aggregate or temporary operational data is normal and harmless — total server load, or a short-lived count to prevent abuse. The line you care about is whether anything kept can be tied back to you and what you did. Records that cannot identify you are very different from records that can.

Ready to choose?

Turn the theory into a shortlist.

When you want names instead of background, jump straight to the picks and matchups built on the same facts.