Top 50 VPN’s logging policies – which ones are safe?

Are you tired of unclear logging policies?

We’ve analysed and ranked the logging policies of the top 50 VPNs, so you know exactly who you can trust at a glance.

The top 10 we deem completely safe. The rest….well, it’s up to you.

What do VPNs log?

First up, what kind of logs do VPNs keep? Here’s a quick lowdown.

Types of logs

Websites: Do they track the websites you visit/your browsing history? This is the worst case scenario.

IP address: Every computer has their own IP address, which easily defines your computer and location.

Device data: Some VPNs log your device data, such as device name, IMEI, operating system, browser, etc, which can easily be used to identify you.

Times: Times when you use the VPN (also called sessions, connection times or timestamps). This can range from the last day you connected (not very specific) to detailed session logs (the exact times and duration every time you use the VPN).

Bandwidth: The least worrying metric. A lot of VPNs measure the amount of data you’ve downloaded. They may just keep a running total, or have more detailed weekly or monthly counts.

Some VPNs collect this data ‘in aggregate’, which should mean it’s collected en masse with other users, and not tied to any particular user.

Here’s a table showing exactly what logs the different VPNs keep.

Table 1. What VPNs log

VPNWebsitesIPDevice dataTimesBandwidth
NordVPNNoNoNoNoNo
proXPNNoNoNoNoNo
PIANoNoNoNoNo
SurfsharkNoNoNoNoNo
VPNSecureNoNoNoNoNo
MullvadNoNoNoNoNo
vpn.htNoNoNoNoNo
Perfect PrivacyNoNoNoNoNo
IVPNNoNoNoNoNo
ZoogVPNNoNoNoNoNo
vyprvpnNoNoNoNoNo
Ra4wNoNoNoNoNo
TorguardNoNoNoNoNo
Trust.ZoneNoNoNoNoNo
CeloNoNoNoNoNo
WitopiaNoNoNoNoNo
BolehNoNoNoNoNo
SurfEasyNoNoNoNoAgg.
Private TunnelNoNoNoYesNo
ProtonVPNNoNoNoYesNo
WindscribeNoNoNoYesYes
ExpressNoNoNoYesYes
PureVPNNoNoNoYesYes
IvacyNoNoNoNoAgg.
OperaNoNoYesNoNo
NortonVPNNoNoYesNoAgg.
TunnelbearNoNoYesNoYes
TigerNoNoYesYesNo
X-VPNNoNoYesYesNo
CyberghostNoYesNoNoNo
GooseNoYesNoNoNo
SpyOffNoYesNoNoNo
AVG SecureNoYesNoYesYes
vpn.acNoYesNoYesYes
Encrypt MeNoYesNoYesYes
VPN UnlimitedNoYesYesYesYes
Avira PhantomNoYesYesYesYes
AvastNoYesYesYesYes
AstrillNoYesYesYesYes
SpeedifyNoYesYesYesYes
FreedomeNoYesYesYesYes
Hide My AssNoYesYesYesYes
IPVanishAgg.NoAgg.Agg.Agg.
BetternetAgg.YesYesYesYes
VPN HubYesYesYesNoNo
TouchYesYesYesYesYes
HexaTechYesYesYesYesYes
Hotspot ShieldYesYesYesYesYes
HolaYesYesYesYesYes
HoxxYesYesYesYesYes

Almost all VPNs claim to be “no-logs” on their websites, but when you get deep down into their policies, only 34% are actually are no-logs.

A whopping 14% collect all 5 logs including browsing history. Unsurprisingly, all of these are free, or mostly free.

And a crazy 40% collect your IP address.

Scary, huh?

VPN logging policies ranked

However, just looking at these logs doesn’t tell the full story.

It would be nice if were that simple, but there’s other major factors to take into account. For example:

Have they done an independent audit? When an independent security organization investigates their policy and security of their servers. This allows for total transparency and shows a VPN is fully trustworthy. It’s like a gold-standard that few VPNs have been brave enough to do.

How detailed and clear is the policy? Some may say they don’t log anything, but in a policy of just a few lines, which doesn’t seem legitimate. Others are unclear, contradicted by staff, or use vague terms that could hide anything, like “we log VPN usage”.

Where are they located? If they’re located inside a 14-eyes country, this means any data they have on you can be handed over to a lot of other countries (including the US, which issues a lot of secret subpoenas).

What is their track record? For example, some companies have been forced to hand over their logs to authorities for criminal cases and the details have come out, proving or disproving their logs policies depending on what was used.

With all this in mind, here’s our table of the top 50 VPN’s logging policies ranked definitively from best to worst.

Table 2. VPN logging policies ranked from best to worst

VPNLogs(out of 5)In 14 eyesAuditPolicy detailOverall Rating
NordVPN0NoYesGoodExcellent
PIA0YesNoGoodExcellent
Mullvad0NoYesGoodExcellent
Perfect Privacy0NoNoGoodExcellent
IVPN0YesYesGoodExcellent
vyprvpn0NoYesGoodExcellent
Express2NoYesGoodExcellent
Surfshark0NoYesGoodExcellent
Tunnelbear2YesYesGoodExcellent
ProtonVPN1NoNoGoodExcellent
Zoog0NoNoGoodGood
Boleh0NoNoOKGood
Encrypt Me3NoNoOKGood
SpyOff1NoNoGoodGood
Torguard0YesNoOKGood
SurfEasy1YesNoOKGood
Witopia0YesNoOKOK
Windscribe2YesNoOKOK
Celo0YesNoPoorOK
vpn.ac3NoNoOKOK
Goose1YesNoOKOK
X-VPN2NoNoGoodOK
Trust.Zone0NoNoPoorOK
VPNSecure0YesNoPoorOK
vpn.ht0NoNoPoorOK
IPVanish4YesNoOKOK/Poor
Tiger2NoNoOKPoor
Ivacy2NoNoOKPoor
NortonVPN2YesNoOKPoor
Opera1YesNoOKPoor
Ra4w0YesNoPoorPoor
Freedome5NoNoGoodPoor
Private Tunnel1YesNoPoorPoor
Avira Phantom4YesNoOKPoor
proXPN0YesNoPoorPoor
Cyberghost1NoNoOKPoor
AVG Secure3NoNoOKPoor
Avast4NoNoOKPoor
VPN Unlimited4YesNoPoorV. poor
Astrill4NoNoOKV. poor
Speedify5YesNoOKV. poor
VPN Hub4YesNoOKV. poor
PureVPN2NoNoOKV. poor
Hide My Ass5YesNoOKV. poor
Hola5NoNoOKV. poor
Hotspot Shield5YesNoOKV. poor
HexaTech5YesNoOKV. poor
Hoxx5YesNoOKV. poor
Betternet5YesNoOKV. poor
Touch5YesNoOKV. poor

VPN logging policies explained

Top 10 logging policies 

Here are our top 10 logging policies, all of which we can whole-heartedly recommend.

NordVPN

Nord doesn’t collect any of the 5 logs and has undergone an independent audit. It’s also based in Panama, a privacy-friendly country outside 14-eyes.

PIA

PIA doesn’t collect any of the 5 logs. It’s located in the US, which isn’t ideal, however it’s no-logs policy has been proven twice when servers have been seized and absolutely nothing found on them. You can’t get much better proof than this.

Mullvad

Mullvad doesn’t collect any of the 5 logs and has done an independent audit. Plus, unlike almost all providers you don’t even need to provide your email address – they give you a unique identifier instead.

They also use very minimal cookies and third-parties, and deliberately don’t use Google Analytics.

The only downside is they’re in Sweden, which is in 14-eyes, but it seems safe to say there’s no data to hand over.

Perfect Privacy

Perfect Privacy doesn’t collect any of the 5 logs and is based in Switzerland, which is outside 14-eyes. What’s more, their servers were seized in 2016, and no logs were found

IVPN

IVPN doesn’t collect any of the 5 logs. It has an independent audit and an extremely transparent, detailed policy which is tracking-free. It’s based in Gibraltar, which is part of the UK but has some autonomy.

VyprVPN

VyprVPN doesn’t collect any of the 5 logs, has done an independent audit, and is outside 14-eyes in Switzerland.

ExpressVPN

Although unlike those above Express collects some logs, they’re very minimal: the day you connected (not the time), and total bandwidth. Plus, it’s also done an independent audit and is based in an ideal location, the British Virgin Islands.

Surfshark

Surfshark is a promising new kid on the block, since it’s already done an independent audit, beating many VPN giants. This was only for its browser extensions, but the results were positive.

It also doesn’t collect any of the 5 logs and is also based in the British Virgin Islands. 

Tunnelbear

Tunnelbear have completed a record with 2 independent audits: one before they were acquired by McAfee, and one after in 2018. However, the McAfee ownership means they’re now based in the US.

Tunnelbear collects some logs, but they’re minimal: OS version, whether you used the VPN this month, and total data for this month. It also lists all the cookies it uses.

Proton VPN

Proton only logs the last successful login attempt, which is hardly anything.

They’re also based in Switzerland, outside 14-eyes. However, they’re the only one on the list not to have conducted an independent audit.

Proton makes the list due to its great security reputation. It was set up CERN and MIT scientists who also developed ProtonMail. They really seem to care about user privacy, and are very honest about their and other VPN’s weaknesses. 

Bottom 40 logging policies

Here’s the full scoop on the rest, listed from best to worst.

Zoog

  • Good – collects 0 out of 5 logs.
  • Good – located outside of 14 eyes (Greece).

Overall rating: Good.

Boleh

  • Good – collects 0 out of 5 logs.
  • Good – located outside 14 eyes (Seychelles).

Overall rating: Good.

Encrypt.Me

  • Good – collects 0 out of 5 logs.
  • Good – located outside 14 eyes (Seychelles).

Overall rating: Good.

SpyOFF

  • Good – only collects 1 out of 5 logs: IP address once when you sign up.
  • Good – located outside 14 eyes (San Marino).
  • Good – nice detailed yet clear logging policy.

Overall rating: Good.

Torguard

  • Good – doesn’t collect any of the 5 logs.
  • Bad- located in 14 eyes (USA).

Overall rating: Good.

SurfEasy

  • Good – only collects 1 out of 5 logs – the least worrying, bandwidth, and only in aggregate.
  • Bad – located in 14 eyes (Canada).

Overall rating: Good.

Witopia

  • Good – collects 0 out of 5 logs.
  • Bad – located inside 14 eyes (USA).

Overall rating: OK.

Windscribe

  • OK – collects 2 out of 5 logs: the least worrying, connection times and bandwidth.
  • Bad – located inside 14 eyes (Canada).

Overall rating: OK.

Celo VPN

  • Good – collects 0 out of 5 logs.
  • Good – don’t use third-party behavioural tracking.
  • Bad – policy is a bit vague in places.
  • Bad – based in 14 eyes (Australia).

Overall rating: OK.

vpn.ac

  • Bad – collects 3 out of 5 logs. IP address, detailed connection times and bandwidth.
  • Good – data is only stored for 1 day, which isn’t much at all.
  • Good –  don’t use Google Analytics or similar.
  • Good – located outside 14 eyes (Romania).

Overall rating: OK.

Goose

  • OK – collects 2 logs: IP address, but only once upon sign up, and bandwidth.
  • Good – list all the cookies they use, which is rare.
  • Bad – located in 14 eyes (Netherlands)

Overall rating: OK.

X-VPN

  • Bad – collects 2 out of 5 logs: device data and times. Log servers, protocol, network type (e.g. 4G) and error messages. Plus the time connected.
  • Good – erase this after 96 hours.
  • Good – policy very detailed and transparent.
  • Good – located outside 14 eyes (Hong Kong). Some may worry about links to China.

Overall rating: OK.

Trust.Zone

  • Good – apparently collects 0 out of 5 logs.
  • Bad – policy pretty brief.
  • Good – located outside 14 eyes (Seychelles).

Overall rating: OK.

VPNsecure

  • Good – apparently collects 0 out of 5 logs.
  • Bad – policy extremely brief.
  • Bad – located inside 14 eyes (Australia).

Overall rating: OK.

VPN.ht

  • Good – apparently collects 0 out of 5 logs.
  • Bad – privacy policy is pretty brief and hasn’t been updated since 2015.
  • Good – located outside 14 eyes (Hong Kong). Some may worry about links to China.

Overall rating: OK.

IPVanish

  • OK – collects 4 out of 5 logs, but only in aggregate: browsing history, device data, connection times and bandwidth.
  • Bad – Provided logs to US authorities in 2016, but has since changed ownership so the jury’s out.
  • Bad – located inside 14 eyes (USA).

Overall rating: OK/poor.

Tiger VPN

  • Bad – collects 2 out of 5 logs: device data and connection times.
  • Good – located outside 14 eyes (Slovakia).

Overall rating: Poor.

Ivacy

  • Good – collects 1 out of 5 logs: aggregate bandwidth.
  • Good – lists all the third-party apps they use.
  • Bad – they also say they log ‘Application usage’, which could be hiding something major.
  • Good – located outside 14 eyes (Singapore).

Overall rating: Poor.

Norton VPN

  • Bad – collects 2 out of the 5 logs: device data (mobiles only) and bandwidth in aggregate.
  • Bad – based in 14 eyes (USA).

Overall rating: Poor.

Opera

  • Bad – collects 1 out of 5 logs: extensive device data.
  • Bad – Gives this data to lots of third-parties and collects data for advertising.
  • Bad – located in 14 eyes (Canada).

Overall rating: Poor.

Ra4w

  • Good – collects 0 out of 5 logs.
  • Bad – policy is extremely short and basic, with no details. It just says “we do not log or monitor the content of the VPN tunnels themselves.”
  • Bad – based in 14 eyes (USA)

Overall rating: Poor.

Freedome

  • Bad – collects 4 out of 5 logs: your IP address upon sign up, extensive device data, session duration and bandwidth.
  • Bad: If you use their Tracker, they also log the tracking data of your traffic for 3 days.
  • Bad – keeps all this data for 90 days, which is a long time.
  • Good – very honest, detailed policy.
  • Good – outside 14 eyes (Finland)

Overall rating: Poor.

Private Tunnel

  • Good – apparently only collects 1 out of 5 logs: bandwidth.
  • Bad – policy is very unclear, with no mention of standard logging terms, and is contradicted by support staff.
  • Bad – located in 14 eyes (USA).

Overall rating: Poor.

Avira Phantom

  • Bad – collects 4 out of 5 logs: IP address (once upon sign up), device data (mobiles only), times and bandwidth.
  • Bad – also collects diagnostic data, but you can switch this off in the app.
  • Bad – located in 14 eyes (Germany)

Overall rating: Poor.

proXPN

  • Good – apparently collect 0 out of 5 logs.
  • Bad – policy is extremely brief and was last updated 4 years ago.
  • Bad – based in 14 eyes (USA).

Overall rating: Poor.

Cyberghost

  • Bad – collects 1 out of 5 logs: IP address, though they say it’s anonymised.
  • Bad – Third-party apps may collect personal data.
  • Good – located outside 14 eyes (Romania).
  • Bad- taken over by malware-producing company.

Overall rating: Poor.

AVG Secure VPN

  • Bad – collects 3 out of 5 logs: detailed IP addresses, connection times and bandwidth.
  • Bad – stores data for 30 days.
  • Good – located outside 14 eyes (Czech Republic).

Overall rating: Poor.

Avast

  • Bad – collects 4 out of 5 logs: IP address, device data, connection times and bandwidth.
  • Good – located outside 14 eyes (Czech Republic).

Overall rating: Poor.

VPN Unlimited

  • Bad – collects 4 out of 5 logs: IP address, device data, connection times and bandwidth.
  • Bad – unclear, confusing policy.
  • Bad- located in 14 eyes (USA).

Overall rating: Very poor.

Astrill

  • Bad – collects 4 out of 5 logs. IP address, device data, connection times and bandwidth.
  • Good – located outside 14 eyes (Seychelles).

Overall rating: Very poor.

Speedify

  • Bad – collects 4 out of 5 logs: everything except browsing history. IP address, ‘unique device identifiers’, and individual session information: time of initial connection, data transferred and duration of connection.
  • Bad – located in 14 eyes (USA)

Overall rating: Very poor.

VPN Hub

  • Bad – collects 3 out of 5 logs: browsing history in aggregate, IP address (but deletes it when you disconnect), and device data.
  • Bad – they let 3rd parties access your device information.
  • Bad – located inside 14 eyes (USA).

Overall rating: Very poor.

PureVPN

  • Bad – collects 2 out of 5 logs, connection times and bandwidth. Also collects browsing history if you use their Gravity service.
  • Bad – Provided logs to FBI in 2017, disproving their no-logs policy.
  • Good – located outside 14 eyes (Hong Kong), though its links to China may concern some.

Overall rating: Very poor.

Hide My Ass

  • Bad – collects 5 out of 5 logs, including browsing history if you use their browser extensions or free web proxy.
  • Bad – store this data for 30 days.
  • Bad – located inside 14 eyes (UK).

Overall rating: Very poor.

Hola

  • Bad – collects 5 out of 5 logs
  • Good – located outside 14 eyes (Israel).

Overall rating: Very poor.

HotSpot Shield

  • Bad – collects 5 out of 5 logs, though browsing history is anonymized.
  • Bad – located inside 14 eyes (USA).

Overall rating: Very Poor.

Hexatech

  • Bad – collects 5 out of 5 logs.
  • Bad – located inside 14 eyes (USA).

Overall rating: Very poor.

Hoxx VPN

  • Bad – collects 5 out of 5 logs in detail, even the website you visited before coming to their website.
  • Bad – located inside 14 eyes (USA).

Overall rating: Very poor.

Betternet

  • Bad – collects 5 out of 5 logs.
  • Bad – especially bad on free version, where third parties can see IP address, device data and city location.
  • Bad – based in 14 eyes (USA)
  • Bad – a CSIRO 2016 report found that Betternet uses more third-party tracking libraries than any other VPN.

Overall rating: Very poor.

Touch VPN

  • Bad – collects 5 out of 5 logs: IP address, session times, tons of device information, urls “for diagnostics”, and domains accessed (though they say this is anonymized)
  • Bad – shares data with lots of third parties.
  • Bad – lets business partners put tracking technologies inside the VPN
  • Bad – located in 14 eyes (USA)

Overall rating: Very poor.

Key Takeaways

So that’s it, folks, the top 50 logging policies ranked.

Only 17 out of 50 are truly no-logs, so never believe that “no-logs” term of most VPN websites.

Unsurprisingly, free or mostly free VPNs log the most data.

It’s not enough just to look at their logs, either. Other factors are just as important, like their location, track record, and quality of their policy. An independent audit is a gold-standard.

Overall we recommend 10 key providers, 7 of which have completed audits and 2 of which have had their servers seized and no logs found.

We hope this helps you choose a truly trustworthy VPN provider.


Recent Reviews

Learn More About VPNs

Leave a Comment

css.php