What is a no-logs VPN?

A no-logs VPN is a service that does not store identifiable activity data such as browsing history, DNS requests, connection timestamps or source IP addresses. Minimal technical logs may exist for running the service, but they should be aggregated, anonymised and not linkable to a specific user.

Do VPNs really keep no logs at all?

In practice, most VPNs need some operational data (for example total server load or aggregated bandwidth). What matters for privacy is that the provider does not keep logs that allow someone to reconstruct who did what online from a given VPN exit IP.

How can I verify that a no-logs claim is genuine?

Look for independent audits, precise privacy policy language, and credible real-world signals such as transparency reports. Then run your own leak tests (DNS/IPv6/WebRTC) to make sure traffic is not escaping the VPN tunnel.

Is a free VPN ever truly no-logs?

Most free VPNs monetise in ways that require tracking (ads, data collection, device identifiers). If you care about privacy, a reputable paid VPN with audited logging practices is usually safer than a free service with unclear incentives.

No-logs VPN in 2026: marketing slogan or real privacy?

Quick answer: a genuine no-logs VPN does not keep activity logs that could link your real IP to browsing history, DNS requests or traffic content. It may still collect minimal technical data (like total bandwidth per server), but this must be anonymised, aggregated and regularly wiped.

Almost every VPN website screams “strict no-logs policy”. The problem is that no-logs is not a protected legal term in the UK. One provider means “no browsing history”, another means “we keep connection metadata for 24 hours”, and a third quietly collects identifiers for analytics.

In this guide you’ll learn what no-logs should mean in practice, which data is actually sensitive, how RAM-only servers help, and how you (as a normal user in the UK) can verify whether a VPN’s promise is more than a landing-page buzzword.

Written by Denys Shchur Updated: 6 January 2026 · 12–15 min read

Try NordVPN – audited no-logs policy Try Surfshark – RAM-only servers

No-logs vs “some logs” explained
How audits & court cases expose lies
7 checks you can do as a normal user

Abstract illustration of secure no-logs VPN infrastructure

What a no-logs VPN should (and shouldn’t) collect

Key takeaway: ignore vague marketing phrases. Look specifically for what the provider says about connection timestamps, source IPs, browsing history, and DNS queries — that’s where the real privacy risk lives.

A VPN always sees some information about your connection. Technically it can’t work without it. The important question is: does the provider record that data on disk in a way that can later identify you?

Data type	Safe for a no-logs claim?	Why it matters
Real IP address & exact timestamps	No — must not be stored long-term	Enables correlation: “IP X used VPN at 20:14, same minute as traffic from exit IP Y”.
Visited domains / URLs (HTTP/HTTPS)	No — never acceptable	Effectively your browsing history tied to an account or device.
DNS queries	No — should not be stored in identifiable form	DNS can reveal which sites you access even when content is encrypted.
Aggregate bandwidth per server	Yes, if anonymised	Needed for capacity planning and abuse prevention; no link to individuals.
Crash logs on a client device	Yes, if optional & anonymised	Helps fix bugs; should never include full URLs or personal identifiers.
Billing records	Yes, stored separately	Billing law requires some records, but they shouldn’t be technically linked to traffic logs.

Some providers quietly log “connection metadata for performance and security”. That phrase can still hide risky retention. For privacy, the best policies explicitly say what is not collected (no IPs, no timestamps, no DNS logs), and explain what is collected (aggregated stats) with a clear retention window.

Honest moment: if a VPN’s privacy policy is two short paragraphs that only say “we respect your privacy”, I close the tab immediately.

If you’re new to VPNs, scan our basics first: What is a VPN? and Free vs paid VPN (UK). Once the fundamentals are clear, “no-logs” becomes much easier to judge.

No-logs vs “no browsing logs”: the wording traps to watch for

Key takeaway: a VPN can say “we don’t log browsing” and still keep enough metadata to identify you later. Always look for explicit language about source IP and connection timestamps.

In real life, “no-logs” marketing often hides behind categories. Here’s the practical breakdown:

Claim	What it usually means	What you must verify
“No browsing logs”	No stored URLs or page titles	Are IP/timestamps stored? Are DNS requests stored? What is retention?
“No usage logs”	Vague umbrella wording	Ask: what is “usage”? Look for a concrete list of non-collected data.
“We keep minimal logs”	Operational telemetry exists	Are logs aggregated/anonymised? Is it opt-in? Is deletion automatic?
“Logs for fraud prevention”	Potentially risky metadata retention	Exact fields + exact retention window + whether it can be tied to a user.

The UK angle: the safest approach is not trying to guess how a court might interpret the word “logs”. It’s choosing a provider whose systems make useful logging technically difficult (RAM-only servers, independent audits), and whose policy is precise enough that a misleading claim would be easy to expose.

Short video: VPN privacy explained in plain English

Key takeaway: the main job of a VPN is to separate who you are (your IP, ISP) from what you do (sites you access). A proper no-logs policy stops that bridge from being rebuilt later.

If the player doesn’t load, watch on YouTube: https://www.youtube.com/watch?v=rzcAKFaZvhE .

How modern no-logs VPNs prove their claims

Key takeaway: don’t just trust “zero logs”. Look for independent audits, RAM-only servers, clear jurisdiction, and credible real-world signals (transparency reports, consistent public explanations).

2026 is much better than 2016 for VPN transparency. Strong providers combine technical design and external verification so the “no-logs” claim is not purely marketing. The most useful signals are:

Independent audits — third-party firms review logging systems and infrastructure claims.
RAM-only (diskless) servers — volatile memory only; reboots wipe runtime data.
Configuration-as-code — reproducible server images reduce “one rogue node” risk.
Transparency reporting — how many requests, what could be provided (ideally: nothing identifiable).
Leak protection in the client — DNS/IPv6/WebRTC handling that prevents accidental exposure.

To keep this practical, here’s a quick “proof stack” you can use as a checklist when evaluating a provider:

Proof signal	What “good” looks like	What to treat as a red flag
Audit	Named firm, dated report, scope clearly described	“We were audited” with no firm name, no date, no scope
RAM-only	Explicit diskless infrastructure claim + operational details	Vague “secure servers” phrasing with no explanation
Policy precision	Explicit “no source IP, no timestamps, no DNS logs, no traffic content”	Generic “we respect privacy” wording
Self-verification	Leak tests pass; DNS routed through VPN; kill switch works	DNS/IPv6 leaks or frequent drops without protection

Providers like NordVPN and Surfshark are common starting points because they combine audited policies, modern protocols (WireGuard / NordLynx), and DNS leak protection. That’s usually safer than rolling the dice on random “free lifetime VPN” apps where incentives are unclear.

Want a practical starting point?

If you don’t want to spend weeks comparing providers, start with one reputable VPN, test it on your own devices, and verify basics like DNS leaks and kill switch behaviour.

Test NordVPN (audited no-logs policy) Test Surfshark (RAM-only network)

Disclosure: if you subscribe via these links, VPN World may earn a commission — without changing your price. It helps keep the project independent.

7-point checklist: is this VPN really no-logs?

Key takeaway: treat VPN marketing pages like a job interview. Ask hard questions, verify with independent signals, and assume “free & unlimited” often comes with data collection.

Use this as a mini due-diligence sheet before committing to a long subscription. It also helps you understand why free vs paid VPN is a privacy question, not just a price question.

Question	What you want to see	Red flag
Independent audit?	Recent audit by a known firm, scope explained	“Audited” with no names, dates, or scope
Activity logs?	Explicit: no browsing history, no DNS logs, no traffic content	Generic privacy slogans, no specifics
Connection metadata?	Minimal aggregated data with a retention window and clear purpose	Full timestamps & source IP stored “for security” with no limit
Infrastructure?	RAM-only + reproducible deployment (config-as-code)	Vague “secure servers” marketing, no details
Jurisdiction?	Clear legal entity and country, transparent explanation	Trying to hide jurisdiction or legal structure
Client telemetry?	Optional, opt-in, clearly documented	Always-on analytics, device IDs, no opt-out
Can you verify yourself?	Leak tests pass; DNS routed through VPN; kill switch works	DNS/IPv6 leaks or frequent drops without protection

After this checklist, do a few “normal user” tests:

DNS & IPv6 leak tests: connect to the VPN and verify your DNS requests do not go through your ISP. See How to check your VPN for DNS leaks.
Public Wi-Fi scenario: run the same tests on café/hotel Wi-Fi. Use our VPN for public Wi-Fi guide.
Kill switch behaviour: temporarily disconnect the VPN and confirm traffic is blocked (not silently routed). Start here: VPN kill switch (UK).

It looks like a lot, but you only need to do this properly once or twice. After that, weak “no-logs” claims become obvious within seconds.

FAQ: common questions about no-logs VPNs

Is any VPN completely log-free?

Realistically, no. Every network service needs some operational data. What matters is that none of it is detailed enough to reconstruct your individual activities. Look for providers that separate billing systems from network systems and explain what’s collected and for how long.

Do UK data retention laws affect foreign VPNs?

If a provider has infrastructure or a legal presence in the UK, local obligations may apply to that entity. Many services choose jurisdictions with fewer retention requirements, but the most robust defence is still simple: the provider’s systems should not retain useful activity logs in the first place.

Is a no-logs VPN enough to stay anonymous?

Not on its own. Cookies, logins, browser fingerprinting, and behavioural patterns can still identify you. Think of a no-logs VPN as one strong layer — not the whole solution.

Should I use a free no-logs VPN instead of a paid one?

There are a few legitimate free tiers, but most “totally free” VPNs monetise via ads, analytics, or data collection. If privacy is the goal, a transparent paid plan is usually safer than a free service with unclear incentives.

Related VPN World guides (EN-GB)

Free vs paid VPN in the UK

When a “free VPN” is fine — and when it quietly turns your data into the product.

How to check your VPN for DNS leaks

Step-by-step DNS & IPv6 leak tests to make sure nothing escapes the tunnel.

Using a VPN on public Wi-Fi

Practical checklist for cafés, hotels, airports and trains in the UK and abroad.

Disadvantages of VPNs

Situations where a VPN can break things — and how to fix or avoid them.

About the author

Denys Shchur is the creator of VPN World, focusing on practical, test-driven guides about VPNs, online privacy and secure remote work. He spends far too much time running speed tests and checking for DNS leaks, so you don’t have to.

Recommended VPN

Affiliate links (nofollow/sponsored).

Try NordVPN — audited no-logs policy Try Surfshark — strong value

Disclosure: VPN World may earn a commission if you subscribe via these links — without changing your price.