Is NordVPN Safe and Trustworthy?
NordVPN is one of the most popular VPN services globally, operated by Nord Security from Panama. The service experienced a server breach in 2019 but responded with transparency, infrastructure overhauls, and multiple independent no-logs audits. NordVPN uses strong encryption, operates diskless servers, and has been audited by PricewaterhouseCoopers and Deloitte. The Panama jurisdiction provides favorable privacy laws. NordVPN is mostly safe for privacy protection, with the 2019 breach response actually demonstrating accountability that improved overall trust.
What NordVPN Collects
- No activity logs, connection timestamps, or browsing data per audited no-logs policy
- Account email and payment information for subscription
- Aggregated server load statistics for performance optimization
- Crash reports and app diagnostics if opted in
Who Sees Your Data
- Nord Security as the service operator with audited no-logs infrastructure
- Payment processors for subscription billing
- No third parties receive browsing or connection data per audit results
No-Logs Audits and Verification
NordVPN has undergone multiple independent no-logs audits by PricewaterhouseCoopers and Deloitte, which verified that the company does not store connection logs, traffic data, or browsing history. The audits examined server infrastructure, code, and operational procedures. This level of third-party verification exceeds what most VPN providers offer. NordVPN also runs all servers in diskless RAM-only mode, meaning data cannot persist after a server restart. The combination of audits and diskless infrastructure provides strong assurance of the no-logs claim.
The 2019 Server Breach Response
In 2019, NordVPN disclosed that a data center in Finland had an exploited remote management system that allowed unauthorized access to one server. No user activity logs were compromised because the server did not store any. NordVPN ended its relationship with that data center and implemented a comprehensive infrastructure overhaul including transitioning to colocated servers it controls directly. The incident demonstrated both a vulnerability in third-party data center management and NordVPN willingness to be transparent about security incidents.
Encryption and Protocol Support
NordVPN supports strong encryption protocols including NordLynx (built on WireGuard), OpenVPN, and IKEv2. NordLynx provides high-speed connections with modern encryption. The service offers additional features like Double VPN (routing through two servers), Onion over VPN (routing through Tor network), and threat protection that blocks ads and malicious websites. The encryption implementation has been audited and provides strong protection for internet traffic in transit.
Recommended Privacy Settings
| Setting | Where | Recommended |
|---|---|---|
| Protocol Selection | NordVPN App > Settings > VPN Protocol | Use NordLynx for the best balance of speed and security |
| Kill Switch | NordVPN App > Settings > Kill Switch | Enable the kill switch to prevent unencrypted traffic if the VPN connection drops |
| Threat Protection | NordVPN App > Settings > Threat Protection | Enable threat protection to block malicious websites and trackers |
Safer Alternatives
Anonymous account creation without email, accepts cash payment, and strong no-logs practices with Swedish jurisdiction
Swiss jurisdiction with strong privacy laws, open-source apps, and integration with the Proton privacy ecosystem
Our Verdict
NordVPN is mostly safe and has demonstrated strong accountability through independent no-logs audits, transparent breach disclosure, and infrastructure improvements. The diskless server architecture, Panama jurisdiction, and modern encryption provide a solid privacy foundation. The 2019 breach did not expose user data and the response improved the service. For mainstream VPN use, NordVPN is a reliable choice. For maximum anonymity, services like Mullvad that do not require an email address offer even stronger privacy defaults.
Related Safety Checks
Frequently Asked Questions
Was NordVPN hacked?
In 2019, an unauthorized party accessed a single NordVPN server in Finland through a remote management system left in place by the data center provider. No user data, credentials, or activity logs were compromised because the server operated in diskless mode and did not store any user data. NordVPN disclosed the incident, terminated the data center relationship, and overhauled its infrastructure. The response was widely regarded as transparent and responsible, and the subsequent security improvements strengthened the overall service.
Does NordVPN keep logs?
Independent audits by PricewaterhouseCoopers and Deloitte have verified that NordVPN does not keep activity logs, connection timestamps, or browsing data. All servers run in RAM-only diskless mode, meaning no data persists on server storage. The company is registered in Panama, which has no data retention laws requiring VPN logging. The combination of audits, diskless servers, and favorable jurisdiction provides strong assurance of the no-logs claim.
Is NordVPN safe for streaming and torrenting?
NordVPN supports both streaming and P2P file sharing on designated servers. The encrypted connection prevents your ISP from seeing your streaming or download activity. The no-logs policy means NordVPN does not record what you access. For streaming, NordVPN can bypass geographic restrictions on many services. For torrenting, dedicated P2P servers are optimized for file sharing performance while maintaining encryption. The kill switch feature is particularly important for P2P to prevent accidental unencrypted traffic.