What is ProtonVPN's no-logs policy and how is it enforced?
Executive summary
Proton VPN’s stated no-logs policy promises that the service does not keep session logs, connection metadata, DNS queries, or other information that could personally identify user activity while connected [1] [2]. That promise is supported by multiple independent audits, transparency reporting and technical measures such as server encryption and physical control of key servers — but scrutiny, legal tests and the limits of audits mean the guarantee is verifiable only within the scope of those controls and reviews [3] [4] [2].
1. What Proton VPN says the policy covers
Proton VPN publicly declares a strict “no-logs” policy: it does not record users’ online activity, connection metadata, or VPN session data, and it applies that policy to both paid and free users according to its support pages and privacy policy [1] [5] [2]. The company also emphasizes Swiss jurisdiction as a legal environment that does not require routine data retention for VPN providers, which it presents as a structural advantage for maintaining a no-logs stance [1] [5].
2. Technical and operational protections Proton cites
Proton describes several technical and operational safeguards intended to enforce the policy: all VPN servers use full-disk encryption, a majority of servers (including Secure Core nodes) are physically owned and operated by Proton, and apps are open-source so their code can be inspected — measures Proton says prevent persistent logging and make server compromise less likely to expose user data [2] [5]. Proton’s public transparency report and warrant canary are additional operational tools it uses to disclose law enforcement requests and the company’s response posture [2].
3. Independent audits, what they tested, and what they found
Independent security firms have repeatedly reviewed Proton VPN’s claims: audits by firms such as SEC Consult and, most recently, Securitum have examined whether user activity, connection timestamps, IP addresses or DNS requests are recorded and whether the policy is applied uniformly across servers and subscription tiers [6] [4] [7]. Securitum’s 2025 audit — described as Proton’s fourth consecutive independent review — performed technical interviews, supervised access to randomly chosen live servers and reviews of server setup, data flows and admin procedures and concluded it found no evidence of user-activity or connection-metadata logging [4] [8].
4. Real-world legal test and limits of the claim
Proton’s no-logs posture was tested in a 2019 legal case where Swiss authorities ordered data; Proton reported it could not comply because the requested logs did not exist, which the company cites as evidence of enforcement by absence of records [3] [5]. That real-world test supports Proton’s claim but does not eliminate all uncertainty: audits assess the configuration and state of systems during their review window and cannot guarantee future behavior under every possible legal or technical scenario, and Swiss jurisdiction, while favorable, does not render the company immune to lawful orders under Swiss law [3] [5].
5. Critics, caveats, and how to interpret the evidence
Independent audits, open-source clients and server-control measures combine to make Proton’s no-logs claim unusually well-documented compared with many VPN providers, and multiple outlets reported the audits’ positive findings [9] [10] [4]. At the same time, some commentators remain skeptical about whether any provider can offer an absolute guarantee against compelled disclosure or future configuration changes, and at least one piece of reporting flagged residual skepticism despite audit results [7]. The verifiable enforcement of the no-logs policy therefore rests on a mix of technical design, operational habits, repeated third‑party audits and legal posture — all documented by Proton and external auditors — but it should be read as strong, audited assurance rather than an infallible insurance against every conceivable legal or technical threat [4] [8] [7].