NordVPN Privacy Report

Privacy Rating

8.1

/10

nord_vpn_ppg-300x210 - Product Header Image

NordVPN doesn’t log important information like timestamps, IP addresses, activity logs, or browsing data. More importantly, its policy states it doesn’t share any information with third parties. NordVPN’s reputation suffered from a 2019 data breach. However, the company has taken steps to prevent future breaches and offers a bug bounty program to prevent further breaches.

Encryption

In Transit	Yes
At rest?	Yes
All network communications and capabilities?	Yes

Security Updates

Automatic, regular software/ firmware updates?	Yes
Product available to use during updates?	Yes

Passwords

Mandatory password?	Yes
Two-Factor authentication?	Yes with NordPass
Multi-Factor authentication?	Yes with NordPass

Vulnerability Management

Point of contact for reporting vulnerabilities?	Hackerone
Bug bounty program?	Yes

Privacy Policy

Link	https://my.nordaccount.com/legal/privacy-policy/nordvpn/
Specific to device?	No
Readable?	Yes
What data they log	Statistical server load information, username and a timestamp of last session, connectivity information, application diagnostics, anonymized telemetry data, device information, email address payment data, country details, email address, email optimization data, IP address if you use the chat-bot, access logs, cookies
What data they don’t log	Connection time stamps, used bandwidth, traffic logs, IP addresses or browsing data
Can you delete your data?	Yes, must contact support team
Third-party sharing policies	Do not share info with third parties

Surveillance

Log camera device/ app footage	n/a
Log microphone device/ app	n/a
Location tracking device/ app	No

Parental Controls

Are there parental controls?	No

Company History

Any security breaches/ surveillance issues in past?	Yes
Did they do anything to fix it?	Yes

Additional Security Features

Anything like privacy shutters, privacy zones, etc.?	n/a