Does Proton VPN Keep Logs? The Audits, the Swiss Law, and the 2021 Case Everyone Cites

Proton VPN says it keeps no logs of what you do, when you connect, or where from. Unlike most providers making that claim, Proton has four consecutive years of independent audits backing it, a jurisdiction that can’t legally compel VPN logging, and one famous incident that critics cite without reading past the headline.

Here’s the complete evidence, including the uncomfortable parts.

What Proton VPN’s no-logs policy actually promises

The policy covers the data that matters: no browsing activity, no connection timestamps, no session durations, no originating IP addresses, no bandwidth records tied to users. What Proton does keep is what any account-based service must: your account email, payment records, and a single timestamp of last successful login (overwritten each time, kept for abuse prevention).

That’s the standard shape of a serious no-logs policy. The question is never the wording; it’s the verification. Our guide on how to verify no-logs claims explains the hierarchy of evidence, and Proton sits near the top of it.

The audit record: four years, same answer

Proton VPN has had its no-logs infrastructure audited by Securitum, a European security firm, every year since 2022, with the latest audit completed in August 2025. The auditors got technical interviews, supervised access to randomly chosen live production servers, and review of server configurations, logging settings and admin procedures. The 2025 conclusion: no instances of activity logging, connection metadata storage, or traffic inspection contradicting the policy.

An annual cadence matters more than a single audit. A one-off audit proves a moment; four in a row prove a habit. Only NordVPN matches this rhythm among major providers, and in our comparison table Proton’s no-logs score sits at 5/5 accordingly.

Worth adding: Proton’s apps are open source, so the client-side half of the privacy story is inspectable by anyone, not just paid auditors.

The Swiss jurisdiction advantage

Proton operates under Swiss law, and Switzerland treats VPNs unusually well: VPN providers are not subject to the data retention obligations that apply to telecoms, and under current Swiss law Proton VPN cannot be compelled to start logging users. Switzerland is outside the EU (and so outside the EU’s brewing data-retention framework, which we covered in our piece on the EU’s plans for VPN providers) and outside the Five, Nine and Fourteen Eyes alliances.

Jurisdiction is the layer of no-logging people forget: a perfect policy under a bad legal regime is one court order from worthless. Proton’s combination, audited practice plus a legal home that can’t override it, is the strongest pairing available.

The 2021 case: what actually happened

In 2021, ProtonMail, the email service, logged the IP address of a French climate activist after a legally binding Swiss order, and the data contributed to an arrest. The incident became the permanent citation of everyone arguing Proton can’t be trusted. TechCrunch’s contemporaneous reporting has the details.

Three facts get lost in the retelling. First, the order targeted ProtonMail, and email services fall under Swiss obligations that VPNs explicitly do not; Swiss law distinguishes the two, which is precisely why Proton VPN cannot be compelled the same way. Second, ProtonMail had no logs to hand over historically; it was ordered to begin logging one account prospectively, which is the distinction between surveillance of a target under warrant and retention of everyone’s data. Third, Proton fought the order’s scope, disclosed the incident, and updated its public language.

The honest lesson isn’t “Proton logs.” It’s narrower and more useful: any lawful company complies with binding orders in its jurisdiction, so choose services whose jurisdiction limits what orders can demand. For VPN service in Switzerland, that limit is currently strong. Proton’s own advice after the incident applies here too: layering Tor over VPN exists for threat models where even that isn’t enough, as our VPN vs Tor guide explores.

What the audits can and cannot prove

Honest methodology matters when citing audits as evidence. What Securitum verified: configurations on randomly selected live servers, data flows, logging settings, and admin procedures, during announced windows with full access. What no audit can verify: every server every day, undisclosed parallel infrastructure (no evidence of any, but logically unfalsifiable), or future behavior under future management.

This is why cadence and consistency carry the weight: a provider that books an independent inspection annually, publishes the findings including nitpicks, and ships open-source clients is making the dishonest path expensive for itself. Trust built this way compounds; each clean year raises the cost of a hypothetical betrayal. Four years in, Proton’s compounding is the best in the business alongside NordVPN’s, which is what our 5/5 reflects: not certainty, but the strongest available pattern of verified behavior.

Where that leaves the trust assessment

Stack the evidence: four consecutive independent audits with server access, open-source clients, a favorable and tested legal jurisdiction, a public transparency report, and a 2021 incident that, read correctly, demonstrates the legal distinction protecting the VPN rather than undermining it. In our table that earns Proton VPN 5/5 on no-logs and a 4.3/5 overall, with its weaknesses living elsewhere (streaming consistency, covered in our full Proton VPN review).

Is any of this absolute proof? No; no-logging is ultimately unfalsifiable from outside, for Proton and everyone else. It’s a probability judgment, and Proton’s file is about as good as the industry produces. If your threat model needs more than probability, you need architecture like Mullvad’s anonymous accounts or Tor, not a better-audited login.

If you want to test it yourself, the free tier runs on the same audited infrastructure: try Proton VPN here.

For Swiss-curious readers, one nuance: Switzerland’s surveillance law (BUPF) obliges telecom operators to assist interception, and revisions periodically propose expanding covered services. Proton has stated publicly it would relocate infrastructure before accepting VPN logging mandates, and the current legal consensus keeps VPN providers outside the obligation. Watching Swiss legislative drift is fair diligence; panicking about it is premature.

How Proton compares to the other audited claims

Context sharpens the assessment. NordVPN matches Proton’s audit cadence (multiple PwC and Deloitte no-logs audits) from a Panama base, making the two the industry’s evidence leaders by different legal routes. Surfshark and ExpressVPN hold solid but less frequent audits. PIA holds the unique court-tested record from inside US jurisdiction. Mullvad pairs a Cure53 audit with the structural argument that it doesn’t know who you are in the first place.

Proton’s distinctive combination remains annual third-party verification plus a jurisdiction with explicit statutory protection for VPN no-logging, plus open-source clients. No one else holds all three at once. For users ranking providers purely on logging trust, that combination is the current ceiling, with NordVPN and Mullvad adjacent for different reasons, a comparison our table’s trust columns make explicit.

Want to compare all VPNs side by side? Check our full VPN comparison table with scores across 18 criteria.

Reader question worth answering directly: does the free tier log differently? No. Free and paid run the same audited infrastructure and the same policy; the free plan’s limits are bandwidth priority and features, never privacy. That equality is rare and deliberate.