The answer depends on two things: whose VPN you’re using, and whose device you’re on. These two factors change the privacy picture completely.
Scenario 1: Company VPN on a work device
If your employer requires you to connect through a corporate VPN, they can see:
- Every website you visit
- The content of unencrypted connections (HTTP, not HTTPS)
- DNS queries (every domain name you look up)
- Connection times and duration
- Volume of data transferred to specific destinations
- Potentially full traffic content if the device has a corporate certificate installed
A corporate VPN is not a privacy tool. It’s a security and monitoring tool that routes your internet traffic through company infrastructure. The whole point is that your employer can see and control your traffic.
The certificate point is important. Many companies install a root certificate on work devices that allows them to perform SSL inspection: they decrypt your HTTPS traffic, inspect it, and re-encrypt it. From your browser’s perspective the connection appears secure, but the company’s proxy has read everything in between. You won’t know this is happening unless you examine the certificates installed on your device.
What your employer cannot see on a company VPN: traffic from your personal devices (phone on your home network, personal laptop), anything you access outside of work hours on a personal device.
Scenario 2: Personal VPN on a work device
If you install a personal VPN (NordVPN, ProtonVPN, etc.) on a company-managed laptop and use it on a corporate network, the picture changes:
Your employer can see that you’re connected to a VPN. They can see the IP address of the VPN server. They cannot see what websites you’re visiting or what data you’re transmitting through the VPN.
However, if your employer has installed monitoring software (endpoint protection, device management, keyloggers) on the work device, a VPN doesn’t protect against that. Device-level monitoring doesn’t require network access to record what you’re doing.
Using a personal VPN on a work device is also likely a policy violation. Most corporate IT policies prohibit installing unapproved software or routing work traffic through external networks. Check your company’s acceptable use policy before doing this.
Scenario 3: Personal device on a work network (home or office)
If you bring a personal laptop to the office and connect it to the corporate WiFi, your employer can see the same traffic metadata they’d see on a work device: what servers your device connects to, DNS queries, and traffic volume. They cannot see encrypted content unless they’ve managed to install a certificate on your personal device (which they cannot do without physical access).
A personal VPN on your personal device, connected to the office network, protects the content of your traffic but not the fact that you’re using a VPN.
Scenario 4: Working from home on personal internet
This is where a personal VPN is most relevant for work-adjacent privacy. If you’re connecting to work systems through your home internet using a corporate VPN, your ISP can see that you’re connected to a corporate VPN. They can’t see the contents.
If you’re not using a corporate VPN and are just working from home on personal accounts and personal devices, your ISP can see your traffic. A personal VPN on your home connection prevents this.
What a personal VPN does and doesn’t protect in a work context
| Scenario | What employer sees | VPN helps? |
|---|---|---|
| Corporate VPN, work device | Everything | No |
| Personal VPN, work device, no cert | VPN IP only | Yes (traffic content) |
| Personal VPN, work device, corp cert | Everything still | No |
| Personal device, home network | Nothing (not their network) | N/A |
| Personal VPN, personal device, home network | Your ISP sees VPN IP | Yes |
The device monitoring angle
Network-level monitoring is only one part of the picture. Companies increasingly use endpoint detection and response (EDR) software on work devices that monitors application usage, file access, and sometimes screen activity, all locally on the device.
A VPN operates at the network layer and has no effect on local device monitoring. If you’re concerned about employer surveillance, the only reliable approach is to use personal devices for personal activities.
Want to compare all VPNs side by side? Check our full VPN comparison table with scores across 18 criteria.
On a company VPN with a company device, assume your employer can see everything. On a personal VPN with a personal device on your home network, your employer sees nothing. The in-between scenarios (personal VPN on work device, personal device on corporate network) offer partial protection that comes with policy compliance risks. The simplest rule: use personal devices and personal networks for personal activity.
The device is the whole question
Every scenario in this article reduces to one variable: whose device is it? On employer-owned or employer-managed hardware (including BYOD phones enrolled in management profiles), monitoring lives on the endpoint: screen capture, keystroke and app telemetry, TLS inspection via installed certificates, and browsing logs that read everything before any tunnel touches it. A personal VPN on that machine changes the network’s view and nothing about the employer’s, because the employer is standing inside the house, not at the mailbox.
On your own unmanaged device, the positions reverse: the employer’s visibility shrinks to what their network sees (connection metadata, volumes, a VPN’s presence), and a personal VPN reduces even that to an encrypted hum. The corporate Wi-Fi can see that you tunneled somewhere; it cannot see the contents.
The check worth doing once: your IT-issued device documentation, the management profile list on the machine, and the acceptable-use policy. Management software is rarely hidden; companies disclose it precisely because disclosure is the legal cover.
The realistic etiquette, beyond the technology
Two sober additions the purely technical answer misses. First, traffic shape betrays more than people expect even under a VPN: hours of encrypted streaming-sized flows during work hours tell their own story on a corporate network, no decryption needed. Second, the organizational reality: personal browsing on personal hardware over personal data (your phone’s LTE) is invisible to the employer entirely, and is therefore where personal life belongs during work hours. The VPN’s job in a work context is protecting legitimate privacy on networks you share, not laundering activity on machines you don’t own; the second use fails technically and politically at the same time.
For remote workers juggling the corporate tunnel alongside a personal one, our remote work guide covers the clean two-tunnel arrangement that keeps both employers and privacy intact.
The takeaway hierarchy, compressed: device ownership decides visibility, network ownership decides only network visibility, and a personal VPN moves exactly one of those lines. Sort any workplace privacy question into that frame and the answer usually writes itself.
(None of the above is legal advice; monitoring law varies by country and state, and the practical guidance here describes common technical reality rather than your jurisdiction’s rules.)
If one scenario brought you here, it’s probably this one: personal Gmail on the work laptop at lunch. The answer assembled from everything above: the employer can likely read it (endpoint tools, TLS inspection), a personal VPN changes that not at all, and the personal phone on cellular data three feet away does the same task invisibly. Three feet is the cheapest privacy upgrade in this entire article.
Keep reading: Best VPN for Remote Work in 2026: Security Without Slowing You Down and Does a VPN Hide Your Browsing from Your ISP?.