NymVPN is built so that no party (including Nym itself) can keep meaningful logs of what you do online. This is a property of the network's architecture, not a no-logs policy we promise to follow.
No logs by architecture, not by promise
Most VPNs publish a no-logs policy. That's a category-default claim that depends on trust: you're trusting the provider not to record your activity, not to be compelled to start, and not to be breached. The architecture in most cases could log everything. The policy is the only thing holding it back.
NymVPN's design takes that single point of trust away:
- Decentralized network. The Nym mixnet is run by independent node operators. No single operator (or Nym itself) sees both who you are and what you're doing.
- Tunneled encryption. Your content is encrypted in layers so it's not readable by anyone in the network, including the node operators.
- zk-nym credentials. Once you've paid, your subscription is converted to an unlinkable cryptographic credential. We can verify you have a valid subscription without knowing whose subscription it is.
The result: there is no point in the network that has the full picture to log. Even if we were compelled to hand over data, the meaningful data does not exist anywhere we control.
For a deeper explanation see Nym's zero-knowledge network: No logging promises needed.
What about Anonymous mode?
In Anonymous mode, NymVPN goes a step further. Cover traffic is generated to confuse traffic analysis. Your packets are shuffled together with other users' packets at each hop. Small, randomized delays break timing correlations. The result is unlinkability against an observer watching the entire network, which is the strongest threat model in anonymous-communication research.
What data does Nym Technologies collect at all?
To deliver a working service we collect a strictly limited set of operational data, none of which is linked to your VPN usage. This includes:
- Your anonymous NymVPN account ID (starts with
n1; allows you to connect across devices) - Anonymized device IDs (no OS, MAC address, IP, or any traceable data; just a random moniker)
- Payment information required by law (date and time of transaction, subscription details, payment processor used). Crypto and cash payments minimize this exposure.
For the full list of what is and isn't collected, see the NymVPN apps privacy statement.
Independently audited
NymVPN's infrastructure has been audited by JP Aumasson (2021), Oak Security (2022), Cryspen (2023-2025), and Cure53 (2024-2025). Reports are available at the Nym Trust Center. The code is open source at github.com/nymtech; anyone can verify these claims directly.
Related questions
Can the Swiss government compel Nym to hand over user data?
Nym Technologies SA is registered in Switzerland, which has the strongest privacy protections in the world and is not part of the 14-Eyes intelligence-sharing network. See What legal jurisdiction governs NymVPN's operations? Even where legal requests are valid, the architectural design above means Nym cannot produce meaningful traffic logs that don't exist.
How is this different from a traditional VPN's "no logs" claim?
See What makes NymVPN different from traditional VPNs? for the architectural comparison.