VPN Privacy Grades
2 companies analysed · Sorted by privacy score
A VPN is only as private as the company running it. The promise of 'no logs' is easy to make and hard to verify — what matters is the corporate structure, jurisdiction, business model, and what the privacy policy actually commits to. Mullvad and NordVPN represent the two ends of the spectrum in this category: one with almost no data collection by design, the other with a genuine no-logs VPN policy sitting alongside a substantial advertising technology stack.
| # | Company | Grade | Score | In plain English | |
|---|---|---|---|---|---|
| 1 | A | 93/100 | Mullvad collects almost nothing — no account names, no activity logs, no IP retention — and the poli…Mullvad collects almost nothing — no account names, no activity logs, no IP retention — and the policy is short because there's genuinely very little to say; what little data does get processed (payments, support emails) has hard, specific deletion windows and never leaves the EU. | → | |
| 2 | C+ | 62/100 | NordVPN genuinely doesn't log your VPN activity — that part of the privacy pitch holds up — but outs…NordVPN genuinely doesn't log your VPN activity — that part of the privacy pitch holds up — but outside the tunnel it runs a large advertising and analytics infrastructure full of US-based trackers, shares data within a broad corporate group, markets to you for a year after you cancel, and retains billing records for a decade. | → |
How we grade·Each company is scored 0–100 across four pillars: data collection, third-party sharing, user controls, and policy promises. The overall grade maps to the score band. → Read the full methodology