NoorVPN No Log VPN policy

We design the VPN so that we cannot know what you do online, even if compelled — because the data was never collected, never written to disk, and never linked to your identity in a recoverable form.

• Browsing history, URLs visited, or search queries
• DNS lookups resolved while connected to the tunnel
• Source IP address (your real IP) at connection time
• VPN-assigned IP addresses tied to your account over time
• Connection timestamps, session duration, or idle time
• Bandwidth totals, per-session volume, or traffic patterns
• Contents of communications (pages, messages, files, metadata that identifies activity)
• Which applications or ports you use beyond aggregate network health metrics

If a third party asks for browsing records, connection logs, or user-specific traffic analysis, we have nothing meaningful to provide for VPN sessions. That is intentional product design, not a marketing slogan.

VPN gateway nodes are configured to minimise persistent state. Session state required to forward encrypted packets lives in memory for the active tunnel lifetime. We do not maintain rotating hard-drive archives of user sessions, flow records, or NetFlow exports tied to account identifiers.

Server reboots and maintenance clear in-memory state. Aggregate capacity metrics (total load on a location, error rates) may exist for operations, but they are not stored in a way that reconstructs individual user behaviour or correlates a specific account to destinations visited.

This RAM-first approach reduces the attack surface: a seized or compromised machine should not yield a historical log database because none was kept.

Running a subscription service requires some data separate from VPN traffic:

Account number — your anonymous login identifier (NOORVPN-XXXX-XXXX-XXXX), stored to authenticate dashboard and app sessions. No email required at signup.

Subscription state — plan length, expiry date, and payment status so we know whether to allow connections.

Device registrations — up to three simultaneous connections; we store device records to enforce the limit, not to track browsing.

Payment references — crypto transaction IDs, invoice IDs, and amounts for accounting and recovery if you lose your account key. These records are separate from tunnel activity and retained per UK tax rules where applicable.

Support messages — only what you voluntarily send to support@noorvpn.com or privacy@noorvpn.com. We do not scrape chat content from inside the VPN.

Full legal detail: Privacy Policy.

WireGuard (default) and OpenVPN with AES-256-GCM encryption and modern key exchange. Perfect forward secrecy limits the impact of a single key compromise. Kill Switch blocks traffic if the tunnel drops. DNS leak protection keeps resolver queries inside the tunnel.

Servers use hardened configurations: minimal open ports, restricted admin access, and no persistent user-activity databases. Website login is protected by Cloudflare Turnstile against automated abuse — Turnstile does not inspect VPN tunnel contents.

We have not received any secret court orders, gag orders, or national-security letters that would force us to log user activity, install bulk interception equipment, or hand over VPN session data we do not possess. We have not been compelled to silence disclosure of such a request.

If that ever changes in a way we are legally permitted to signal, we will update this policy page and pursue lawful means to inform users. We do not publish a separate canary file; this section is our standing transparency statement, reviewed periodically by NOOR IT SERVICES LIMITED.

Law-enforcement guidelines: we respond to valid legal process addressed to legal@noorvpn.com regarding account and billing data we actually hold. We cannot produce connection logs or browsing history we never collected.

Privacy claims should be verifiable. Our approach combines architecture review (no log sinks in the data path), operational discipline (access controls and separation of billing vs VPN systems), and transparency documents (this page, Privacy Policy, Terms).

We do not currently publish a third-party audit badge on this website. When we engage independent assessors for infrastructure or code review, we will disclose scope and date here. Until then, evaluate us on published technical design, UK company registration, and consistency between marketing and legal policies — not on unaudited competitor checklists.

Responsible disclosure of security issues: email legal@noorvpn.com with details; we acknowledge good-faith reports and fix confirmed vulnerabilities.

Many VPNs claim “no logs” while retaining connection timestamps, bandwidth counters, or aggregated analytics linked to accounts. Others operate in jurisdictions with broad surveillance mandates without explaining data minimisation.

NoorVPN targets the same privacy tier as respected independent providers: anonymous account numbers, crypto-only payments, WireGuard, multi-device plans from €3.50/month, and a UK-registered operator (NOOR IT SERVICES LIMITED) with published policies. We are a smaller network than decade-old incumbents — trade-off: fewer locations, focus on transparency over brand size.

Feature comparison: Mullvad alternative page.

A No Log VPN protects traffic between your device and our servers. It does not make you anonymous to websites you log into with real names, to apps that fingerprint devices, or to malware on your machine. Combine NoorVPN with a modern browser, sensible account hygiene, and disk encryption on your devices.

Store your account number offline. Rotate WireGuard keys if an export leaks. Use the official Windows app or dashboard downloads — not third-party “cracked” clients.