Does Surfshark Keep Logs? New Proof!
If you’re wondering whether Surfshark retains logs of your activity—such as IP addresses, browsing history, session details, bandwidth usage, DNS queries, or traffic metadata—the short answer is no. Surfshark maintains a strict no‑logs policy, meaning it does not collect or store any personal activity data from VPN sessions.
That said, minimal and absolutely ephemeral metadata—user ID, connection timestamp, and server used—is briefly held only while the session is active, and automatically deleted within 15 minutes after the session ends. This ephemeral data is used to help manage service health and prevent abuse, with no persistent logs kept.
Surfshark Privacy Policy Explained
Surfshark’s Privacy Policy clearly outlines that it does not collect:
- IP addresses
- Browsing history or visited websites
- Session duration or timestamps
- Network traffic or DNS queries
- Bandwidth usage
The only data processed—even temporarily—is connection metadata: user ID, connection timestamps, and server endpoint, and that is purged within 15 minutes of disconnection.
However, Surfshark does retain standard account-related information such as:
- Email address (encrypted password)
- Billing and payment data
- Device identifiers
- Website cookies and analytics data
This data is kept in full compliance with GDPR and is retained typically up to two years post account termination, mostly for billing and support purposes. For maximum anonymity you can use a burner email and anonymous payment methods.
Surfshark’s Third‑Party Audits
Surfshark’s no‑logs claims are not made in a vacuum. They have undergone multiple independent audits, demonstrating transparency and credibility.
In 2018, German firm Cure53 assessed Surfshark’s Chrome and Firefox browser extensions, spotting no significant security gaps.
In April 2021, Cure53 audited server infrastructure, again finding no serious issues.
Most notably, in December 2022 (or January 2023) Surfshark commissioned Deloitte to review its no‑logs policy and infrastructure. Deloitte confirmed: “configuration of IT systems and management … properly prepared … in accordance with Surfshark’s description of its no‑logs policy.”
Additionally, Surfshark publishes a warrant canary and regularly issues transparency or quarterly reports, though for full audit reports (e.g. ISAE 3000), you may need to request access through your Surfshark account or their Legal contact
RAM‑based Servers
One technical cornerstone of Surfshark’s privacy architecture is its diskless (RAM-only) server network. That means:
- Servers run entirely in volatile RAM.
- All session data is wiped when a server reboots or loses power.
- No persistent data can be stored on physical drives.
This design ensures that even in the event of seizure or compromise, no residual user activity or logs remain on a server.
Where Is Surfshark VPN Based?
Surfshark originally registered in the British Virgin Islands (BVI), which has no mandatory data retention laws. However, as of October 1, 2021, they moved their headquarters to the Netherlands.
While the Netherlands is part of the 9‑Eyes intelligence alliance, and recent Dutch internet‑surveillance laws have raised some concerns, VPN providers are not legally required to log or retain user data there. Surfshark maintains it would relocate again if legal mandates changed.
They currently also operate offices in Lithuania, Poland, and Germany, and continue to operate independently under audit scrutiny
Surfshark Does Not Keep Logs Proof
One illuminating piece of “proof” comes from a recent Reddit thread where users questioned how Surfshark could ban accounts if it truly doesn’t log traffic or usage. In a thread titled “Saw a couple users banned from Surfshark recently…”, users speculated that bans implied logging activity.
Surfshark’s official staff clarified:
“We block accounts strictly only for abusing our service … the blocking is unrelated to our No‑Logs policy.”
“Since we have a No‑logs Policy, we don’t keep logs and there is nothing we can provide if we are contacted with a complaint … we only block accounts that abuse our service and cause high load …”
A Redditor summarized:
“Not if I don’t keep it for other people to see but only use it to action other things such as a ban or a warning. … Think monitoring, not logging.”
In other words, Surfshark may detect anomalous behaviour in real time—such as excessive bandwidth or torrenting patterns—but does not store that data permanently. They rely on short-lived monitoring, not comprehensive logging.
Once the intervention (e.g., a ban) is triggered, all temporary connection metadata is purged, consistent with their no‑logs policy.
Further Reddit threads confirm this mechanism—account blocks are automated infrastructure‑level responses to “anomalous usage” (e.g. extreme bandwidth or suspected reselling), not evidence that browsing history or IP logs are stored. Surfshark is great for streaming Netflix with VPN, gaming, and more.
Conclusion
“Does Surfshark Keep Logs?” — the evidence strongly supports the position that no, Surfshark does not keep logs of your online activity. Their privacy policy explicitly forbids the collection of browsing, traffic, bandwidth, IP or DNS logs. Any data processed during a session—such as temporary connection metadata—is automatically erased within minutes.
Their use of RAM‑only servers and multiple independent audits—including major assurances from Deloitte and server audits by Cure53—further bolster the credibility of their no‑logs claims.
That said, Surfshark does retain account-related info, such as email, device identifiers, payment records, and cookies—but these are standard for any subscription service and unrelated to VPN session activity. You can maximize anonymity by using a burner email and anonymous payment.
In summary: Surfshark does not keep logs of what you do online. If privacy and anonymity matter to you, their policies, protections, and architecture align with these principles—but always stay informed about jurisdiction changes and audit updates over time.
