When people choose a VPN provider they are mostly focused on security protocols, server networks, and ability to bypass geo-restrictions. Instead, we all need to pay more attention to logging policy and check what kind of data services collect about their users. It may turn out that your VPN has too much information about your activity on its hands, especially if you happened to do something not right. Some services claim they don’t record any data, but can you really trust them? Cyberghosts says it professes a log-less policy but do they walk the talk? I launched my own investigation to learn if CybertGhost VPN keeps logs and here is what I found out.
CyberGhost VPN Jurisdiction
CyberGhost runs its business in Romania. For most of us, the country is known as the Dracula homeland, but it was chosen not for this reason. In fact, the country can boast one of the best data retention legislation favorable for VPN services. Back in 2014, the Romanian Constitutional court recognized the EU Data Retention Directive as illegitimate. It also led to the annulment of the state’s Law on Cyber Security. So, since 2014 Romania basically refused to give the right to law enforcement and intelligence agencies to collect information. Therefore, Romania is a great place for any privacy-conscious business. I should note, though, that a court’s warrant can oblige a legal entity to provide data about its operation, but it is fair for any country in the world.
CyberGhost VPN Logging Policy
Since the logging policy is the main focus of this post, I meticulously studied all the information I could find on this matter. What I discovered says that CyberGhost doesn’t really collect any logs, neither connection nor user ones. Consequently, the service stores no information about your IP address (original and newly-assigned), timestamps, or traffic.
When you register with CyberGhost you submit some personal data such as a username, password, and activated serial numbers. The service keeps this information to let you log in. These credentials cannot be correlated with any particular person because subscribers are not asked to provide real names, addresses, or credit card details. The company doesn’t even handle payments in-house to distance any sensitive information from user accounts. Therefore, subscribers shouldn’t worry that their identity may be revealed.
The only information that stays in CyberGhost is statistics of your registration. They keep a record about the time when you logged in within 24 hours. After that, they erase time and leave only a date. At the end of a month, they sum up this data (saying, for example, a user X logged in 20 times) and then discard it. Such statistics help Cyberghost to keep track of inactive accounts.
If you believe that CyberGhost might be a good choice for your needs, you should get to know it a little bit more. Here is my detailed CyberGhost VPN review.
CyberGhost is registered in a privacy-friendly country that doesn’t have a mundane data retention laws. Furthermore, CyberGhost doesn’t bother to do it off its own bat. The only permanent info they store is logging credentials, which can’t lead to any particular user anyway. Also, the service maintains logging statistics but it only says how many times a user registered within a month. All in all, CyberGhost’s service-client regulations are very close to the best examples of the true zero-logging policy.