A No-Logs VPN, Engineered So There Is Nothing to Hand Over

A no-logs VPN is only as honest as its architecture. You can claim privacy on a marketing page, but if your servers write a log file every time a user connects, the promise collapses the moment someone asks for that file. Pivot VPN was built the other way around: the infrastructure literally does not produce the records people worry about, so there is nothing to store, leak, subpoena, or lose.

This page explains what our no-logs policy means in practice, what we deliberately do not collect, how the system enforces that on the server side, and what you experience as a user across Android, iOS, Windows, macOS, Linux, and Android TV.

What “No-Logs” Actually Means at Pivot VPN

When you connect to Pivot VPN, three categories of data could, in theory, be written down: who you are, what you do, and when you do it. A real no-logs VPN refuses all three.

Concretely, we do not store:

• Your originating IP address or the IP assigned to you after the tunnel comes up.
• DNS queries made through our resolvers.
• Destination IPs, hostnames, or ports you connect to.
• Bandwidth tied to your account or session, beyond ephemeral counters used to keep the tunnel alive.
• Connection timestamps linked to your identity.
• Browsing history, traffic contents, or any application-level metadata.

What we do keep is the minimum required to run a paid service: your account email (or anonymous account ID, if you signed up that way), subscription status, and payment receipts from the store or processor you used. None of that is tied to a session log, because no session log exists.

Why a No-Logs Policy Matters More Than Encryption

People often assume encryption is the whole story. It is not. AES-256 and modern tunneling protocols protect data in transit, but they do not protect the metadata your VPN provider could choose to write down at the edge of the tunnel. If a provider keeps “connection logs” (who connected, from where, for how long, to what destination), that file becomes the most sensitive object in the system. It can be requested by authorities, stolen by attackers, or accidentally exposed in a misconfigured backup.

A no-logs VPN removes that risk class entirely. The threat model is simple: if the data is never written, it cannot be compelled or compromised. This is the difference between trusting a promise and trusting the absence of evidence. Pivot VPN is designed so that even our own engineers, with full server access, would not be able to reconstruct what you did last Tuesday.

How Pivot VPN Enforces No-Logs on the Server Side

The policy is implemented in three layers: server configuration, application logic, and operational practice.

Server configuration. Our VPN nodes run a hardened OS image with verbose logging disabled at the kernel and daemon level. The tunneling daemons are configured to operate in memory; ephemeral state (the routing table entry that lets your packets find their way home) lives in RAM and disappears the moment your session ends or the node reboots. We deliberately do not mount persistent log volumes on these machines. There is no /var/log/vpn-sessions.txt waiting to be read.

Application logic. Authentication is decoupled from session handling. When your client connects, the node validates that your subscription is active by checking a token, not by writing your identity into a session record. Bandwidth accounting, where it exists at all, is aggregated at the node level (total throughput per server) rather than per user, so there is no per-account usage history to correlate with timestamps.

Operational practice. Diagnostic logs that any production system needs (crash reports, health checks, capacity metrics) are scoped so they cannot identify a user. Crash traces are sanitized of IP addresses before they leave the node. Health metrics describe the server, not its users. When an engineer logs into a node to debug a problem, they see live system state, not a history of who was there.

What You Experience as a User

The no-logs design is invisible by intention. You open the Pivot VPN app on your phone, tap connect, and traffic starts flowing through an encrypted tunnel. There is no questionnaire, no “share diagnostics” toggle hiding a tracker, no profile that quietly accumulates a record of your habits.

The same is true on a Windows laptop heading to a coffee shop, on a macOS machine working from a hotel, on a Linux workstation, on an iPhone roaming abroad, and on an Android TV streaming in the living room. One subscription covers all of those devices, and the no-logs policy applies identically to each. The TV connecting to a streaming service does not generate a different record than the phone connecting to a messaging app, because neither generates a record.

You can switch servers, change protocols, reconnect after a dropped Wi-Fi handoff, or leave the tunnel up for days. The system does not accumulate a story about you while you do it.

DNS: The Quiet Place Most VPNs Leak

DNS queries are the most overlooked privacy surface. Every website you visit starts with a DNS lookup, and if those lookups go to a logging resolver, the encrypted tunnel above them is partly defeated. Pivot VPN routes DNS through our own resolvers inside the tunnel by default, and those resolvers are configured the same way as our VPN nodes: ephemeral, in-memory, no query logs.

We also block DNS leaks at the OS level on each platform. On Windows and macOS the app enforces tunnel-only resolution so the operating system cannot quietly fall back to the ISP resolver. On Android and iOS the platform VPN API is configured to capture DNS inside the tunnel. On Linux, our client manages resolv.conf (or systemd-resolved, depending on the distribution) for the duration of the session and restores the prior state on disconnect.

The result is that the most identifying stream of data, the list of domains your device asks about, never reaches a logging third party and is not stored by us either.

Payments, Accounts, and the Edges of “No-Logs”

An honest no-logs policy has to be specific about edges. Pivot VPN is a paid service, which means there is a billing relationship somewhere. We are clear about how that interacts with privacy.

If you pay through an app store, the store knows you bought a subscription; we receive a receipt and a subscription status. If you pay by card through our processor, the processor handles card data; we never see the PAN. In both cases, what reaches our systems is a subscription record, not a behavioral record. That subscription record is not linked to any session because there are no sessions to link to.

If you want stronger separation, you can create an account with a fresh email that has no other footprint. We do not require a real name, a phone number, or identity verification. The account exists to prove you have an active subscription, nothing more.

Edge Cases: Support, Abuse, and Legal Requests

Three situations come up often, so it is worth being concrete.

Support tickets. If you contact support, the conversation is stored so we can help you. Share only what you need to share. We will never ask for a list of sites you visited, because we could not verify it anyway.

Abuse reports. If a host complains about traffic from one of our IPs, we cannot identify who was using that IP, because we do not record assignments per user. We respond by reviewing server-level patterns and applying network-level mitigations where appropriate.

Legal requests. When a valid request reaches us, we respond truthfully: we do not hold the records being requested. The architecture above is the reason that answer is the same every time.

How to Verify It Yourself

You do not have to take the policy on faith. There are practical checks you can run on any platform.

• Connect to Pivot VPN on your laptop or phone, then visit a DNS leak test site. Confirm that the resolver shown is ours, not your ISP’s.
• Compare your public IP before and after connecting; it should change to the server you selected.
• Watch your network state on Linux during connect and disconnect to confirm that DNS configuration is captured and restored cleanly.
• On Android TV, connect on the device itself (not via a router) and confirm streaming traffic flows through the tunnel.

These checks tell you the tunnel is doing its job. The no-logs side is, by design, something you confirm by what is absent: no profile being built, no usage history surfacing, no breach disclosing data that should not have existed in the first place. That absence is the feature.