Italian hacktivist-founded VPN (Perugia, 2010), no-logs, port forwarding, but no longer serves Italian residents (Piracy Shield).
- FROM
- €7/mois
- CLOUD ACT
- NONE
Synthèse de la propriété et de l’exposition au CLOUD Act.
Panama-incorporated VPN (NordVPN S.A.) under NL holding Nord Security, LT operations; Deloitte + PwC no-logs audits, RAM-only diskless servers, ISO 27001.
NordVPN, dans la catégorie VPN, est un service européen avec Lithuania comme lieu d’hébergement et tout au plus une exposition américaine mineure et transitoire au titre du CLOUD Act.
NordVPN's ownership chain is genuinely complex and not EU-owned in the strict sense: the VPN service is operated by NordVPN S.A. (Panama), historically Tefincom S.A., a Panamanian entity chosen for its no-data-retention jurisdiction, under the Nord Security holding company in Amsterdam, Netherlands, with operations and staff in Vilnius, Lithuania, and the 2022 $100M funding round was co-led by US VC General Catalyst alongside Novator (IS) and Burda (DE); the product itself is one of the most rigorously audited consumer VPNs (Deloitte 2023 + PwC no-logs audits, full transition to colocated diskless RAM-only servers, ISO 27001), so it is included as a privacy-pick rather than a sovereignty-pick. Ownership signals: Panama operating entity (not EU-owned), US-VC minority stake (General Catalyst), CLOUD Act exposure rated minor due to Panama incorporation + RAM-only architecture eliminating data-at-rest exposure. No public DPA at the NordVPN S.A. level for individual consumers; a business DPA is available at business.nordsec.com.
Le degré d'exposition des données clients aux autorités américaines au titre du CLOUD Act (Clarifying Lawful Overseas Use of Data Act).
Où se situe le contrôle ultime de la société exploitante.
NordVPN is the flagship product of Nord Security, the Lithuanian cybersecurity group that also operates NordPass, NordLayer, NordLocker, NordStellar and, since the 2022 merger, Surfshark. It is one of the largest consumer VPN services in the world (Nord Security reports more than 20M users across its products with NordVPN accounting for around 15M). It is included in this directory as a privacy-pick rather than an EU-sovereignty pick. The distinction matters, because the ownership chain is unusually layered.
The legal entity that operates the VPN service is NordVPN S.A., registered in Panama. Historically named Tefincom S.A., this entity was deliberately set up in Panama for its absence of mandatory data-retention laws, which is itself a privacy positioning. The group holding company is Nord Security in Amsterdam, Netherlands. Day-to-day operations and the bulk of the engineering team are in Vilnius, Lithuania. And the cap-table includes US venture capital: the 2022 $100M round was co-led by General Catalyst (US) alongside Novator (Iceland) and Burda (Germany). None of those layers makes NordVPN US-incorporated (the CLOUD Act does not apply directly to a Panamanian entity), but the company is also clearly not EU-owned in the way Mullvad (founder-owned Swedish AB) or ProtonVPN (Swiss non-profit Foundation) are.
Where NordVPN is genuinely strong is product security and audit history. Independent no-logs audits by Deloitte (December 2023) and PwC validated the no-retention claim; the entire server fleet has been transitioned to colocated, diskless RAM-only servers so configuration is loaded fresh on every boot and nothing persists; Nord Security holds ISO/IEC 27001; and the product offers WireGuard (NordLynx), kill-switch, multi-hop, Tor-over-VPN, and threat-protection extras. cloud_act_exposure is set to minor rather than material to reflect the Panama incorporation + RAM-only architecture (no data-at-rest exposure). The US-VC stake and likely US payment / CDN sub-processors keep it above none.
Pricing is paid-only (no free tier; 30-day money-back): Basic from around €3.99/month on a 2-year plan, Plus and Complete tiers above. The affiliate programme is one of the most lucrative in the entire VPN category (see affiliate block). Best fit: mainstream privacy-conscious buyers who want a heavily audited, RAM-only no-logs VPN with broad device coverage and aggressive pricing on long commitments. EU buyers who specifically want sovereignty rather than just privacy should prefer Mullvad (SE), ProtonVPN (CH), IVPN, or AirVPN (IT), all elsewhere in this directory.
Italian hacktivist-founded VPN (Perugia, 2010), no-logs, port forwarding, but no longer serves Italian residents (Piracy Shield).
Swedish privacy VPN (Stockholm, est. 2012): Blind Operator, RAM-only, audited no-logs; acquired by Malwarebytes (US) 7 Nov 2024.
Romanian-operated VPN (CyberGhost S.R.L., 2011) under Kape Technologies (UK; ex-Crossrider) → Unikmind/Teddy Sagi (IM) since 2023; listed as a warning.