No Logs VPS Provider in Offshore Jurisdictions

Most VPS providers collect more data than their marketing suggests. Standard logging practices in the hosting industry include: hypervisor-level network flow logs that record source IP, destination IP, port, and byte count for all traffic passing through a VM's virtual NIC; billing system logs that record payment method details, billing address, and transaction identifiers; support ticket logs that capture everything you communicate with the support team; panel access logs that record every IP address that logged into the control panel and when; and provisioning logs that record the exact time a VM was created, resized, or destroyed.

Some providers also run network-level monitoring infrastructure that captures packet metadata across their entire network for traffic engineering and abuse detection purposes. This infrastructure, while typically designed for operational use, creates a dataset that could theoretically be subpoenaed or accessed by law enforcement with appropriate legal process.

AnubizHost's logging posture is deliberately minimal. We retain billing records (payment confirmation only - no card numbers, no full payment identifiers beyond what our payment processor provides). We retain provisioning records (VPS created, size, location, assigned IP) for the duration of your service plus 30 days. Panel access logs are retained for 7 days for rate-limiting and fraud prevention. No network flow logs are retained for customer VM traffic. No content logging occurs at any level.

The no-logs policy is not just a policy document - it is an architecture. If a log is never written, it cannot be subpoenaed, hacked, or accidentally disclosed. Our network infrastructure does not have the capability to reassemble packet streams from customer VMs. The hypervisors write no per-VM traffic logs. There is nothing to hand over even if a court order were issued.

Server jurisdiction and provider logging policy protect you from data collection at the infrastructure level. Within your VPS, your own application and OS logging configuration determines what records exist about your activity and your users' activity.

OS-level logging: by default, Debian and Ubuntu write system logs to /var/log/ via rsyslog. Authentication attempts, sudo commands, service starts and stops, and kernel messages all end up in these logs. For high-privacy use cases, configure rsyslog to write logs to tmpfs (RAM-based filesystem) rather than disk: logs survive reboots only if explicitly copied to persistent storage. Alternatively, configure aggressive log rotation with immediate deletion after 1 day rather than the default 4-week retention.

Application logging: every web server, database, and application daemon has its own logging configuration. Nginx logs every request by default with client IP, timestamp, and URL. Disable access logging entirely (access_log off; in nginx.conf) or log only error-level events. For applications that must log for operational reasons, use a log pipeline that anonymizes IP addresses before writing to disk - replace the last octet of IPv4 addresses with 0 before logging.

Network-level: if you run a VPN, proxy, or Tor relay on your VPS, configure those services explicitly for no logging. WireGuard generates no logs by default - do not add a logging configuration. OpenVPN's verb setting controls log verbosity; set verb 0 for no output, verb 1 for only errors. Tor's default configuration logs only warnings and errors - do not increase this level in production relay configurations.

Database logging: MySQL and PostgreSQL have general query logs that, if enabled, record every SQL query executed. Keep these disabled in production. Enable slow query logging only temporarily for performance debugging, then disable and delete the log file when done. Do not store database logs in a location backed up to a remote system unless that system is also privacy-configured.

Even with a no-logs VPS, legal requests can target account-level information (email address, payment record, assigned IP, service creation date) that exists in billing systems. Understanding what can and cannot be produced in response to a legal request helps you structure your account for maximum privacy.

In Iceland, law enforcement data requests must go through the Icelandic National Police and be based on Icelandic law. Foreign requests require MLAT processing. The information available even under a valid Icelandic court order: the email address on the account, the IP address assigned to the VPS, the creation and termination dates of the service, and the payment record. What is not available: traffic logs (they do not exist), content on the VPS (a separate court order for server image access would be required), or logs of who accessed what using the server (we do not collect this).

In Romania, the same framework applies with Romanian legal process. Romania's constitutional history of refusing data retention mandates means that even the billing data retention period (30 days post-service-end) reflects a legal judgment about minimum necessary retention, not industry standard practice.

For accounts using Monero payment and a privacy-focused email address, the billing record produces minimal identifiable information: an XMR transaction hash (unlinkable by design) and an email address at a provider that may itself have strong privacy protections. Combined with a no-logs VPS, this creates an account structure where a valid legal request produces very little actionable information even when fully honored.

No-logs claims are difficult to independently verify. Unlike consumer VPN providers, VPS providers have not historically undergone third-party privacy audits. AnubizHost's approach to establishing trust is transparency about architecture rather than audit certificates.

Technical honesty: we describe exactly what logs exist and what their retention period is. Billing records: payment confirmation, retained for accounting duration. Provisioning logs: VPS creation and configuration, retained 30 days post-termination. Panel access logs: login IP and timestamp, retained 7 days. Network traffic logs: none. Content logs: none. If this inventory changes, we update our privacy policy and notify affected customers.

Architecture transparency: our hypervisors use standard KVM virtualization. Network infrastructure uses standard Linux networking. No proprietary logging agents are installed on customer VMs. If you are technically sophisticated, you can verify this by examining what network connections your VPS makes back to our infrastructure - you should see only the management plane traffic required for console access and billing integration, not continuous data streaming to a logging server.

Legal structure: AnubizHost operates under Icelandic and Romanian law. If we were to falsify our logging policy to a customer, we would face regulatory liability under GDPR for false representations about data processing practices. This creates a legal disincentive to overclaim privacy protections that we do not actually provide.

For customers who require independently audited infrastructure, we recommend combining AnubizHost's offshore VPS with full-disk encryption and self-managed logging configuration. With LUKS encryption on your data volume and no persistent logs in /var/log, the verifiable result is that even physical server access produces no readable data without your encryption key - making the verification question moot.