diff --git a/SUMMARY.md b/SUMMARY.md
index 6d20fe6..82d2048 100644
--- a/SUMMARY.md
+++ b/SUMMARY.md
@@ -88,6 +88,7 @@
 
 * [Roadmap](features/roadmap.md)
 * [Architecture](in-depth/architecture/README.md)
+  * [How do VPN statistics work](in-depth/architecture/how-do-vpn-statistics-work.md)
   * [Security concepts](in-depth/architecture/security-concepts.md)
 
 ## For Developers
diff --git a/in-depth/architecture/how-do-vpn-statistics-work.md b/in-depth/architecture/how-do-vpn-statistics-work.md
new file mode 100644
index 0000000..de4da8c
--- /dev/null
+++ b/in-depth/architecture/how-do-vpn-statistics-work.md
@@ -0,0 +1,13 @@
+# How do VPN statistics work
+
+1. Each defguard gateway reads kernel data from the WireGuard® interface for each peer.
+2. If any change is detected between previous stats (bytes in/out) then through the gRPC interface the gateway sends those statistics to defguard core.
+
+{% hint style="info" %}
+If the gateway doesn't detect any changes in stats, doesn't send anything to core.
+
+The period for each gateway to gather stats from the interfaces is defined by `DEFGUARD_STATS_PERIOD` ENV value (or -p argument) - default 30sec.
+{% endhint %}
+
+3. Core stores all the data send trough gRPC in the database (table `wireguard_peer_stats`).
+4. Then when displaying the VPN overview does all the calculations and aggregations of the data to display them.