- An independent audit has confirmed that ExpressVPN never stores user data as indicated in its privacy policy
- KPGM Insoyted Expressvpn TrustedSserver cybersecurity experts are designed to never record this data as claimed
- This is the 23rd time that ExpressVPN has put its software under third -party control
KPGM cybersecurity experts have confirmed that ExpressVPN never reports any of your identifiable information, as indicated in its privacy policy. Experts specifically verified the design of the expressvpn server infrastructure, checking that it effectively prevents the collection of these newspapers.
Classified by us as one of the best VPN services at the moment, this audit marks the 23rd time that ExpressVPN has put its software to a meticulous examination, with the last audit confirming ExpressvPN’s claims in February 2025.
“No exception noted”
The KPGM team has fully verified that Expressvpn TrustedServer acts as it should. Test of its description, design and implementation of controls.
Developed in 2019, ExpressVPN TrustedSserver is supplier technology at the basis of its allegations of non-lugarithm. All VPN servers run fully on RAM, for example, which means that nothing is stored on the server after restarting.
Expressvpn servers are also designed so that each time the server is restarted, the latest version of the code stack (which includes the operating system (OS) and the VPN infrastructure above) are loaded as a single block, minimizing the risks of bugs, other vulnerabilities and poor configuration.
As of February 28, 2025, KPGM confirmed that the expressvpn infrastructure has no anomaly in its design or implementation, as “no exceptions noted” during the tests. You can see the full report here.
“The fact that KPMG assesses our technologies and again assesses our privacy protections demonstrates our unwavering commitment to maintain the highest standards for protecting users’ privacy,” said ExpressVPN information security director Aaron Engel, commenting on conclusions.
“Independent insurance is not only a check box for us-it is fundamental in our efforts to trust and transparency,” he added.
A confidentiality policy and a regularly verified security infrastructure without software aims to provide a guarantee that no personal information or your use data is collected, disclosed, then linked to you or your online activities.
It should be remembered, however, that even VPNs without Log-Log collect certain basic data. This includes information such as your email address and the number of users connected to a server, for example. However, these details should not be sufficient to identify you or your activities when using the VPN.
