- An independent audit confirmed that ExpressvPN never stores user data as indicated in its privacy policy
- KPGM cybersecurity experts inspected Expressvpn’s trust are designed to never register the data as stated
- It is the 23rd time that Expressvpn has put its software in a third -party scrutiny
KPGM cybersecurity experts have confirmed that ExpressvPN never records any of their identifiable information, as indicated in their privacy policy. Experts specifically verified the infrastructure design of the Expressvpn server, verifying that effectively avoiding the collection of said records.
Qualified by us as one of the best VPN services at this time, this audit marks the 23rd time Expressvpn has put its software in scrutiny, with the last audit that confirms the statements of Expressvpn as of February 2025.
“No exception noticed”
The KPGM team thoroughly verified that Expressvpn Trustedserver acts as it should. Proof of your description, design and implementation of controls.
Developed in 2019, Expressvpn Trustedserver is the supplier’s technology at the base of its claims without registration. All VPN servers are fully executed in RAM, for example, which means that nothing is stored on the server after a restart.
Expressvpn servers are also designed so that every time the server is restarted, the newest version of the code battery (which includes the operating system (OS) and the VPN infrastructure above it) is loaded as a unique block, minimizing the risks of errors, other vulnerability and poor configuration.
As of February 28, 2025, KPGM confirmed that the ExpressvPN infrastructure does not present any anomaly in its design or implementation, such as “the exception” was observed “during the tests. You can see the full report here.
“Make KPMG evaluate our technologies and evaluate our privacy protections again demonstrates our unwavering commitment to maintain the highest standards for the protection of user privacy,” said ExpressvPN Information Security Director Aaron Engel, commenting on the findings.
“The independent guarantee is not just a verification box for us, it is fundamental in our efforts towards trust and transparency,” he added.
A Privacy and Safety Infrastructure policy without audited registration regularly aims to provide a guarantee that none of your personal data or use data is collected, filtered and then linked to you or your online activities.
However, it is worth remembering that even VPNs without registration collect some basic data. This includes information such as your email address and the number of users connected to a server, for example. However, these details should not be enough to identify you or your activities when you use the VPN.
