- An independent audit confirmed that ExpressVPN never stores user data as indicated in its privacy policy
- CYBERSECURITY -experts at KPGM Inspected Expressvpns TrustedsServer are designed to never log such data as alleged
- It’s the 23rd time that ExpressVPN has put its software under third -party survey
CyberSecurity experts at KPGM have confirmed that ExpressVPN never logs any of your identifiable information, as stated in its privacy policy. The experts specifically checked ExpressVPN’s server infrastructure design and check that it effectively prevents the collection of such logs.
Reviewed by us as one of the best VPN services right now, this revision marks the 23rd time ExpressVPN has put its software under control, with the latest audit confirming ExpressVPN’s claims from February 2025.
“No exception noted”
The team at KPGM thoroughly checked that ExpressVPN TrustedServer works properly. Testing its description, design and implementation of controls.
Developed in 2019, ExpressVPN Trustedserver is the provider’s technology at the base of its requirements without log. All VPN servers run completely on RAM, for example, which means nothing is stored on the server after a reboot.
Expressvpns servers are also designed so that every time the server is restarted, the latest version of the code stack (which includes the operating system (OS) and the VPN infrastructure above) is loaded as a unique block that minimizes the risk of bugs, other vulnerabilities and misunderstanding.
From February 28, 2025, KPGM confirmed that ExpressVPN’s infrastructure does not present any deviations in its design or implementation, which “no exception noted” during testing. You can see the full report here.
“After KPMG evaluating our technologies and assessing our privacy of personal information, again, our unshakable obligation to maintain the highest standards of protection of users’ privacy,” said Expressvpn’s Chief Information Security Officer, Aaron Engel, and comments on the results.
“Independent insurance is not just a check box for us – it is fundamental in our efforts to trust and transparency,” he added.
A regularly revised non-log-private life policy and security infrastructure aims to provide a guarantee that none of your personal information or use data will be collected, leaked and then linked to you or your online activities.
However, it is worth remembering that even non-log-VPNs collect some basic data. This includes information such as your E -Mail address and the number of users connected to a server, for example. Still, these details should not be enough to identify you or your activities when using VPN.
