How many?! ExpressVPN has successfully undergone its 23rd audit – here's everything we know

News
By published

KPGM is the latest expert group to test ExpressVPN and confirm its claims

ExpressVPN, the best VPN, running on Windows, Mac, tablet, iPhone, Android, router, and AppleTV
  • An independent audit confirmed that ExpressVPN never stores user data as indicated in its privacy policy
  • Cybersecurity experts at KPGM inspected ExpressVPN's TrustedServer is designed to never log such data as claimed
  • It's the 23rd time that ExpressVPN has put its software under third-party scrutiny

Cybersecurity experts at KPGM have confirmed that ExpressVPN never logs any of your identifiable information, as stated in its privacy policy. The experts specifically checked ExpressVPN's server infrastructure design, checking that it effectively prevents the collection of such logs.

Rated by us as one of the best VPN services right now, this audit marks the 23rd time ExpressVPN has put its software under scrutiny, with the latest audit confirming ExpressVPN's claims as of February 2025.

"No exception noted"

The team at KPGM thoroughly checked that ExpressVPN TrustedServer acts as it should. Testing its description, design, and implementation of controls.

Developed in 2019, ExpressVPN TrustedServer is the provider's technology at the base of its no-log claims. All VPN servers run entirely on RAM, for example, meaning that nothing is stored on the server after a reboot.

ExpressVPN's servers are also designed so that every time the server is rebooted, the newest version of the code stack (which includes the operating system (OS) and the VPN infrastructure above it) is loaded as a unique block, minimizing the risks of bugs, other vulnerabilities, and misconfiguration.

As of February 28, 2025, KPGM confirmed that ExpressVPN's infrastructure doesn't present any anomalies in its design or implementation, as "no exception noted" during tests. You can see the full report here.

"Having KPMG evaluate our technologies and assess our privacy protections again demonstrates our unwavering commitment to maintaining the highest standards of user privacy protection," said ExpressVPN's Chief Information Security Officer, Aaron Engel, commenting on the findings.

"Independent assurance isn't just a checkbox for us—it's fundamental in our efforts towards trust and transparency," he added.

A regularly audited no-log privacy policy and security infrastructure aims to provide a guarantee that none of your personal information or usage data is collected, leaked, and then linked to you or your online activities.

It's worth remembering, however, that even no-log VPNs collect some basic data. This includes information such as your email address and the number of users connected to a server, for example. Yet, these details should not be enough to identify you or your activities when using the VPN.

You might also like

TOPICS
Chiara Castro
Chiara Castro
News Editor (Tech Software)

Chiara is a multimedia journalist committed to covering stories to help promote the rights and denounce the abuses of the digital side of life – wherever cybersecurity, markets, and politics tangle up. She believes an open, uncensored, and private internet is a basic human need and wants to use her knowledge of VPNs to help readers take back control. She writes news, interviews, and analysis on data privacy, online censorship, digital rights, tech policies, and security software, with a special focus on VPNs, for TechRadar and TechRadar Pro. Got a story, tip-off, or something tech-interesting to say? Reach out to chiara.castro@futurenet.com

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.