ExpressVPN has completed a third audit of its no-logs policy and TrustedServer system.
The provider, one of the best VPNs, is known for its privacy credentials and these were proven in this audit.
KPMG LLP examined ExpressVPN's privacy policy and TrustedServer technology and "reasonable assurance" was provided that ExpressVPN does not collect activity or connection logs.
A verified no-logs policy is a must-have for the most private VPNs and Windscribe's recent court case proved just how important they are.
Keeping users safe
ExpressVPN says its "technology is engineered so that activity logs and connection logs are never retained."
KPMG assessed these claims by examining ExpressVPN's TrustedServer technology and its privacy policy. The assessment was conducted under the globally recognized International Standards on Assurance Engagements (ISAE) (UK) 3000 Type 1.
TrustedServer's design means it prevents log collection. No-logging is built into the technology and the process is constantly reviewed.
The servers regularly reboot, and any accumulated data is forgotten. KPMG confirmed that no personally identifiable information, such as a user's IP address, is logged on the server, or exported from the server in any way.
The firm provided "reasonable assurance" that TrustedServer "does not collect logs of users’ activity, including no logging of browsing history, traffic destination, data content, DNS queries, or specific connection logs."
No issues were identified. KPMG confirmed the results aligned with ExpressVPN's no-logs policy and users were protected.
These claims were true as of 28 February 2025 and KPMG's full assessment report is available to read.
Privacy promises validated
ExpressVPN says it makes continuous efforts to validate its privacy promises and regular independent audits are essential for this.
"Independent assurance isn't just a checkbox for us – it's fundamental in our efforts towards trust and transparency," said Aaron Engel, Chief Information Security Officer at ExpressVPN.
"Having KPMG evaluate our technologies and assess our privacy protections again demonstrates our unwavering commitment to maintaining the highest standards of user privacy protection."
Engel added that "by subjecting our systems to rigorous third-party scrutiny, we're not just verifying our current protections – we're establishing a standard for accountability that we hope will raise the bar across the entire VPN industry."
ExpressVPN has published 23 third-party audits and it recently commissioned two assessments of its Lightway protocol.
Lightway has been remade in Rust to make it even faster and more secure. Cure53 and Praetorian completed the assessments and positive results were found – low-risk findings were immediately addressed by ExpressVPN.
The Lightway protocol also fully supports post-quantum encryption, meaning ExpressVPN users can protect their devices with the highest standards of security.
We test and review VPN services in the context of legal recreational uses. For example: 1. Accessing a service from another country (subject to the terms and conditions of that service). 2. Protecting your online security and strengthening your online privacy when abroad. We do not support or condone the illegal or malicious use of VPN services. Consuming pirated content that is paid-for is neither endorsed nor approved by Future Publishing.
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
