Expressvpn’s external auditors confirm the non -leakage policy from February

“Expressvpn never maintains data that can link you with any online activity,” VPN provider Claims on its website. Independent audit in late February supports these claims. Accounting company KPMG found a “reasonable guarantee” that the VPN provider system prevents the registration of user activity. The product is one of The best VPN choices from Engadget.

RAM VPN servers

The company has put the Expressvpn StressedSErver system under a microscope. This is the company’s RAM system. In theory, this approach means that the user data has been wiped with each server restart. (This would even prevent long -term storage.) Some competitors, including nordvpn, too, too. Use The ram -based server. Meanwhile, Protonvpn Meters Correctly encrypted hard drives are as safe.

Another anti -server -based anti -RAM is that it is only effective if restarted. In theory, the company can operate RAM servers for marketing purposes, but then do not restart them. This is where audits can help.

KPMG results

KPMG has a high level of confidence in the fact that the non -decline system works as announced in late February. “Controls provide a reasonable guarantee that Expressvpppn Trustserver does not collect user activity records,” says KPMG. This included “there is no registration for browsing date, traffic destination, data content, DNS queries, or specific communication records.”

The ISAE 3000 type KPMG assessment was of type 1. This means that it has focused on the design and implementation of the Expressvn control at a specific time. (Meanwhile, the type 2 review would go further, and test the effectiveness of those controls over a long period.) If you are not aware, the KPMG is one of the four major accounting companies. It is a reliable name that companies cancel large dollars in the audit operations such as this.

Consider the evaluation in several factors. These included documentation reviews, system control and an interview with Expressvn employees. The audit conclusion applies “starting from February 28, 2025”, so it represents KPMG’s conclusions of a specific time point instead of a comprehensive statement of permanent confidence. The evaluation also did not include the entire system test or a full security analysis of the company.

You can read KPMG’s Full paper To get a more detailed breakdown.