ExpressVPN passes yet another no-logs audit

A person typing on a computer, lit up by the screen
(Image credit: Getty Images)

When discussing the best VPN services, ExpressVPN is a name that often arises, and it has just fortified its claim by passing another independent security audit, proving its commitment to its no-logs policy. 

This marks the 18th independent third-party audit that ExpressVPN has completed and published.

ExpressVPN employed KPMG LLP to complete the security audit and ensure that, as of December 12, 2023, the claims laid out in the VPN company's TrustedServer services and Privacy Policy were correct.

During the audit, KPMG tested the description, design and implementation of the controls of ExpressVPN's TrustedServer services. During this process, it was determined that the platform integrity of ExpressVPN's TrustedServer architecture prevented it from collecting any user logs.

The audit also found no issues in its testing of controls, including ExpressVPN's protection against logging customer data.

Aaron Engel, Chief Information Security Officer at ExpressVPN said of the audit: “We’re delighted to have KPMG scrutinize our systems, TrustedServer technology, and validate our adherence to our no-logs policy as at 12 December 2023. Regular assessments and audits by independent third parties help validate the strength of our security measures, bolstering our confidence in safeguarding our users. 

"The latest report by KPMG adds to our long list of existing third-party testings further solidifying ExpressVPN’s position as industry leaders in trust and transparency."

You can read the full audit here.

Olivia Powell
Tech Software Commissioning Editor

Olivia joined Tom's Guide in October 2023 as part of the core Future Tech Software team, and is the Commissioning Editor for Tech Software. With a background in cybersecurity, Olivia stays up-to-date with all things cyber and creates content across TechRadar Pro, TechRadar and Tom’s Guide. She is particularly interested in threat intelligence, detection and response, data security, fraud prevention and the ever-evolving threat landscape.