ExpressVPN Servers and Privacy Policy Audited by PwC

In line with all other major VPN providers, ExpressVPN this week announced that the company’s servers and subsequently their privacy policy were audited by PricewaterhouseCoopers (PwC).

A significant point made by ExpressVPN was that this comes as the VPN industry becomes ever more transparent and candid with their customers.

As expected, the audit gives us all an in-depth look into how ExpressVPN’s security holds up and how the company keeps everyone’s mountains of data so incredibly safe. Keep in mind that this audit also provided a deep insight into whether the company holds to its privacy policies and whether you can truly trust them with keeping your online activity and private data safe.

For a refresher, the ExpressVPN ethos is as simple as this; to ‘only collect the minimal data required to operate a world-class VPN service at scale.

ExpressVPN’s Data Policies

 To understand how ExpressVPN’s commitment to privacy and what the PwC audit was expected to show, you’ll need to know what the company states they do not collect.

Taking a quick look on the ExpressVPN website, you’ll soon spot that DNS queries, traffic destination, data content, and browsing history are checked right off the list. None of these datasets are monitored, analysed, or recorded in any way, which means whatever you’re doing online and whichever websites you’re accessing are entirely limited to your eyes only.

On to other data, ExpressVPN also makes it known that IP addresses, connection logs, VPN IP addresses, session durations, and connection timestamps also miss out on recording and monitoring. As a result, your online movements can’t be traced back to a device or an ISP account.

To the PwC audit now, ExpressVPN was examined to determine whether all of the claims above are met. As we know, many VPN providers in the past have claimed to have well-rounded security, only for users to be duped and tracked anyway.

PwC Audit Focus

As expected, the PwC auditing team focused directly on ExpressVPN’s technology processes first to determine whether the service’s fundamentals were safe before moving on to policy checks and other security-focused elements.

ExpressVPN made the following statement regarding the PwC audit:

“We believe that publishing such audits are crucial for trust and transparency in the industry, as they provide independent verification of the privacy and security commitments we make to customers. Simply put, they give confidence to consumers that they can trust ExpressVPN.”

The PwC audit also honed in on one of ExpressVPN’s leading technologies, the ExpressVPN TrustedServer feature, which touts unmatched security when compared to almost all other VPNs on the market. The TrustedServer feature is simply a server suite that is comprised entirely of RAM-based servers, making it impossible for user data to be stored on them.

Think of TrustedServer as a feature or service that essentially provides you, and all other ExpressVPN users with a clean slate each and every time the server is restarted.

PwC Audit Results

ExpressVPN outlined on their website that they provided PwC with ‘extensive access to our team and system information’ to ensure all data and systems were available for testing. This essentially meant that whatever PwC needed to see in order to provide an accurate result, they were given.

For an outline of what was examined in the audit, you can take a look at ExpressVPN’s statement here.

All in all, ExpressVPN’s willingness to undertake such an audit shows the company is genuinely committed to user privacy and wants to showcase to their customers that all data and activity sent through the ExpressVPN platform is secure and safe from prying eyes.

---

Categories: News