ExpressVPN Privacy Report

ExpressVPN has a strong reputation in the VPN industry. It uses military-grade AES-256 encryption and has zero history of any breaches. However, ExpressVPN would’ve received a higher score if the company updated its software automatically. Instead, users must download updates from the company’s website manually.
Encryption
In Transit | Yes |
---|---|
At rest? | Yes |
All network communications and capabilities? | Yes |
Security Updates
Automatic, regular software/ firmware updates? | No |
---|---|
Product available to use during updates? | No |
Passwords
Mandatory password? | Yes |
---|---|
Two-Factor authentication? | No |
Multi-Factor authentication? | No |
Vulnerability Management
Point of contact for reporting vulnerabilities? | Bugcrowd or via email at security@expressvpn.com |
---|---|
Bug bounty program? | Yes |
Privacy Policy
Link | https://www.expressvpn.com/privacy-policy |
---|---|
Specific to device? | No |
Readable? | Yes |
What data they log | Name, email address, and payment information name, email address, and payment information. App diagnostic data, which include crash reports, usability diagnostics, and VPN connection diagnostics, are anonymized and cannot be tied back to individual ExpressVPN users. Information related to which Apps and Apps version(s) you have activated. Whether you have successfully established a VPN connection on a particular day (but not a specific time of the day), to which VPN location (but not your assigned outgoing IP address), and from which country/ISP (but not your source IP address). Information regarding the total sum of data transferred by a given user. With your permission, we collect anonymized app diagnostic data, which include crash reports, usability diagnostics, and VPN connection diagnostics. |
What data they don’t log | No data about the contents or destinations of VPN traffic, no DNS queries, and no IP addresses. |
Can you delete your data? | Yes if european, must contact support |
Third-party sharing policies | Users may opt out of third-party vendor use of cookies |
Surveillance
Log camera device/ app footage | n/a |
---|---|
Log microphone device/ app | n/a |
Location tracking device/ app | No |
Parental Controls
Are there parental controls? | No |
---|
Company History
Any security breaches/ surveillance issues in past? | No |
---|---|
Did they do anything to fix it? | n/a |
Additional Security Features
Anything like privacy shutters, privacy zones, etc.? | n/a |
---|