Audit report on our privacy policy

KPMG’s audit of ExpressVPN’s privacy policy

KPMG conducted an audit to check that our VPN servers are in compliance with our privacy policy. The audit also tested that our TrustedServer technology operates as we’ve described.

You must agree to KPMG’s terms and conditions below to access the report. ExpressVPN account holders may also access this and other audit reports by signing in to our security audits page.

CONFIDENTIAL REPORTS – TERMS OF DISCLOSURE TO BE READ AND ACCEPTED BEFORE ACCESS IS PERMITTED

Provision of document without responsibility

In this notice, “KPMG” or “we” means the entity issuing this notice and “you” means the user or entity requested to accept its terms.

Introduction

1. KPMG has prepared a confidential document (ISAE (UK) 3000 Report on internal controls) dated [date] (the “Deliverable”). KPMG’s work and the Deliverable were not prepared in contemplation or for the purpose of your interests or needs. KPMG has permitted Express Technologies Limited to provide you with a copy of the Deliverable, subject to your acceptance of the terms of this notice.

No updating

2. Significant events may have occurred since our work was performed or the date of matters to which the Deliverable relates. It is not KPMG’s responsibility to update you on such events.

Terms

3. KPMG does not accept any responsibility to you, for its work, for the Deliverable or for any findings, conclusions, recommendations or opinions that KPMG has made in or connected with the Deliverable.

4. KPMG does not warrant or represent that any facts or matters in the Deliverable are suitable for your purposes.

5. The Deliverable cannot serve as a substitute for other enquiries and procedures that you would (or should) otherwise undertake and judgements you must make to satisfy yourself regarding matters of interest to you.

6. KPMG is prepared to permit the provision of the Deliverable to you, on condition you accept the above paragraphs and agree that:

a. “Information” means the Deliverable;

b. in respect of the Information (and any part of it) you should obtain verification from other sources and not rely on KPMG;

c. to the fullest extent permitted by law, KPMG owes no duty to you, whether in contract or in tort (including in negligence) or under statute or otherwise with respect to or in connection with the Information;

d. if you rely upon any of the Information for any purpose, you do so at your own risk;

e. you will not bring any actions, proceedings or claims against KPMG where the action, proceeding or claim in any way relates to or concerns or is connected with the Information;

f. to the fullest extent permitted by law, KPMG has no liability to you for any loss or damage suffered or costs incurred by you, arising out of or in connection with the Information or its use, however such loss or damage is caused;

g. you will not refer to the Information nor allow access to it or any report derived from it to any person or entity (except with any other party who has agreed to the terms of a notice in a similar form to this notice) without KPMG’s prior written consent, save (i) where you wish to discuss the Information (or any part of it) with the party which engaged KPMG to prepare the Deliverable; or (ii) where disclosure is required by law (including where requested by your statutory auditors), regulation (including the rules of any stock exchange) or court order, or is required or requested by a competent regulatory, governmental, judicial or supervisory authority with whose requirements you are bound to comply (in which case you shall, unless prohibited by law or regulation, inform us in advance unless it is not reasonably practicable to do so, in which case you shall inform us promptly thereafter) or (iii) as set out in paragraphs 6(h) and (i), below;

h. you may disclose the Information for your own internal purposes, which includes distribution amongst your and your affiliates’ directors, officers and employees who need to have access to or to discuss the Information in connection with their responsibilities. You may also disclose the Information to your affiliates, for the purposes of assisting you in relation to the Information, provided that a) such affiliates agree not to disclose the Information (save as permitted by paragraph 6(g)(ii)) and agree that KPMG accepts no duty or liability to them and b) you remain responsible to us for any breach of these terms by an affiliate. In this paragraph “affiliate” means any legal entity that, directly, or indirectly, controls, or is controlled by, or is under common control with you; and

i. we understand that you may wish to seek support or advice from your legal or other professional advisers in connection with the subject matter of the Deliverable and that those advisers need to see the Deliverable. You may disclose the Information to any such advisers where they are a member of a regulated profession and are bound by mandatory external professional rules governing the confidentiality and use of materials that they receive while acting in their professional capacity. You must inform such advisers that they receive the Information only to support or advise you, that KPMG accepts no duty or liability to them and the Information is to be treated as confidential.

j. if you are a prospective customer of Express Technologies Limited, you will read the Information in situ, and will not print, share or distribute a copy of the Information.

7. The work resulting in the Deliverable was undertaken by, and the Deliverable was prepared by and is the sole responsibility of, KPMG, that is KPMG LLP. In paragraph 6 of this notice all references to “KPMG” (except for the references in paragraph 6(g)) shall have an extended meaning so that they include, in addition to KPMG LLP, partners/members, employees and agents of KPMG LLP. This notice is for the benefit of all of those third parties referred to in the previous sentence and each of them may enforce in their own right all of the terms of this notice.

Entire Agreement

8. This notice sets out the entire agreement between you and KPMG as to the conditions on which the Deliverable is provided to you. It replaces any prior agreements or understandings between you and KPMG in that regard.

Governing Law

9. This notice and its terms shall in all respects be governed solely by English law, and the Courts of England and Wales shall have exclusive jurisdiction over any dispute arising out of it or in connection with it on any basis.

Acceptance

10. Please confirm your agreement to the provisions of this notice. We will then permit provision of the Deliverable to you.