If you have a specific question, feel free to click to the appropriate section below:
1. What information is collected?
We’re based in the British Virgin Islands, which allows us to keep our VPN logs-free. We don’t collect any information that could lead us to know who you are or what you’re up to online.
Surfshark respects your privacy, therefore we are committed to not process any data related to the online activity of our users. Surfshark is based in the British Virgin Islands, which does not require data storage or reporting. We do not collect IP addresses, browsing history, session information, used bandwidth, connection time stamps, network traffic and other similar data.
We do need to keep the information you provide when you’re creating your account, though. Usually we ask for your email address and basic billing information. It’s the only way we can make sure your account works.
To fully use Surfshark Services, you will need to create a user account. We collect the following information provided upon signup:
- User’s e-mail address and encrypted password. We need your email address to create and manage your account, to provide customer service, whether it’s responding to a request or following up on an order, and to market products and Services that may be of interest to you.
If our apps misbehave, we’d appreciate a diagnostics report (it shows us what went wrong without giving away anything about you or what you do online). You can opt out, but it helps us fix any issues much more efficiently.
To maintain a perfect quality of our Services and provide you with efficient support we collect diagnostics information and monitor crash reports on our apps. The information we collect contain aggregated performance data, the frequency of use of our Services, unsuccessful connection attempts and other similar information. As you probably already understood, the data collected for diagnostic purposes does not contain uniquely identifiable information.
Information we collect on our Website and apps
We use tools like Google Analytics to keep our website working and to do marketing. You can opt out of this, too - but on Google’s terms. We also use advertising IDs in our apps (you can opt out on your device). Simply said, these also don’t give away anything about you personally or about what you do online. It merely allows us to, for example, show ads to people who have visited our website before or to see that something on our site doesn’t work quite as it should.
The information we collect on our Website may include anonymous “traffic data” provided by the host or similar provider of such information (e. g. Google Analytics) that does not personally identify you but may be helpful for marketing purposes or for improving the Services we offer. Analytics is the process of collecting, analyzing, and reporting aggregate data. This information may include which pages visitors visit and how long visitors may stay on a particular page. It may also provide information about what browser, network, or device is used to visit our Website. To learn more about Google Analytics and how to opt out, please visit www.google.com/analytics/learn/privacy.html.
In addition, when you visit our Website, we may also retain your IP address, a unique identifier for your computer or other access device. This helps us diagnose problems with our server, to administer our Website, or to display the content according to your preferences.
When you use our app, we may collect advertising identifiers – unique, user-resettable IDs for advertising, provided by third parties (e. g. Google Play). Advertising IDs are used for marketing purposes and user analytics and are not connected to user’s personal information. You can reset your identifier or opt out of personalized ads by adjusting your device settings.
When you permit us through a pop-up within our app, we collect your location data, in particular only WiFi name (Service Set Identifier), for the purpose of enabling “Auto-connect” feature, which extends to “Trusted WiFi” networks. This feature allows our app to automatically connect to a server without your worry about it. However, please rest assured that we do not share this location data to any third party.
Cookies and web beacons
A cookie is a small string of information that transfers to your computer for identification purposes. Cookies can be used to follow your activity on the Website and that information helps websites to understand your preferences and improve your website experience. You can turn off all cookies in the event you prefer not to receive them. You can also have your computer warn you whenever cookies are being used. There are also software products available that can manage cookies for you. Please be aware, however, that when you choose to reject cookies, this choice may limit the functionality of the Website and you may lose access to some of its features.
A web beacon is an invisible pixel-sized graphic image on a web page, web-based document or e-mail message. It helps us do things like view the URL of the page on which the beacon appears and the time the Website, document or email in question is viewed. They can be used to confirm the receipt of, and response to, our emails, including those that you forward to friends and family; and they help deliver a more personalized online experience.
Privacy beyond VPN products
We also have other products in addition to Surfshark. You can read more about their specific terms by clicking the links down below.
2. How does our Website interact with third party services and content?
It takes a village to keep a VPN up and running. We need third-party tools and services for things like marketing, payments, live chat, and so forth. Since these don’t belong to us, we urge you to read their terms & policies on their sites.
We use third-party service providers to help handle parts of our business. These parties will only use the minimum amount of your data as specified above in Clause 1 for the purpose of carrying out the work as agreed with us. Such service providers are:
- Marketing service providers – we use them to manage our contacts and automate our marketing.
- Third-party payment providers – they help us to process payments together with our own authorized payment processing companies.
- Storage ad infrastructure providers and Ads service providers – they help us to deliver targeted advertising to the Website visitors.
- Live chat and support service providers – we use them to provide live chat technology and provide support to our users.
- Security service providers – we work with them to provide improved security and performance.
Some links may take you outside of our Website and are beyond our control. Please note that these other sites may send their own cookies to users, collect data, or solicit personal information. We urge you to review the equivalent data protection, privacy, and cookie policies available on their websites. We do not accept any responsibility or liability for the data protection of privacy practices of third parties in relation to such websites and your use of third party websites is entirely at your own responsibility.
3. What information do we share with third parties?
Can’t share much when you don’t really collect anything beyond what’s strictly necessary. We strictly do not disclose what little we do have, unless a court may order us to (our Warrant Canary page will display if we’re ever asked to do so).
As you probably already understood we do not have much information to share. Even so, we do not disclose your information to others, unless we are ordered by a court of competent jurisdiction to do so. We do not sell or trade your data with anyone.
4. What choices do you have over how your information is used?
You can opt out of marketing emails (but we do need to keep your address so that we can send you, for example, a reset link for your password in case you ever forget it). Feel free to opt out of cookies - a Google search will help you out with specific instructions for your device or browser.
- Email – Those who wish to opt-out from receiving emails will have their address removed within 1-10 days of receipt of their request to opt-out or to unsubscribe at [email protected] or by clicking “unsubscribe” at the bottom of any correspondence. If you have multiple email addresses, you will need to opt-out for each address in order to be removed from our active database.
- Cookies and web beacons – Your browser may offer the ability to block or delete cookies from your device. Please follow your individual browser’s instructions on how to block and clear cookies.
5. How can you edit or delete your information?
If you want your information edited or your account permanently deleted, email us at [email protected]. The only reason why we may not be able to do that is if there’s still something unresolved going on or if we are legally required to keep some info.
If you would like to edit your information or permanently delete your account, you can email us at [email protected].
If you request, we will delete your information specified in Clause 1, unless, we are legally required to maintain certain personal data, including situations such as the following:
- If there is an unresolved issue relating to your account, such as an outstanding credit on your account or an unresolved claim or dispute we will retain the necessary information about you until the issue is resolved;
- Where we are required to retain the information about you for our legal, tax, audit, and accounting obligations, we will retain only the necessary information for the period required by applicable law; and/or,
- Where necessary for our legitimate business interests such as fraud prevention or to maintain the security of our users.
Please keep in mind, that one of our most important principals is No-logs Policy (see more in our Terms of Service), therefore we collect only the minimum amount of information about you, which is required to provide you with our Services.
6. Does our Website respond to do-not-track signals?
Currently, it doesn’t. You can tweak your specific browser settings to achieve very similar things.
7. What if I access the Website or your Services from my mobile phone, tablet or laptop?
If you are a visitor of our Website, but not a user of our Services, we collect and use information about you in the same way and for the same purposes as specified above in Clause 1 notwithstanding the device or application you use. If you are a user of our Services and access our website using one or more of our applications notwithstanding the device, application, or browser extensions, we collect and use information in the same way and for the same purposes as specified above in Clause 1.
8. How do we secure your information?
We really care about your security & privacy and do a lot to protect it. However, anyone who tells you that 100% anything-proof security is possible either doesn’t know much about it or is trying to mislead you. Please keep that in mind.
We have implemented various security measures, including SSL/TLS encryption for data transfers, hashed passwords, firewalls, and regular audits. We take all steps reasonably necessary to ensure that your data is treated securely.
While we implement security measures on our Website and through our Services, you should be aware that 100% security is not always possible. Whenever you give out your information online there is a risk that a third party may intercept and use that information. While we strive to protect your information and privacy, we cannot guarantee the security of any information you disclose online. By using the Services, you expressly acknowledge and agree that we cannot guarantee the security of any data provided to or received by us through the Services and that any general information, other data or information received from you through the Website or our Services is provided at your own responsibility.
9. What age do I have to be to use the Services?
18 or older.
Surfshark is not intended for users under the age of 18. Such users are expressly prohibited from submitting any of their information to us, and from using portions of the Website for which registration is required. If any information is submitted by such users, it will not be collected or retained.
10. What governing law applies?
We’re based in the British Virgin Islands, so we play by their rules (which are pretty great when it comes to user privacy).
11. What if I am in the European Economic Area (“EEA”)?
Basically, we respect GDPR, and you can ask us to delete stuff or implement any other of your rights by emailing us at [email protected]
You may be aware that a new European Union law called the General Data Protection Regulation or “GDPR” gives certain rights to individuals in relation to their personal data. Accordingly, we have implemented additional transparency to help users take advantage of those rights. As available and except as limited under applicable law, individuals have the rights described below:
- If you are based in the EEA, you can access your personal information or receive a copy of it by contacting us.
- If you are based in the EEA, you can object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information where it is technically possible.
- Similarly, if you are based in the EEA, if we have collected and processed your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
- You have the right to complain to a data protection authority of your habitual residence, place of work or of an alleged infringement and file a complaint regarding our collection and use of your personal information.
If you wish to implement any of the above-mentioned rights, please contact us at [email protected]. We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.
We keep some data (from Clause 1) to do things like process your order or analytics for as long as you use Surfshark and no more than 2 years after you stop.
We keep information about you as specified in Clause 1 only as required by law or as long as necessary for legitimate and essential business purposes, such as fulfilling an order, making data-driven business decisions about new features and offerings, complying with our legal obligations, and resolving disputes. Surfshark stores the information specified in Clause 1 for the whole period when the Surfshark Services are used and for no longer than 2 years after that.
Your data from Clause 1 may travel around the world a bit, but we always take extra care to keep it safe and sound.
Your information as specified in Clause 1 may be stored and processed in any country where we have facilities or in which we engage service providers. When you use our Services, you acknowledge and consent to the transfer to and processing of personal information on servers located outside of the country where you reside. If you are a resident of the EEA or Switzerland, please note that we use standard contractual clauses approved by the European Commission to transfer your personal information from the EEA or Switzerland to other countries.
Legal Basis for Processing Your Personal Information (EEA Visitors Only)
We treat your data in accordance with GDPR. If you have any specific questions, we’ll be happy to answer them - email us at [email protected].
If you are a user located in the EEA, our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it. We will normally collect personal information from you only where we have your consent to do so, where we need the personal information to perform a contract with you, or where the processing is in our legitimate business interests.
If you have questions about or need further information concerning the legal basis on which we collect and use information specified in Clause 1, please contact us using the contact details provided below.
12. Who should I contact with questions or concerns?
Our 24/7 Customer Success Team will help you out as soon as they can.
13. When was this policy last updated?
Keep in mind that we can update this Policy in the future & check it regularly.
December 17, 2020.