If you have a specific question, feel free to click to the appropriate section below:
1. What information is collected?
Surfshark respects your privacy, therefore we are committed to not process any data related to the online activity of our users. Surfshark is based in the British Virgin Islands, which does not require data storage or reporting. We do not collect IP addresses, browsing history, session information, used bandwidth, connection time stamps, network traffic and other similar data.
To fully use Surfshark Services, you will need to create a user account. We collect the following information provided upon signup:
- User’s e-mail address and encrypted password. We need your email address to create and manage your account, to provide customer service, whether it’s responding to a request or following up on an order, and to market products and Services that may be of interest to you.
To maintain a perfect quality of our Services and provide you with efficient support we collect diagnostics information and monitor crash reports on our apps. The information we collect contain aggregated performance data, the frequency of use of our Services, unsuccessful connection attempts and other similar information. As you probably already understood, the data collected for diagnostic purposes does not contain uniquely identifiable information.
Information we collect on our Website and apps
The information we collect on our Website may include anonymous “traffic data” provided by the host or similar provider of such information (e. g. Google Analytics) that does not personally identify you but may be helpful for marketing purposes or for improving the Services we offer. Analytics is the process of collecting, analyzing, and reporting aggregate data. This information may include which pages visitors visit and how long visitors may stay on a particular page. It may also provide information about what browser, network, or device is used to visit our Website. To learn more about Google Analytics and how to opt out, please visit www.google.com/analytics/learn/privacy.html.
In addition, when you visit our Website, we may also retain your IP address, a unique identifier for your computer or other access device. This helps us diagnose problems with our server, to administer our Website, or to display the content according to your preferences.
When you use our app, we may collect advertising identifiers – unique, user-resettable IDs for advertising, provided by third parties (e. g. Google Play). Advertising IDs are used for marketing purposes and user analytics and are not connected to user’s personal information. You can reset your identifier or opt out of personalized ads by adjusting your device settings.
Cookies and web beacons
A cookie is a small string of information that transfers to your computer for identification purposes. Cookies can be used to follow your activity on the Website and that information helps websites to understand your preferences and improve your website experience. You can turn off all cookies in the event you prefer not to receive them. You can also have your computer warn you whenever cookies are being used. There are also software products available that can manage cookies for you. Please be aware, however, that when you choose to reject cookies, this choice may limit the functionality of the Website and you may lose access to some of its features.
A web beacon is an invisible pixel-sized graphic image on a web page, web-based document or e-mail message. It helps us do things like view the URL of the page on which the beacon appears and the time the Website, document or email in question is viewed. They can be used to confirm the receipt of, and response to, our emails, including those that you forward to friends and family; and they help deliver a more personalized online experience.
Privacy beyond VPN products
Detailed privacy related information regarding additional Surfshark products can be accessed here.
2. How does our Website interact with third party services and content?
We use third-party service providers to help handle parts of our business. These parties will only use the minimum amount of your data as specified above in Clause 1 for the purpose of carrying out the work as agreed with us. Such service providers are:
- Marketing service providers – we use them to manage our contacts and automate our marketing.
- Third-party payment processors – they help us to process payments.
- Storage ad infrastructure providers and Ads service providers – they help us to deliver targeted advertising to the Website visitors.
- Live chat and support service providers – we use them to provide live chat technology and provide support to our users.
- Security service providers – we work with them to provide improved security and performance.
Some links may take you outside of our Website and are beyond our control. Please note that these other sites may send their own cookies to users, collect data, or solicit personal information. We urge you to review the equivalent data protection, privacy, and cookie policies available on their websites. We do not accept any responsibility or liability for the data protection of privacy practices of third parties in relation to such websites and your use of third party websites is entirely at your own responsibility.
3. What information do we share with third parties?
As you probably already understood we do not have much information to share. Even so, we do not disclose your information to others, unless we are ordered by a court of competent jurisdiction to do so. We do not sell or trade your data with anyone.
4. What choices do you have over how your information is used?
- Email – Those who wish to opt-out from receiving emails will have their address removed within 1-10 days of receipt of their request to opt-out or to unsubscribe at [email protected] or by clicking “unsubscribe” at the bottom of any correspondence. If you have multiple email addresses, you will need to opt-out for each address in order to be removed from our active database.
- Cookies and web beacons – Your browser may offer the ability to block or delete cookies from your device. Please follow your individual browser’s instructions on how to block and clear cookies.
5. How can you edit or delete your information?
If you would like to edit your information or permanently delete your account, you can email us at [email protected].
If you request, we will delete your information specified in Clause 1, unless, we are legally required to maintain certain personal data, including situations such as the following:
- If there is an unresolved issue relating to your account, such as an outstanding credit on your account or an unresolved claim or dispute we will retain the necessary information about you until the issue is resolved;
- Where we are required to retain the information about you for our legal, tax, audit, and accounting obligations, we will retain only the necessary information for the period required by applicable law; and/or,
- Where necessary for our legitimate business interests such as fraud prevention or to maintain the security of our users.
Please keep in mind, that one of our most important principals is No-logs Policy (see more in our Terms of Service), therefore we collect only the minimum amount of information about you, which is required to provide you with our Services.
6. Does our Website respond to do-not-track signals?
7. What if I access the Website or your Services from my mobile phone, tablet or laptop?
If you are a visitor of our Website, but not a user of our Services, we collect and use information about you in the same way and for the same purposes as specified above in Clause 1 notwithstanding the device or application you use. If you are a user of our Services and access our website using one or more of our applications notwithstanding the device, application, or browser extensions, we collect and use information in the same way and for the same purposes as specified above in Clause 1.
8. How do we secure your information?
We have implemented various security measures, including SSL/TLS encryption for data transfers, hashed passwords, firewalls, and regular audits. We take all steps reasonably necessary to ensure that your data is treated securely.
While we implement security measures on our Website and through our Services, you should be aware that 100% security is not always possible. Whenever you give out your information online there is a risk that a third party may intercept and use that information. While we strive to protect your information and privacy, we cannot guarantee the security of any information you disclose online. By using the Services, you expressly acknowledge and agree that we cannot guarantee the security of any data provided to or received by us through the Services and that any general information, other data or information received from you through the Website or our Services is provided at your own responsibility.
9. What age do I have to be to use the Services?
Surfshark is not intended for users under the age of 18. Such users are expressly prohibited from submitting any of their information to us, and from using portions of the Website for which registration is required. If any information is submitted by such users, it will not be collected or retained.
10. What governing law applies?
11. What if I am in the European Economic Area (“EEA”)?
You may be aware that a new European Union law called the General Data Protection Regulation or “GDPR” gives certain rights to individuals in relation to their personal data. Accordingly, we have implemented additional transparency to help users take advantage of those rights. As available and except as limited under applicable law, individuals have the rights described below:
- If you are based in the EEA, you can access your personal information or receive a copy of it by contacting us.
- If you are based in the EEA, you can object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information where it is technically possible.
- Similarly, if you are based in the EEA, if we have collected and processed your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
- You have the right to complain to a data protection authority of your habitual residence, place of work or of an alleged infringement and file a complaint regarding our collection and use of your personal information.
If you wish to implement any of the above-mentioned rights, please contact us at [email protected]. We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.
We keep information about you as specified in Clause 1 only as required by law or as long as necessary for legitimate and essential business purposes, such as fulfilling an order, making data-driven business decisions about new features and offerings, complying with our legal obligations, and resolving disputes. Surfshark stores the information specified in Clause 1 for the whole period when the Surfshark Services are used and for no longer than 2 years after that.
Your information as specified in Clause 1 may be stored and processed in any country where we have facilities or in which we engage service providers. When you use our Services, you acknowledge and consent to the transfer to and processing of personal information on servers located outside of the country where you reside. If you are a resident of the EEA or Switzerland, please note that we use standard contractual clauses approved by the European Commission to transfer your personal information from the EEA or Switzerland to other countries.
Legal Basis for Processing Your Personal Information (EEA Visitors Only)
If you are a user located in the EEA, our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it. We will normally collect personal information from you only where we have your consent to do so, where we need the personal information to perform a contract with you, or where the processing is in our legitimate business interests.
If you have questions about or need further information concerning the legal basis on which we collect and use information specified in Clause 1, please contact us using the contact details provided below.
12. Who should I contact with questions or concerns?
13. When was this policy last updated?
March 8, 2019.