QUICK LINKS

Surfshark Privacy Policy

Last updated: 2025.10.13

Since our privacy policy ("Privacy Policy") is quite lengthy, we thought you might appreciate a short and easy breakdown. These highlighted bits will do precisely that! Think of them as helpful guides — they'll make the legal language easier to understand.

This Privacy Policy explains how Surfshark B.V, address Kabelweg 57, 1014BA Amsterdam, the Netherlands (“Surfshark”, “we”, “us”, or “our”), processes your personal data through our website (the “Website”), online hosted services and any related application, software or functionality offered by Surfshark (the “Services”).

Please review this Privacy Policy thoroughly to understand our policies and practices concerning your personal data and how we will handle it. This Privacy Policy should be read alongside our Terms of Service. Together, these two documents create a single, legally binding agreement between you and Surfshark. 

Surfshark processes your personal data and acts as a data controller in accordance with privacy laws, including the General Data Protection Regulation (“GDPR”).

By continuing to use our Website and / or Services, you agree to the terms of the current Privacy Policy. We kindly request that you refrain from using our Services and Websites if you do not agree with this Privacy Policy or any of its provisions.

We may need to amend the Privacy Policy from time to time. If there are any significant updates, we'll let you know ahead of time through our Website or by email. You'll always find the date of the latest update at the top of the Privacy Policy.

1. How do we handle your connection data?

No-logs Policy is one of the most important features of our VPN service and we keep our VPN service logs-free. We don’t store any information that could lead us to see your online activities.

Surfshark respects your privacy, therefore, we are committed to not process any information related to the online activity of our users. Surfshark is based in the Netherlands jurisdiction, which does not require information storage or reporting. We do not collect any information about what you do online (i.e., we do not collect your visited IP addresses, browsing history, session information, connection time stamps, used bandwidth, network traffic or any other similar information).

To ensure the functionality of our VPN service, our servers temporarily keep details about your connection to a specific VPN server, such as your user ID and / or your IP address and connection to VPN server time stamps. However, this information is automatically deleted within 15 minutes after your session ends. Rest assured, we do not store any information about the websites you visit.

2. What personal data we collect, why, on what basis, and for how long?

Surfshark collects limited personal data, which includes any data that can directly or indirectly identify you when you use our Services. Personal data helps us to provide you Services, enhance your experience, improve our Services, and ensure compliance with legal obligations. We are committed to protecting your privacy and handling your personal data responsibly.

Here's a breakdown of the personal data we gather and what we use it for:

2.1 Personal data needed for us in order to provide Surfshark Services

2.1.1 For you to be able to create a Surfshark account
Data collected
Email address, encrypted password, account registration date, coupon code (if any).
Legal basis
Processing your personal data is essential for us to provide you a service and carry out the terms of our service agreement.
How long we keep it
We keep your personal data for as long as you use the services and for 2 years after the last login.

We use this information to create your account so that you can use our Services.

2.1.2 To provide you with Surfshark Services
Data collected
User ID, information about subscription (subscription plan name, subscription term, subscription ID, subscription frequency, amount, currency, status, auto-renewal status, and information about 2FA (on/off)), date of the payment, amount paid, currency, payment status, payer residence country (and state), IP address, coupon used (if any), part of the credit card number, credit card expiry date.
Legal basis
Processing your personal data is essential for us to provide you a service and carry out the terms of our service agreement.
How long we keep it
We keep your personal data for as long as you use the services and for 2 years after the last login.

Please note that to handle your payments and refunds, our trusted payment partners collect necessary details like the transaction date, payer’s IP address, credit card number, and the cardholder's full name. Depending on your location, our payment partners may also need additional details like a personal ID, passport, or your address.To learn what personal data these payment providers collect and store, please refer to their individual terms of service and privacy policies.

2.2 Personal data needed for specific Surfshark Services

In addition to the personal data needed for account setup and general service delivery, we'll also collect additional data specific to the individual service you use. This personal data is essential for the particular Surfshark Service to function correctly:

2.2.1 Personal data needed for specific Surfshark Services

We use this information to provide you with the specific Surfshark Services you have requested.

Data collected
Our servers temporarily keep details about your connection to a specific VPN server, such as your user ID and / or your IP address and connection time stamps.
Legal basis
Processing your personal data is essential for us to provide you a service and carry out the terms of our service agreement.
How long we keep it
Connection information is automatically deleted within 15 minutes after your session ends.
2.2.2 Provision of the VPN service
Data collected
Our servers temporarily keep details about your connection to a specific VPN server, such as your user ID and / or your IP address and connection time stamps.
Legal basis
Processing your personal data is essential for us to provide you a service and carry out the terms of our service agreement.
How long we keep it
Connection information is automatically deleted within 15 minutes after your session ends.
2.2.3 Provision of the Search tool service

What you search for stays private. We don't collect such information. 

Data collected
Aggregated number of your performed searches.
Legal basis
Processing your personal data is essential for us to provide you a service and carry out the terms of our service agreement.
How long we keep it
We keep your personal data for as long as you use the services and for 2 years after the last login.
2.2.4 Provision of the Alternative ID service

Alternative persona

Data collected
Your alternative persona’s name, middle name, surname, date of birth, gender, country, city, address, postal code.
Legal basis
Processing your personal data is essential for us to provide you a service and carry out the terms of our service agreement.
How long we keep it
We keep your personal data for as long as you use the services and for 2 years after the last login.

Alternative email

Data collected
Your email address, email mask and its description, subject line of the email letter, the content of the email letter (only for technical reasons, i.e., to forward it), email sender and receiver, email forwarding status, user profile data, metadata associated with the email.
Legal basis
Processing your personal data is essential for us to provide you a service and carry out the terms of our service agreement.
How long we keep it
We keep your personal data for as long as you use the services and for 2 years after the last login.

To be able to use Alternative email service, you will have to verify your email address to which emails are forwarded. The Emails you receive via the Alternative Email service along with sender and recipient email server IP address, sender email address and timestamps are deleted as soon as they are forwarded to your email address. We use a trusted email service provider to facilitate this service.

Alternative number

Data collected
The telephone number that has been assigned to you by Surfshark, as well as your call, SMS log and content.
Legal basis
Processing your personal data is essential for us to provide you a service and carry out the terms of our service agreement.
How long we keep it
We keep your personal data for as long as you use the services and for 2 years after the last login.

In addition, to facilitate the Alternative Number service, we use trusted VoIP service providers. We respect your privacy and we do not access your private content.

2.2.5 Provision of the Alert service
Data collected
Email address and / or personal identity number (or a social security number), and / or credit card number, information related to data leaks found.
Legal basis
Processing your personal data is essential for us to provide you a service and carry out the terms of our service agreement.
How long we keep it
We keep your personal data for as long as you use the services and for 2 years after the last login.

To use our Alert service for detecting personal data leaks, you can submit your email address, personal identity number (or a social security number), or credit card number for monitoring. We'll  securely retain this information, encrypting personal identity and credit card numbers. When you enter your email, you authorize us to find and provide you with additional leaks-related details, for example, usernames, passwords, full names, country, physical address, IP addresses. For credit card or social security number leaks, we'll only show you data categories (e.g., credit card details, name, address, password, nationality) for security reasons, rather than the specific compromised data.

2.2.6 Provision of the Data Leak Checker service
Data collected
Email address, data leaks your email address was involved in.
Legal basis
Legal basis for the processing of personal data is your consent.
How long we keep it
We do not retain your personal data.

Data Leak Checker allows you to check if your personal data has been compromised in a data leak. By voluntarily entering your email address, you can find out if your personal information has been exposed. Please note that we do not store your email address or information related to data leaks.

2.2.7 Provision of Dedicated IP service
Data collected
Your email address, your dedicated IP address.
Legal basis
Processing your personal data is essential for us to provide you a service and carry out the terms of our service agreement.
How long we keep it
We keep your personal data for as long as you use the services and for 2 years after the last login.

If you opt for our Dedicated IP service, certain online activities could be linked back to your account.

2.2.8 Provision of the Antivirus service for Windows, MacOS, and Android users
Data collected

We will collect information about your devices on which you use the Antivirus service. This information is needed to ensure the compliance with the limitation for the number of devices that one client may use for the Antivirus service as provided in our Terms of Service.

Also, to improve user experience we will retain statistical information about the usage of the webcam protection feature, including the number of times you received a request to access your camera or microphone, which preference you selected, whether this feature is turned on or off, how many apps you have included in the exclusion list.

To provide statistics on what malware was detected, we will process malware name and type, country, OS, and user ID.

Legal basis
Processing your personal data is essential for us to provide you a service and carry out the terms of our service agreement.
How long we keep it

We keep your personal data for as long as you use the services and for 2 years after the last login.

Information about malware name and type, country, OS, and user ID will be fully anonymized after 1 year from our receipt of the data.

2.2.9 Provision of email scam checker service
Data collected
The sender's email address, the email subject, and the content of the email, including any website address indicated therein.
Legal basis
Legal basis for the processing of personal data is your consent.
How long we keep it
The collected data will only be stored for the brief period necessary to perform the scan and provide you with the results. Sender’s email address will be kept for 30 days to improve our services.

In order for you to be able to use our AI powered email scam checker, which scans your emails for potential scam threats, we need to collect specific data from the emails you choose to scan. This data includes the sender's email address, the email subject, and the content of the email, including any website address it contains. Your consent will be required to collect this information, as you will actively select which emails from your inbox to scan. The collected data (except sender’s email address) will only be stored for the brief period necessary to perform the scan and provide you with the results. Please note that in order to improve our email scam checker, we will use your personal data in a completely anonymized format, based on our legitimate interest in enhancing our services.

Please note that we respect your privacy and do not access any of your private content or use any of your data to train our AI models.

You can find information about how your personal data is processed for email scam checker diagnostics in paragraph 2.3.9 of this privacy policy.

2.3 Other personal data processing purposes

As indicated above, generally we use your data to provide our Services. Nevertheless, we also process some of it for other legal reasons. These might not be a direct part of the Services you use, but they're also important for keeping things secure, running smoothly, making our offers better, and meeting our legal duties. You'll find all the details about these extra data activities in the section below.

2.3.1 To ensure the security of your account
Data collected
Device name, operating system, Surfshark app version installed, last login date.
Legal basis
Legal basis for the processing of personal data is our legitimate interest to ensure the security of your account.
How long we keep it
We keep your personal data for as long as you use the services and for 2 years after the last login.

To enhance the security of your account, when you log in to the Surfshark app, we collect the information indicated above. This helps us recognize your trusted devices and allows us to provide better security for your account. As part of this, we'll notify you by email if you log in from a new device that differs from your last-used devices.

This email will provide you with the login details. If you did not log in from this new device, it is crucial to change your password immediately to secure your account. We also strongly encourage you to enable two-factor authentication for enhanced protection. By promptly notifying you of logins from unfamiliar devices, we enable you to take swift action if anything appears suspicious, thereby helping to ensure your account's safety.

2.3.2 To enable you to submit an inquiry and communicate with customer support
Data collected
Your email address, the content of inquiry, including any information that you share with our customer support team that is necessary to resolve the query, date and time of inquiry.
Legal basis
We process your personal data with your consent or in our legitimate interest to provide you with the necessary information.
How long we keep it
We keep personal data used for communication and customer support for as long as your subscription is valid and up to 2 years after your last contact.

To ensure the security and privacy of your account, Surfshark requires identity verification before we can assist with your customer support inquiry. This process helps us protect your data and provide you with the most accurate and personalized support.

2.3.3 To enable you to interact with the live chatbot
Data collected
Your name, email address, date and time of inquiry.
Legal basis
Processing your personal data is essential for us to provide you a service and carry out the terms of our service agreement and / or our legitimate interest.
How long we keep it
We keep personal data used for communication and customer support for up to 2 years after your last contact.
2.3.4 To contact you via email about important updates and announcements related to your use of the Services and Website (transactional communications)
Data collected
Your email address, the content of the email address, date and time of email sent.
Legal basis
Processing your personal data is essential for us to provide you a service and carry out the terms of our service agreement.
How long we keep it
We keep your personal data for as long as you use the services and for 2 years after the last login.
2.3.5 To send you offers, surveys, and other marketing content
Data collected
Your email address, the content of the email letter, the date and time of the email letter sent.
Legal basis
Legal basis for the processing of personal data is your consent or our legitimate interest to conduct marketing activities.
How long we keep it
We will process your information until we receive your opt-out request.

We may contact you via email for this purpose, but we also encourage you to contact us via our online contact form to get the best VPN offer for you.

Also, to help you with your order, we might send an email letting you know if a purchase wasn't completed (unfinished order). This is based on our legitimate interest in improving your experience with us and assisting you with any issues related to your orders.

If you do not wish to receive emails from us, you can opt out by contacting support@surfshark.com or by clicking “unsubscribe” at the bottom of any correspondence. If you have multiple email addresses, you will need to opt out for each address to be removed from our active database. However, we will continue to communicate with you for essential service delivery, to address your inquiries, and to provide transactional product or service-related updates.

Also, please note that you may still receive information about our Services from other parties who use their own mailing lists.

2.3.6 To enable your participation in our referral program
Data collected
Your unique referral link, your rewards (the amount of money or months earned), your Paypal account details.
Legal basis
Processing your personal data is essential for us to carry out the terms of our service agreement.
How long we keep it
Personal data is processed for as long as you use the account and 2 years after the last login.
2.3.7 To manage and administer our accounts on social networks
Data collected
Your interaction data, e.g., likes, comments, full name, pseudonym, social network profile name, pictures.
Legal basis
Legal basis for the processing of personal data is our legitimate interest to engage with the community and to manage our social networks accounts.
How long we keep it
We will process your provided information until you delete your posted content or social networks account.

Please note that when you share information on social network accounts, e.g., Facebook, X, we don't control how they use or store that data. These companies collect and process your information for their own reasons, including their own marketing efforts. For full details on how these platforms handle your personal data, please check each social media privacy policies directly.

2.3.8 To determine eligibility for subscription discounts through automated decision-making, including profiling
Data collected
Information related to your subscription.
Legal basis
We use your personal data because it's in our legitimate interest to enhance your experience.
How long we keep it
We keep your personal data, for as long as you use the services and for 2 years after your last login.

We may use an automated decision-making, including profiling, process to evaluate whether to apply a discount to the price of the subscription a user purchases. This will not increase the price of the subscription you want to purchase.

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person. Automated decision-making is the process of deciding by automated means without any human involvement. Our system may automatically generate decisions using a very limited amount of your personal data (for example, information related to your subscription). For instance, we may use an automated decision-making process, including profiling, to evaluate whether to apply a discount to the price of the subscription you purchase.

In instances where a decision based solely on automated processing produces legal consequences for you, or otherwise significantly affects you, you retain the right to challenge the decision, express your viewpoint, and request human involvement. You can achieve this by contacting us at support@surfshark.com. We will assess your request and provide a human examination of the decision, ensuring that your rights are fully honored.

2.3.9 To maintain and improve the quality of our Services and provide effective support (diagnostics and crash reporting)
Data collected

Aggregated performance information, the frequency of use of Services, unsuccessful connection attempts, device information, and other similar information.

In the case of email scam checker diagnostics, we will collect information including the sender's name and email address, the receiver's name, the email subject, the content of the email, and any attachments metadata (file name, file type).

Legal basis
Legal basis for such processing is your consent.
How long we keep it
We keep your personal data until you withdraw your consent, but no longer than 7 days from its receipt.

To fulfil this goal, we collect diagnostics information and monitor crash reports on our apps and extensions. Please note that diagnostics information does not contain uniquely identifiable information (except as provided below regarding email scam checker service). However, if you face some problems when using our apps, we may require your device information to solve these problems. We will access this information only if you provide a separate consent for that.

In the case of email scam checker diagnostics, we will collect a minimal amount of necessary personal data. This includes the email sender's name and email address, the receiver's email address, the email subject, the content of the email, and metadata of any attachments.

2.3.10 To enable the auto-connect feature for the trusted Wi-Fi network
Data collected
Wi-Fi name (Service Set Identifier).
Legal basis
Legal basis for such processing is your consent.
How long we keep it
We will process your personal data until you withdraw your consent.

Upon your permission, we collect your Wi-Fi network name (Service Set Identifier) exclusively to enable the auto-connect and trusted Wi-Fi features. This allows our app to automatically connect to a server without you having to worry about it. Crucially, this information is stored solely on your device. We do not store or share it with any third party.

2.3.11 To improve our analytics and optimize advertising
Data collected
Cookie ID, mobile device ID, device specification, advertising IDs.
Legal basis
Legal basis for the processing of personal data is your consent to deliver relevant ads and promotional messages to you, and to attribute sales.
How long we keep it
We will process your personal data until you withdraw your consent.

When you use our Website, we automatically collect information about your activity through technologies like cookies if you've given us permission. We may receive information about you from certain advertisers and advertising partners for analytical and advertising purposes. Our advertising partners help us attribute sales, deliver more relevant ads and promotional messages to you, which may include interest-based advertising and account-based advertising.

You can control the use of cookies at the individual browser level on your device. More information about cookies and how to disable them can be found in Section 7 of this Privacy Policy.

2.3.12 To carry out market research and perform internal analytics
Data collected
We aggregate and anonymize the data we collect for this purpose. We then maintain and use this data only in its anonymized form.
Legal basis
Legal basis for the processing of this deidentified data is our legitimate interest.
How long we keep it
Since the data is anonymized we will process it indefinitely.

We create aggregated statistical data and conduct market research and analysis to understand customer needs, analyze sales, and identify other business trends. This helps us to improve our services and operate our business more effectively, using aggregated and/or inferred non-personal information.

2.3.13 To comply with legal requirements, exercise or defend legal claims
Data collected
Email address, subscription information, payment-related information, other necessary information and / or legal documents.
Legal basis
Legal basis for the processing of personal data is a legal obligation to which we are subject (in case we need to collect your data statutorily) and our legitimate interest to defend our rights and interests (in case of other legal processes related to you, if any).
How long we keep it

We retain this data for as long as it is indicated in the specific law.

We may also retain personal data for longer periods to comply with legal obligations, respond to government requests, or enforce our contracts and Terms of Service, including investigating potential violations.

We are subject to tax and other statutory requirements. We may have to protect our legitimate interests and legal rights. In these cases, we may be required to collect and store a limited amount of your personal data indicated above: email address, subscription information, payment-related information, other necessary information and / or legal documents.

2.3.14 To collect applicable tax, solve payment related issues, prevent fraud, and ensure accounting
Data collected
Part of the credit card number, payer’s IP address, payment amount, currency, date of payment and card expiry date, residence country, state.
Legal basis
Legal basis for the processing of personal data is a legal obligation to which we are subject.
How long we keep it
We will retain payment-related information for 10 years from the receipt of this information.

To calculate applicable VAT/sales tax, we collect your country and, where applicable, state of residence. Should you opt to receive an invoice for the services rendered, we may also retain the necessary data to generate and issue that invoice.

3. How long do we keep personal data?

Please keep in mind that having an audited No-logs Policy is one of our core principles (see more in our Terms of Service), therefore we collect only the minimum amount of data about you, which is required to provide you with our Services.

Thus, unless specified differently in this Privacy Policy, we retain your personal data until it is no longer necessary for the reasons we initially collected it for, or until we receive a valid request to remove it, with some exceptions. However, there may be instances where we need to use and store your personal data beyond the timeframes mentioned above for purposes such as compliance with our legal obligations and / or exercising and defending legal claims.

4. Is personal data transferred to other countries?

Wherever your personal data needs to be sent, we always take extra care to keep it safe and sound.

Your data, as specified in this Privacy Policy, may be stored and processed in any country where we have facilities or in which we engage service providers. We carefully assess all international data transfers and implement appropriate safeguards to ensure your personal data remains protected as outlined in this Privacy Policy. Please note that we use Standard Contractual Clauses approved by the European Commission (you can access it here) to transfer your personal data from the EEA to other countries outside the EEA territory (e.g., the USA) or we transfer personal data to countries that the European Commission has recognized as ensuring an adequate level of data protection (you can access the list of countries here).

5. With whom do we share personal data?

It takes a village to keep our Website and Services up and running and we want to be transparent about what types of personal data we've shared and with whom, all for legitimate business reasons.We need third- party tools and services for things like marketing, payments, live chat, and so forth. Since these don’t belong to us, we urge you to read their terms and policies on their sites.

Surfshark shares personal data with the authorized parties only in cases where necessary for the purposes described in this Privacy Policy and allowed in accordance with applicable laws.

5.1 In the preceding 12 months, we have disclosed strictly necessary personal data for an operational purpose to the following categories of third parties:
Category of data recipients
Marketing, application analytics service providers, such as Iterable, Firebase Analytics (by Google), Taboola and Appsflyer.
Purpose of personal data transfer
We use them to manage our contacts and automate our marketing.
Country of the recipient
United States, Sweden, Ireland, United Kingdom.
Category of data recipients
Performance marketing service providers, such as Hasoffers (Tune Inc.).
Purpose of personal data transfer
We use them to calculate our conversion attribution.
Country of the recipient
United States
Category of data recipients
Third-party payment providers, such as Stripe, Adyen, Checkout, Coingate and similar.
Purpose of personal data transfer
They help us to process payments together with our own authorized payment processing companies.
Country of the recipient
United States, Ireland, British Virgin Islands.
Category of data recipients
Storage and infrastructure service providers, such as BigQuery (by Google).
Purpose of personal data transfer
They help us to store, analyze, and manage data.
Country of the recipient
United States
Category of data recipients
Live chat and support service providers, such as Zendesk.
Purpose of personal data transfer
We use them to provide live chat technology and provide support to our users.
Country of the recipient
United States
Category of data recipients
Security service providers, such as Cloudflare.
Purpose of personal data transfer
We work with them to provide improved security and performance.
Country of the recipient
United States
Category of data recipients
Providers that help us deliver the Alternative ID service, such as Telnyx.
Purpose of personal data transfer
We work with them to provide you with Alternative ID services (such as Alternative Number).
Country of the recipient
United States
Category of data recipients
Group companies.
Purpose of personal data transfer
We share data with our group companies to support our daily operations and ensure Surfshark can continue providing you with Services.
Country of the recipient
EEA, United States, United Kingdom.
Category of data recipients
Other Surfshark’s partners.
Purpose of personal data transfer
We share your personal data with our distribution, reseller, and app store partners, each of which is an independent controller of your personal data.
Country of the recipient
United States
Category of data recipients
Third parties whose services you buy through us.
Purpose of personal data transfer
We may provide your personal data to the third parties that deliver the services you buy through us. We only share the minimum amount of data necessary (e.g. your email address) to enable you to receive the services you have requested. Each of these companies acts as an independent controller of your personal data.
Country of the recipient
EEA, United States
5.2 There are a few more cases in which we can share your information with other authorized parties:
Category of data recipients
Third parties (in case of corporate reorganization, bankruptcy or liquidation proceedings).
Purpose of personal data transfer
If we undergo a corporate reorganization (like a merger, acquisition, or sale of our business), we may share personal data with the involved third parties (e.g., the buyer, their agents, and advisors) to help complete the transaction.
Country of the recipient
When EU or UK data protection laws apply, our legal basis for this is our legitimate interest in conducting business, or your consent if required by law.
Category of data recipients
Authorities
Purpose of personal data transfer
We only disclose personal data to law enforcement authorities or courts of competent jurisdiction when we are asked and legally obliged to do so (our Transparency report page will display if we’re ever asked to do so).
Country of the recipient
Legal obligation
Category of data recipients
Other parties
Purpose of personal data transfer
We'll only disclose your personal data with others if you give us permission or if there's a legal reason to do so (e.g., we might share it with a legal representative).
Country of the recipient
Legal obligation, legitimate interest, or your consent.

6. What choices do you have over your personal data?

We respect GDPR, CCPA, and other privacy legislation, and you can ask us to delete your personal data or implement other rights by emailing us at support@surfshark.com.

You may be aware that the GDPR, CCPA, and other privacy laws give certain rights to individuals in relation to their personal data. Accordingly, we have implemented additional transparency to help users take advantage of those rights.

As available and except as limited under applicable law, individuals have the rights described below:

RightDescription
Right to accessYou can access your personal data or receive a copy of it by contacting us.
Right to portabilityYou can object to processing of your personal data, ask us to restrict processing of your personal data, or request portability of your personal data where it is technically possible.
Right to rectificationYou can ask for the correction of inaccurate personal data and, subject to the nature of the collection and use, the completion of incomplete personal data.
Right to erasureRight to deletion of your personal data specified in Clause 2, unless we are legally required or we have a legal basis to maintain certain personal data.
Right to withdraw consentIf we have collected and processed your personal data with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal data conducted in reliance on lawful processing grounds other than consent.
Right to objectYou can object to us processing your personal data when we do so based on our legitimate interests.
Right to lodge a complaintIf you are located in the UK, you have the right to lodge a complaint with the Information Commissioner’s Office. If you are located in the EU, you have the right to lodge a complaint with the relevant Supervisory Authority.

In addition to the above rights, the following rights (which may be subject to certain exemptions or derogations) shall also apply to individuals covered by the CCPA:

RightDescription
Right to Opt Out of Sale/SharingYou have the right to opt out of the sale or sharing of your personal information to third parties. However, we would like to inform you that we do not sell, rent, lease, or trade your personal data with anyone, nor do we plan to do so in the future.
Right to Non-DiscriminationYou have the right to not receive discriminatory treatment if and when you exercise your privacy rights under the CCPA.
Right to Limit Use of Sensitive Personal Information.You have the right to limit the use of your sensitive personal information when such use goes beyond that which is necessary for providing the Services or certain other permissible purposes (e.g., fraud prevention). However, Surfshark does not process personal information in a manner that gives rise to this right.

7. How do we use cookies and other tracking technologies?

Most sites on the internet, including Surfshark’s, use cookies, pixels, web beacons, and other similar technologies (collectively called “cookies”), as they’re pretty convenient to help provide, protect, and improve our Services and Website. If you want to, you can reject those, but some things may not work completely or as well as they should.

You can check what cookies we use in our Cookie Policy which is an integral part of this Privacy Policy.

8. How do we protect personal data?

We really care about your security and privacy and do a lot to protect it. However, anyone who tells you that 100% anything-proof security is possible either doesn’t know much about it or is trying to mislead you. Please keep that in mind.

We have implemented appropriate organizational, physical and technical security measures, including SSL/TLS encryption for data transfers, hashed passwords, firewalls, and regular audits. We take all the reasonably necessary steps to ensure that your personal data is treated securely.

While we implement security measures on our Website and through our Services, you should be aware that 100% security is not always possible. Whenever you give out your information online there is a risk that a third party may intercept and use that information. While we strive to protect your information and privacy, we cannot guarantee 100% security of any information you disclose online. By using the Services, you expressly acknowledge and agree that we cannot guarantee the security of any information provided to or received by us through the Services and that any general information, other information, or information received from you through the Website or our Services is provided under your own responsibility.

9. Children’s data

We do not knowingly collect or solicit personal data from anyone under the age of 18.

We don't offer services to anyone under 18 and don't knowingly collect personal data from them. If you're under 18, please don't send us any personal data. If we find out that we have received personal data from someone under 18, we will delete it right away. If you believe that we might have any such data, please contact support@surfshark.com.

10. Who should you contact with questions or concerns?  

Our 24/7 Customer Support Team will help you out as soon as they can.

If you have any questions, concerns or complaints relating to this Privacy Policy and / or Surfshark Services, or you would like to exercise your privacy rights, please feel free to contact us at the following email address support@surfshark.com or chat with us on the Website.

11. Are there any other terms you should know?

The English version of this Privacy Policy prevails.

While translations of this Privacy Policy may be provided in other languages, they may not be fully up-to-date or comprehensive. Thus, in case of any conflict between the English version and the translated versions of this Privacy Policy, the English version shall always take precedence.