Surfshark Cybersecurity Advocacy Fund (CAF) – Terms & Conditions

Last Updated: 2026.05.19

These Terms and Conditions (“Terms”) constitute a legally binding agreement between you, whether personally or on behalf of an entity (“Applicant”, “you”), and Surfshark B.V. (“Surfshark”, “we”, “us”), concerning your application to and participation in the Surfshark Cybersecurity Advocacy Fund (“CAF” or the “Fund”).

By submitting a pitch, application, or any related materials to advocacyfund@surfshark.com, you expressly acknowledge that you have read, understood, and agree to be bound by all of these Terms, as well as the Surfshark Code of Conduct. If you do not agree with all of these Terms or the Code of Conduct, you are expressly prohibited from participating in the Fund and must not submit an application.

If you do not agree with these Terms, please do not submit your pitch.

To be eligible for the Fund, you must meet all of the following criteria:

• You must be actively enrolled as a university student, employed as university faculty (e.g., professor, researcher), or represent an officially recognized university group/organization.
• You must be at least 18 years of age (or the age of legal majority in your jurisdiction).
• Submissions are open globally; however, Surfshark operates under a strict, zero-tolerance policy regarding international sanctions. We cannot and will not accept applications from, distribute funds to, or collaborate with individuals or entities who are located in, citizens of, ordinarily resident in, or associated in any way with comprehensively sanctioned jurisdictions (e.g., Cuba, Iran, North Korea, Syria, the Crimea region) or anyone on applicable restricted party lists (e.g., the U.S. Treasury’s Specially Designated Nationals List).

• We accept pitches during two primary submission windows: September 1st – 30th and February 1st – 28th/29th.
• All pitches, correspondence, and materials must be submitted in English.
• Your idea must be your original work or you must have the lawful right to submit it. Do not submit third-party intellectual property without written permission.

This section is critical for protecting both your work and Surfshark’s ongoing research.

• Surfshark does not claim ownership of the intellectual property (IP) underlying your academic research, art installation, or technological idea.
• If your project is selected for funding, you grant Surfshark a worldwide, royalty-free, sub-licensable license to use your project’s name, logo, pitch description, and final deliverables for marketing, public relations, and promotional purposes across our platforms.
• Please do not submit trade secrets or highly sensitive confidential information in your initial pitch. Submissions to advocacyfund@surfshark.com are not treated as confidential and do not create a Non-Disclosure Agreement (NDA).
• Surfshark is an active cybersecurity and software development company. We are constantly researching and building new products. By submitting an idea, you acknowledge that Surfshark may already be exploring, or may in the future explore, products, features, or initiatives that are similar or identical to your pitch. You agree not to bring any claims against Surfshark for IP infringement or misappropriation based on the independent development of such concepts by our teams.

• Surfshark experts will evaluate pitches based on relevance, clarity, originality, and impact. However, the final selection of funded projects is at the sole and absolute discretion of Surfshark. All decisions are final and cannot be appealed.
• Submission does not guarantee funding, mentorship, or promotion. We receive many applications and unfortunately cannot provide individual feedback for rejected pitches.
• The total annual fund is up to €100,000. This amount is a maximum theoretical pool, not a guaranteed expenditure. Surfshark reserves the right to distribute less than this amount, or none at all, depending on the quality of submissions.

If your project is selected for financial support, the following conditions apply:

• You (or your academic institution) must successfully pass our standard Know Your Customer (KYC) and Anti-Money Laundering (AML) background checks before any funds are disbursed.
• The funding is a discretionary grant. You are solely responsible for declaring this income and paying any applicable local, state, or federal taxes in your jurisdiction. Surfshark will not withhold taxes on your behalf, nor does this funding establish an employer-employee, partnership, or contractor relationship.
• Funds must be used exclusively for the development, research, or execution of the project as described in your approved pitch.

We support bold ideas, but we require ethical execution, honesty, and strict legal compliance. Surfshark reserves the right to immediately terminate all support, demand the immediate return of any disbursed funds, and publicly disassociate from your project if we determine you have committed a material breach of these Terms.

Material breaches include, but are not limited to:

• Providing false information about your identity, academic status, team members, or the fundamental nature of your project (e.g., claiming to be one person or entity when you are another).
• Any direct or indirect association with sanctioned countries, individuals, or entities discovered at any point during our collaboration.
• Stealing code, plagiarizing academic papers, or utilizing third-party intellectual property (such as art, music, patented technology, or trademarked material) without explicit, documented legal permission.
• Using the grant for personal expenses, unrelated projects, or any purposes outside the agreed-upon scope of your initial pitch.
• Involving the creation, distribution, or deployment of actual malicious software (malware, ransomware) in the wild.
• Relying on unauthorized access to third-party systems, networks, or data (including illegal hacking or unethical data scraping).
• Promoting hate speech, discrimination, physical violence, or engaging in public conduct (online or offline) that severely damages Surfshark’s brand reputation by association.
• Failing to communicate with the Surfshark team for extended periods or abandoning the project after receiving financial support.

• Surfshark’s support (whether financial, promotional, or expert guidance) is provided “as is” without any warranties, express or implied.
• Under no circumstances shall Surfshark be liable for any indirect, incidental, or consequential damages arising out of your participation in the CAF or the execution of your project.
• You agree to indemnify, defend, and hold harmless Surfshark, its affiliates, and employees from any claims, damages, liabilities, or legal actions brought by third parties resulting from your project, your negligence, your infringement of third-party rights, or your breach of these Terms.

Surfshark B.V. acts as the Data Controller of the personal data provided by the Applicant (the “Personal Data”). Surfshark processes Personal Data based on contractual necessity (to evaluate and manage the application and administer the Fund) and legal obligation (to comply with financial and other applicable legislation).

Surfshark shall retain Personal Data only for as long as necessary to fulfill the purposes outlined in these Terms:

(a) Unsuccessful Applicants: Personal Data will be retained for up to 12 months following the end of the selection cycle. This post-evaluation retention is based strictly on Surfshark’s legitimate interests (Article 6(1)(f) GDPR) to: (i) resolve any subsequent inquiries, disputes, or intellectual property claims regarding the selection process, and (ii) preserve the integrity of the Fund by identifying and preventing duplicate, spam, or fraudulent submissions across the immediate subsequent submission cycles. After 12 months, the data will be securely deleted.

(b) Successful Applicants: Personal Data will be retained for the duration of the project and for a period of ten (10) years thereafter based on legal obligations for tax, accounting, and audit purposes.

The Applicant has the right to access, rectify, or erase their Personal Data, the right to object to or restrict processing, and the right to data portability. The Applicant also maintains the right to lodge a complaint with a competent Data Protection Authority. In addition to the rights set forth above, California residents specifically have the right to opt-out of the “sale or sharing” of Personal Data and the right to non-discrimination for exercising these rights. To exercise any of these rights, the Applicant may contact support@surfshark.com.

Personal Data may be processed by Surfshark affiliates or third-party service providers located outside the European Economic Area (EEA). Surfshark ensures that such transfers are protected by Standard Contractual Clauses (SCCs) or other adequacy mechanisms approved by the European Commission.

If the Applicant submits personal data regarding team members or collaborators, the Applicant represents and warrants that they have obtained explicit consent from such individuals to share their information with Surfshark for the purposes described in these Terms.

For any privacy-related inquiries or to exercise any applicable data rights, the Applicant may contact Surfshark at support@surfshark.com.

Surfshark reserves the right to modify these Terms, adjust the submission cycles, or pause/cancel the Cybersecurity Advocacy Fund entirely at any time, without prior notice or liability.

These Terms shall be governed by and construed in accordance with the laws of The Netherlands, without regard to its conflict of law principles. Any disputes arising from these Terms shall be subject to the exclusive jurisdiction of the competent courts in Amsterdam, The Netherlands.

Ready to make digital risks visible? Send your pitch to take part in Cybersecurity Advocacy Fund to advocacyfund@surfshark.com.