Introduction
Your privacy is fundamental to how we operate. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our software, visit our website, or interact with our services. We are committed to being transparent about our data practices and to ensuring that your personal information remains protected.
Please read this Privacy Policy carefully. By accessing or using our services, you acknowledge that you have read, understood, and agree to be bound by the terms described herein. If you do not agree with this policy, please refrain from using our services.
We reserve the right to update or modify this Privacy Policy at any time without prior notice. Changes will be effective immediately upon posting on this page, and we encourage you to review this policy periodically to stay informed about how we are protecting your information.
Information We Collect
We collect several types of information from and about users of our services. The categories of information we collect include:
Personal Identifiers such as your name, email address, postal address, telephone number, and company name. This information is typically collected when you register for an account, request support, download software, or communicate with us.
Account Credentials including usernames, passwords, and security questions and answers. These are necessary to authenticate your identity and secure access to our services.
Commercial Information such as records of products or services purchased, subscription details, license keys, and payment transaction information. Payment processing is handled by third-party payment processors, and we do not store full payment card details on our systems.
Network and Device Information including IP addresses, device identifiers, operating system versions, software version numbers, connection timestamps, and network configuration data. This information is collected to enable secure connectivity, troubleshoot issues, and maintain the integrity of our services.
Usage Data such as feature usage patterns, configuration settings, error logs, crash reports, and performance metrics. This helps us improve our software, identify bugs, and optimize user experience.
Geolocation Information including approximate location derived from IP addresses. We do not collect precise geolocation data unless you explicitly provide it or grant permission.
Communications including records of your interactions with our support team, feedback submissions, survey responses, and any correspondence you send to us.
How We Collect Information
We collect information through various methods:
Direct Collection occurs when you voluntarily provide information to us. This includes filling out registration forms, submitting support tickets, signing up for newsletters, or contacting us directly.
Automatic Collection occurs when you interact with our software or website. We use cookies, web beacons, log files, and similar technologies to automatically gather certain technical data about your device and usage patterns.
Third-Party Sources may provide us with information about you. This includes business partners who refer you to our services, resellers who process your license purchases, and identity verification services when necessary.
How We Use Your Information
We use the information we collect for the following purposes:
Service Delivery and Operation is the primary use of your information. We use account credentials, device information, and network data to authenticate your identity, establish secure connections, and ensure the proper functioning of our software.
Security and Fraud Prevention involves using your information to detect, investigate, and prevent security incidents, fraudulent activity, unauthorized access attempts, and other malicious actions. This includes monitoring for anomalous behavior and enforcing compliance with our terms of service.
Technical Support and Troubleshooting relies on usage data, error logs, and communications to diagnose issues, resolve support requests, and improve software stability. When you contact our support team, we may access relevant logs to assist you effectively.
Product Improvement and Development uses aggregated and anonymized data to analyze usage patterns, identify areas for enhancement, prioritize feature development, and optimize performance across different operating systems and network environments.
Communication includes sending you service-related announcements, security alerts, technical updates, and responses to your inquiries. We may also send promotional communications about new features or related offerings, but you can opt out of marketing communications at any time.
Legal Compliance requires us to process information as necessary to comply with applicable laws, regulations, legal processes, or government requests. We may also use your information to enforce our agreements and protect our rights or the rights of others.
Legal Basis for Processing
For individuals located in jurisdictions that require a legal basis for data processing, such as the European Economic Area, we rely on the following:
Contractual Necessity applies when processing is required to fulfill our agreement with you, such as providing the software you have licensed, maintaining your account, or delivering support services.
Legitimate Interests support processing activities that are reasonably expected and necessary for our business operations, including security monitoring, product improvement, fraud prevention, and direct marketing, provided such interests do not override your fundamental rights and freedoms.
Legal Obligations require us to process information when necessary to comply with applicable laws, tax requirements, or regulatory obligations.
Consent may be relied upon for certain processing activities, such as placing non-essential cookies or sending marketing communications. Where consent is required, you have the right to withdraw it at any time.
Data Sharing and Disclosure
We do not sell your personal information. We may share your information in the following circumstances:
Service Providers are third-party companies that perform services on our behalf, such as cloud hosting, payment processing, customer support platforms, analytics services, and email delivery. These providers are contractually obligated to use your information only to perform the services for which they were engaged and to maintain the confidentiality and security of your information.
Business Transfers may involve sharing your information in connection with a merger, acquisition, reorganization, sale of assets, or bankruptcy proceeding. In such events, we will notify you before your information becomes subject to a different privacy policy.
Legal Requirements compel us to disclose your information when required by law, court order, or governmental regulation. We may also disclose information when we believe in good faith that such action is necessary to protect our rights, investigate fraud, or respond to a legal request.
Affiliated Entities within our corporate family may receive your information to support service delivery, security operations, and business administration. All affiliated entities adhere to this Privacy Policy.
With Your Consent we may share your information for any purpose not covered above when you have explicitly authorized us to do so.
Data Security
We implement and maintain reasonable administrative, technical, and physical security measures designed to protect your personal information from unauthorized access, disclosure, alteration, or destruction. These measures include:
Encryption is used to protect data in transit using industry-standard TLS protocols. Sensitive data at rest is encrypted using strong cryptographic algorithms.
Access Controls restrict access to personal information to authorized personnel who require it to perform their job functions. All access is logged and monitored.
Regular Assessments of our security practices, including vulnerability scanning, penetration testing, and code reviews, help us identify and address potential weaknesses.
Incident Response procedures are in place to promptly address any security incidents and to notify affected individuals as required by applicable law.
Despite these safeguards, no method of transmission over the internet or electronic storage is completely secure. While we strive to protect your information, we cannot guarantee its absolute security.
Data Retention
We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.
Account Information is retained for the duration of your active account and for a reasonable period thereafter to comply with legal obligations, resolve disputes, and enforce our agreements.
Usage Logs and technical data are retained for shorter periods, typically no longer than 12 months, unless needed for security investigations or legal compliance.
Support Communications are retained to maintain a history of your interactions with our team and to improve our support services.
When information is no longer needed, we securely delete or anonymize it to prevent identification.
Your Rights and Choices
Depending on your jurisdiction, you may have certain rights regarding your personal information:
Right to Access allows you to request confirmation of whether we process your personal information and to obtain a copy of that information.
Right to Rectification enables you to request correction of inaccurate or incomplete information.
Right to Erasure (sometimes called the “right to be forgotten”) permits you to request deletion of your personal information under certain circumstances.
Right to Restrict Processing allows you to request that we limit how we use your information.
Right to Data Portability enables you to request a copy of your information in a structured, machine-readable format.
Right to Object permits you to object to processing based on legitimate interests or direct marketing purposes.
Right to Withdraw Consent applies where we rely on consent for processing activities.
To exercise any of these rights, please contact us using the information provided at the end of this Privacy Policy. We will respond to verified requests within the timeframes required by applicable law.
Cookies and Tracking Technologies
Our website and software use cookies and similar tracking technologies to enhance functionality, analyze usage, and improve user experience.
Essential Cookies are necessary for the operation of our website and services. They enable core functionality such as security, authentication, and session management.
Analytics Cookies help us understand how users interact with our services, allowing us to measure performance and improve functionality.
Preference Cookies remember your settings and preferences to provide a more personalized experience.
You may configure your browser to refuse cookies or to alert you when cookies are being sent. However, some features of our services may not function properly without cookies.
International Data Transfers
We operate globally, and your information may be transferred to, stored, and processed in countries other than the one in which you reside. These countries may have data protection laws that differ from those in your jurisdiction.
When we transfer personal information internationally, we implement appropriate safeguards, such as standard contractual clauses approved by relevant regulatory authorities, to ensure that your information remains protected in accordance with this Privacy Policy.
Children’s Privacy
Our services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal information from a child without verifiable parental consent, we will take steps to delete that information as quickly as possible.
If you believe that a child may have provided us with personal information, please contact us immediately.
Third-Party Links and Services
Our website or software may contain links to third-party websites, plugins, or applications. Clicking those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party services and are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party services you interact with.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will notify you by posting the updated policy on this page and updating the “Effective Date” at the top of the policy.
Your continued use of our services after any changes to this Privacy Policy constitutes your acceptance of the updated terms.
Contact Information
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us using the following information:
Email: support@sophos-vpn.net
Phone: +1 (888) 555-0198
Postal Address:
Sophos VPN Privacy Office
548 Market Street, Suite 84904
San Francisco, CA 94104
United States