FS Protection privacy policy

In brief

FS Protection is a security solution based on F‑Secure Total to protect computers, tablets, and smartphones. More recent versions also include a management portal, F‑Secure Avenue, to help you better manage your licenses across your devices and those of your family members.

To summarize FS Protection and privacy

  • we ask for your name, email, and phone number;

  • we collect anonymous security data to protect your device;

  • we collect installed application names to enable the use of parental controls;

  • the focus of our data collection is not on you, but on your device and our service; and

  • the portal provides limited visibility among those who share the same subscription.

The full F‑Secure Total privacy policy applies to FS Protection, with the exception of the VPN feature, for which the following section applies.

VPN feature

What do we collect and why?

F-Secure engages a third-party provider for the purposes of providing the VPN feature to you. The following section explains how both F-Secure and the third-party provider collect and process your data in relation to the VPN feature.

The VPN feature collects online communications information. Our guiding principle is that we do not seek to spy on the exact content of your private communications. We only analyze your communications traffic to provide you the service and to keep your data transfers clean. This means that:

  • we need to process some metadata (such as volume, country, IP address) of your traffic when providing the service to you;

  • as an information security company, we analyze the traffic for suspicious or malicious files and destinations (i.e. URLs);

  • we filter traffic based on Family Rules, which you can take into use in the application;

  • we automatically screen the traffic to inhibit usage that is against our acceptable use policy; and

  • the service collects statistics to give you a view of your browsing history via the service. F-Secure is not able to identify you based on this data.

Service provisioning logging. When the service is taken into use or a license is modified at later stages of the lifecycle, the provisioning log data is collected. This is done in order to enable and diagnose successful provisioning to authorized devices, detect abuse of the service, and as a precaution for disaster recovery in case it is needed. This log contains the IP address of the client, a random device ID generated by the service, the time of access, the country code obtained via a GeoIP lookup of the client IP address, and other similar technical device data.

We do not keep any logs about connections established through the VPN service to external addresses. We cannot link the IP address of your browsing destination to you.

To protect the service against fraudulent use, we maintain temporary logs that contain the duration of the VPN sessions, VPN connection timestamps, the amount of data transferred, the device ID, source public IP address of the user, and host name from where the VPN client connects to our service. Traffic anomalies that look like a potential abuse of our service (such as port scanning, spamming, or DDoS attacks) are detected by our service and will be logged as well. The logs are stored for 90 days, and can be used to deal with any misuse of our service or attacks against F-Secure.

Retention of data related to the VPN feature

VPN service provisioning log entries are retained for one year, after which they are deleted. VPN service log events for provisioned devices are retained for three months, after which they are deleted.