F-Secure Freedome Privacy Policy

In brief

We respect your right to privacy.

  • We encrypt your data traffic.
  • We do not share nor sell any of your traffic.
  • We do not read your traffic.
  • We do not know what traffic is yours.
  • We know security.
  • We have no back doors.

In full

We wrote this to tell you about the personal and private data that we collect from you in this service and what we use it for. We believe that these topics matter to you the most, so we focus on them in this policy. For other aspects regarding the processing of your personal data, please see the ‘F-Secure privacy policy for services', which applies to all of our services and to which this service-specific policy is an add-on.

What do we collect and what do we do with it?

Your private communications. Our guiding principle is that we do not seek to spy on the exact content of your private communications. We only analyze your communications traffic to provide you the service and to keep your data transfers clean. To be more exact, this means that:

  1. we need to process some metadata (such as: volume, country, IP address) of your traffic when providing the service to you;
  2. as an information security company, we analyze the traffic for suspicious or malicious files and destinations (i.e. URLs);
  3. we automatically screen the traffic to inhibit usage that is against our acceptable use policy; and
  4. the service collects statistics to give you a view of your browsing history via the service, but we do not connect this information to you.

Service logging. We do not keep any logs about connections established through the VPN service to external addresses. We cannot link the IP address of your browsing destination to you.

To protect the service against fraudulent use, we maintain temporary logs that contain the duration of the VPN sessions, the amount of data transferred, the device ID and the public IP address from where the VPN client connects to our service. Traffic anomalies that look like a potential abuse of our service (such as port scanning or DDOS attacks performed by our clients) are detected by our software and will be logged as well. The logs are stored for 90 days prior to deletion, and can be used to deal with any misuse of our service or attacks against us.

Tracker Mapper. With the Tracker Mapper feature, you can choose to log the tracking data of your traffic for 24 hours. The log is required for displaying the blocked tracking attempts as a visual map to you. The Tracker Mapper log will be marked for deletion and detached from the user record once you start a new log, delete it manually, or automatically after 3 days.

Securing your device with Security Cloud. The service checks the reputation of your application files. If a file is not known to be safe, the service may send it to Security Cloud to be scanned. Once the file is scanned, Security Cloud sends the scan result back to the service. When the service scans content in Security Cloud, it does not collect any personal data. Scanned files are stored for a time necessary for Security Cloud to work as intended.

Security Cloud collects security data only on applications that do not have a known reputation and on files that are suspicious or known to be malware. The collected security data includes the package name, the current version and the origin of the file, and permissions that it requires. Private data is never sent. This is explained in more detail in the ‘Security Cloud privacy policy'.

To protect your privacy, we separate the above security data from any other data collected on your use of the service, we treat it as anonymous, and we destroy it as soon as we no longer need it for the above purposes.

No back doors. This service and the underlying infrastructure are built to protect you from undesired spying – by governments, criminals, stalkers, or commercial entities. We do not build back doors to our services. We respect authorized court orders and warrants of jurisdictions applicable to us in investigating cases of illegal activity. After all, our goal is to secure your privacy when browsing the web, not securing your anonymity when committing crimes.

Customer relationship data

The Service collects a varying set of data depending on where you download or purchase the service.

Application stores: number of purchased licenses / purchase history for F-Secure products; price and time of purchase; order number; technical environment (e.g. operating system) of your device; unique identifiers (e.g. Android marketing identifier); service statistics per device; other similar non-sensitive device and service data.

F-Secure e-store: In addition to above; name, email, language, address, country, zip code, Internet Protocol (IP) address, payment type. More detailed information can be found from our e-store.

Operator partner: If you have subscribed to the service via your operator, the data set we collect varies per operator partner, but is limited to the above data. We also exchange some such data with the operator so that your customer experience remains smooth. This includes providing you with service support, communicating with you in a consistent manner and keeping each other up to date on the status of your subscription.

Some operators offering the services are subject to more comprehensive data retention obligations than F-Secure. In such cases we may collect additional service / traffic log data and retain it longer than set out above. The data is collected to assist the operator to comply with local laws and only for this purpose.

Support. In cases where we provide you with personal support services, we may need to ask you for additional information.

We use customer relationship data for the following purposes:

  • Customer journey. To identify authorized users and check customer qualifications, process and track transactions such as administering accounts, shipping, invoicing, managing licenses, financial controlling and auditing, and customer support requests.
  • Deliver, fix, and enhance. To deliver our services to you, maintain and develop our services and web sites, and to provide help and support for the services.
  • Analyze. To track how our services are acquired and used so that we can improve the services, manage your customer relationship, and approach you with relevant messages.
  • Communicate. To send you information relating to the services, conduct customer surveys, arrange competitions, advertise and market our services to you. More information here.
  • Regulatory. To prevent fraudulent activities, remove or stop sharing of illegal or infringing material, and comply with legal or regulatory requirements.

Analytics

For us to learn when and how you use our service, to enhance it, and to learn how customers find out about the service, the service also collects data on installation success, installation and activation paths, performance, operation environment, connections, data routing, quota, as well as other similar metadata (such as which features are used and how often). We do this so that we can create services that are of value to you and our other customers.

We do not seek to identify you personally from the analytics data. We are interested in the needs and behavior of our users as a part of the group, not in the names of those users.

Our primary interest is in building great services. Most of our analytics activity is geared towards this purpose. Our secondary interest is to better market these great services to the relevant audiences. For this, we aggregate anonymous data or use pseudonyms. To do these things we need to exchange device identifiers (such as ‘Android Marketing Identifier' and other like identifiers) with our online marketing partners. This may be visible to you by the type of ads that you see when browsing or using applications. This has no impact on the amount of ads you see in your online life.

To respect our own core privacy promise, we do not have these third-party usage analytics targeting your actual communications traffic.

You can naturally opt out from the majority of the collection and use of analytics data at any time in the service settings. However, you cannot opt out from some analytics data, such as installation success, installation and activation paths. A more wholesale method for preventing online advertisers from profiling your mobile device usage is to reset the advertising identifier from time to time and to turn on the do-not-track setting in your device settings.

Retention. We store the collected data for a limited time as necessary to fulfill the above purposes. After that, we either delete it or make it anonymous.

(November 2016)