F-Secure KEY privacy policy

In brief

F-Secure KEY is a secure password manager solution. It provides an encrypted password vault that is synchronized between all of the end-user's devices.

In full

This service-specific policy is an add-on to the F-Secure privacy statement. This add-on policy focuses on 1) the type of personal and private data that we collect from you in this service and 2) what we use it for. We focus on these two items because we believe that they matter to you the most. For other aspects regarding the processing of your personal data (international transfers, data subject rights, contact information etc.), see the F-Secure privacy policy for services, which applies to all of our services.

This policy is split into the following parts:

  • User data
  • Legal grounds
  • Retention
  • Operator partners
  • Analytics

 

User data

Your passwords are stored on F-Secure hosted servers and locally on your client devices in an encrypted format. The encryption key is the end-user master password, and this master password is never exposed outside the KEY service on your device. Neither is it possible to acquire a hosted password file without an authenticated client belonging to the user. In summary; in their stored format, the F-Secure hosted files are not decryptable or identifiable regarding to whom they belong.

F-Secure KEY can also be activated by using F-Secure account credentials. In such cases, the KEY client is provided with the user name and password as part of the activation flow, and this information is used to determine the end-user license. Account information is not linked to any of the password data managed by the service.

Legal grounds

We process your data so that we can provide you with our services that you have made a contract for or are in the process of doing so. Such contracts may be made either directly with us or with another entity (such as our webstore or operator partner) that has tendered our services to you. Tendering of services may take the form of a purchase or be free of charge.

In the case of data that is not strictly necessary to provide you with the services – but would help us in providing you with better services in the long run – we collect such data only with your consent.

Retention

We store your account data based on the length of your subscription, as set out in more detail in the F-Secure privacy statement.

Operator partners

If you have subscribed to the service via your operator, we may collect your email, name, and phone number directly from the operator systems upon your subscription to our services. We also exchange such above listed data as is necessary (e.g. status of your subscription, data collected for resolving a technical support case) with the operator. We do this to provide you with a smooth customer experience and support services, and to communicate with you in a consistent manner.

With your permission, the operator may also access your F-Secure account to provide you with customer support.

F-Secure also employs its affiliates and subcontractors based on the principles set out under "Transfers" in the privacy statement.

Analytics

We want to make this service even better. To do that, we need to know - for example - which features are used the most, what needs to be fixed, how people find out about this service, and how they use it. We use data aggregation, pseudonyms, and other means to make this analytics data as anonymous as possible. We do not seek to identify you personally. We are interested in how people use the service in general and what they require from it, not in tracking your specific use of the service.

More specifically, we collect data on whether the installation was successful or not, the path where the service was installed and activated, the license type (trial or paid version), the performance of the service in the operating environment (mobile device name, model, and system language), regional location and other similar metadata, for example, which features of the service are used and how often. More information on the topic is available in the F-Secure privacy statement.

To collect this data, we ask for your consent. If at a later date you no longer want to contribute this information to us, you can change the service settings to opt out from the collection of analytics data.

April 2018