F-Secure SENSE privacy policy

In brief

We respect your right to privacy.

  • We help you to manage the network traffic of your connected devices in your home and protect those devices against harm from the internet.
  • To do that:
    • we analyze the network traffic in your home network, but
    • we don't keep records of which sites you browse. We also collect typical service registration data and analyze service performance.
  • F-Secure SENSE includes F-Secure SAFE as an endpoint protection app (for selected platforms), for which the F-Secure SAFE Privacy Policy applies.

 

In full

We wrote this to tell you about the personal and private data that we collect from you in this service and what we use it for. We believe that these topics matter to you the most, so we focus on them in this policy. For other aspects regarding the processing of your personal data, please see the F-Secure privacy statement, which applies to all of our services and to which this service-specific policy is an add-on.

What do we collect and what do we do with it?

The set of data that we collect depends on where you purchase the service.

e-Store: We get the following information on your purchase from our e-store partner: name, email, language, address, country, zip code, Internet Protocol (IP) address, payment type. More detailed information on data collected upon purchase is available from the e-store.

Operator partner: If you have purchased the service via your operator, the subscription data set that we receive varies per operator partner. It is typically limited to the above data. We also exchange some of the above collected data with our operator partner to provide you a smooth customer experience. This includes providing you with service support, communicating with you in a consistent manner, and keeping each other up to date on the status of your subscription.

Support. In cases where we provide you with personal support services, we may need to ask you for additional information.

We need to collect the above data types so that we have the necessary information to sell you the service, to deliver you the services, keep your customer journey fluent, communicate with you, and otherwise as may be required by law. These are explained further under the 'What do we do with it' section of the F-Secure privacy statement. The data collection happens automatically, except for information that you may actively provide to us or our reseller when purchasing the services.

Your home network

Our guiding principle is that we do not seek to spy on the exact content of your private communications. We only need to analyze your communications traffic to enable the service to protect your home network. To be more exact, this means that:

  1. we analyze the traffic for suspicious or malicious files and destinations (i.e. URL queries, FQDN addresses) to provide visibility to and protection for your network traffic. This is explained in more detail in the 'Security Cloud privacy policy';
  2. to map out your home network, our device type detection needs to collect the IP traffic source and destination address as well as DNS queries per MAC address. The same data is used for network traffic anomaly detection for IoT devices; and
  3. we need to process metadata (such as IPs and DNS) and traffic patterns of your PCs, phones, smart devices, and other IoT devices' traffic to establish which of the above should connect to the internet or external servers at will.

 

All of the above is either anonymized or obfuscated so that we cannot look into your individual browsing habits or contents.

Operator partners

If you have purchased the service via your operator, we may exchange such data as is necessary (e.g. service purchases, license expirations, data collected for resolving a technical support case) with the operator. We do this to provide you with a smooth customer experience and support services, and to communicate with you in a consistent manner.

F-Secure also employs its affiliates and subcontractors based on the principles set out under "Transfers" in its privacy statement.

Legal grounds

We process your data so that we can provide you with our services that you have made a contract for or are in the process of doing so. Such contracts may be made either directly with us or with another entity (such as our webstore or operator partner) that has tendered our services to you. Tendering of services may take the form of a purchase or be free of charge.

In the case of data that is not strictly necessary to provide you with the services – but would help us in providing you with better services in the long run – we collect such data only with your consent.

The service user interface may also provide you with other settings to adjust your preferences.

Securing your device

For devices with Windows, Mac, and Android operating systems, if the endpoint protection app is installed, the anti-virus scanner in the app also checks the reputation of your application files. If a file is not known to be safe, the service may send it to Security Cloud to be scanned. Once the file is scanned, Security Cloud sends the scan result back to the service. When the service scans content in Security Cloud, it does not collect any personal data. Scanned files are stored for a time as necessary for Security Cloud to work as intended.

Security Cloud collects security data only on applications that do not have a known reputation and on files that are suspicious or known to be malware. The collected security data includes the package name, the current version and the origin of the file, and the permissions that it requires. This is explained in more detail in the 'Security Cloud privacy policy'.

To protect your privacy, we separate the above security data from any other data collected on your use of the service, we treat it as anonymous, and we destroy it when we no longer need it for the above purposes.

Analytics

The service analytics data that we receive consists of two main data streams.

  1. The service hardware sends installation and general device health status data (such as crash dumps) and selected security event data to F-Secure. It also updates its status to our backend systems, thus helping us to find and resolve any defects that may cause malfunctions. This is necessary for us to provide the service to you.
  2. The service user interface collects usage analytics data and selected security event data, so that we can learn which service features are of value to our customers, and how we can improve your service experience. You do not have to provide this data to us, but we would really appreciate it so that we can better develop the service in the direction that you and our other customers prefer. This is explained under the analytics section of our main privacy statement.

 

To respect our own core privacy promise, we do not have any third-party usage analytics that would target your actual communications traffic.

You can naturally opt out from the majority of the analytics data collection at any time in the service settings. This is explained towards the end of the main F-Secure privacy statement under 'Your choices with analytics and marketing'.

Retention

We store your account data based on the length of your subscription as set out in more detail in the F-Secure privacy statement. Additionally, some data is subject to their dedicated data retention practices.

  • We store the data only as long as necessary to fulfill the above purposes (e.g. on the date of this policy, the data needed for network traffic anomaly detection is deleted after seven days).
  • The already anonymous Security Cloud data and device health data are not deleted.

 

You can also anonymize the technical service data in the SENSE device whenever you reset the device to the factory settings.

(April 2018)