深VPN | SHEN VPN
Privacy Policy

This Privacy Policy will remain in effect until a new policy supersedes it. We may choose to update this policy at our discretion, so you should check this page periodically as the terms may change from time to time. The most recent version of the policy will be reflected by the “last updated” date noted at the bottom of the page. Your continued use of the Website and our Services will constitute your acknowledgment of the policy in its current version and your understanding of the terms of the policy.

If you have a specific question, feel free to click to the appropriate section below:

1. What information is collected and why?

Comments

We’re established in the Netherlands and we keep our Services logs-free. We don’t collect any information that could lead us to know what you’re up to online.

Surfshark respects your privacy, therefore we are committed to not process any information related to the online activity of our users. Surfshark is based in the jurisdiction, which does not require information storage or reporting. We do not collect any information about what you do online (your visited IP addresses, browsing history, session information, used bandwidth, connection time stamps, network traffic or any other similar information).

Our servers do store information about your connection to a particular VPN server (user ID and connection time stamps), BUT this information is automatically deleted within 15 minutes after termination of your session. And be assured that no information is stored about the websites you visit.

We collect and use the information for the following purposes:

  • To provide our Services.
    We process limited information related to the use of our Services (registration information: e-mail, account registration date, information about subscription, encrypted password, when you use our Smart DNS feature – your IP address, when you use our Search tool – aggregated number of performed searches).
    For provision of our antivirus service (currently available for Windows and Android users) we also collect information about your devices on which you use the antivirus service. This information is needed to ensure the compliance with a limitation for the number of devices that one client may use for the antivirus service as provided in our Terms of Service.
    If you use our Alert service, you may enter email addresses which you would like to monitor for breaches. In such case we will retain this information. You may also enter your personal identity number (or social security number) and/or credit card number to monitor for related security breaches. When you choose to monitor your email address, you authorize us to look up additional information (usernames, passwords, full names, country, physical address or IP addresses) related to that email in known data breaches, which, if found, is provided to you in the platform. We do not look up for such additional information when you choose to monitor your credit card or social security numbers. As regards this data, we retain it in encrypted form and even we cannot use or review it.
    Legal basis for the processing of information is performance of a contract to which you are a party. Please note that this information is necessary to enter into a contract and if you do not provide this information (or if we cannot retain this information), we will not be able to provide you with our Services.

  • Analysing and improving the performance of our Website/Services and user experience.
    The information we collect on our Website may include anonymous “traffic information” provided by the host or similar provider of such information (e. g. Google Analytics) that does not personally identify you but may be helpful for improving the Services we offer. Analytics is the process of collecting, analyzing, and reporting aggregate information. This information includes which pages visitors visit and how long visitors stay on a particular page. It also provides information about what browser, network, or device is used to visit our Website. To learn more about Google Analytics and how to opt out, please visit www.google.com/analytics/learn/privacy.html.
    In addition, when you visit our Website, we may also retain your IP address, a unique identifier for your computer or other access device. This helps us identify problems with our server, to administer our Website, or to display the content according to your preferences.
    To maintain a perfect quality of our Services and provide you with efficient support we collect diagnostics information and monitor crash reports on our apps and extensions. The information we collect contains aggregated performance information, the frequency of use of our Services, unsuccessful connection attempts and other similar information. Please note that diagnostics information does not contain uniquely identifiable information. However, if you face some problems when using our apps, to solve these problems we may require your device information. We will access this information only if you provide a separate consent for that.
    When you permit us through a pop-up within our app, we collect your location data, i.e. only your WiFi name (Service Set Identifier), which is stored on your device for the purpose of enabling “Auto-connect” feature, which extends to “Trusted WiFi” networks. This feature allows our app to automatically connect to a server without your worry about it. However, please rest assured that we do not share this information to any third party. In fact we do not store this information on our end and it is stored only on your device.
    In case we would process your personal information, legal basis for such processing is our legitimate interest to analyse and improve the performance of our Website/Services and user experience.

  • Offering our Services.
    We may contact you via email for this purpose, but we also encourage you to contact us via our online contact form to get the best VPN offer for you. For us to be able to address your requests effectively, we may ask you to provide some information about you. We will also use the provided information to contact you regarding any future offers that may be of interest to you.
    If you do not wish to receive emails from us, you can opt-out from receiving emails or unsubscribe at [email protected] or click “unsubscribe” at the bottom of any correspondence. If you have multiple email addresses, you will need to opt-out for each address in order to be removed from our active database.
    Legal basis for the processing of personal information is your consent, your relationship with Surfshark or our legitimate interest to conduct marketing activities.

  • Communicating with users and customer support.
    We use user email address to: i) send important updates and announcements related to the use of our Services; ii) respond to user requests or inquiries. In addition to user email, we process your inquiry and other information that is provided by you during the conversation.
    When a user contacts us through a live chat on our website, we are able to see the user’s IP address. This information is needed to determine if the user is connected to our servers so that we can assist in solving related issues.
    Legal basis for the processing of personal information is performance of contract with you (in case of important communication related to our Services) or your consent (in case you submit an inquiry with our customer support).

  • To interact with you via social media.
    Where you interact with us via social media, we will process social media profile information, inquiry information, post information and other information you provide us with.
    Legal basis for the processing of personal information is your consent.

  • Advertising.
    We may receive certain information about you (cookie id, mobile device id, when you use our Trust DNS app – advertising IDs, in app events, such as in-app purchase or amount and type of ads watched, information about what browser, network, or device is used to access and use Trust DNS) from certain advertisers and advertising partners for advertising purposes. Our advertising partners help us deliver more relevant ads and promotional messages to you, which may include interest-based advertising and account-based advertising.
    Legal basis for the processing of personal information is our legitimate interest to deliver relevant ads and promotional messages to you.

  • Accounting, payment, legal requirements and legal processes.
    We are subject to accounting, tax and other statutory requirements. We may have to protect our legitimate interests and legal rights. In these cases we may be required to collect and store a limited amount of certain information: email address, subscription information, payment related information, legal documents.
    As for payment related information, our payment processing partners collect usual data necessary for payment processing and/or refund requests (transaction date, payer’s IP address, credit card number, credit card owner’s full name, in some jurisdictions also personal identity code, passport or identity card number and/or residence address). We process only very small part of this payment related information (part of the credit card number, payer’s IP address, payment amount, currency, date of payment and card expiry date) for solving payment related issues (such as fraud prevention cases). We also collect information about your residence country (and your state) as this information is needed to calculate applicable VAT/sales tax. If you elect so, we may retain your data which is used to generate and issue invoice for the rendered Services. If you choose the open banking payment method to pay for our Services, we will collect your name and surname, as well as your bank details.

Legal basis for the processing of personal information is a legal obligation to which we are subject (in case we need to collect your information statutorily) and our legitimate interest to defend our rights and interests (in case of other legal processes related to you, if any).

2. How long do we store your personal information?

Information Retention

Comments

Please keep in mind, that one of our most important principles is No-logs Policy (see more in our Terms of Service), therefore we collect only the minimum amount of information about you, which is required to provide you with our Services.

We apply different retention periods depending on the purpose for which your personal information is processed as detailed in Clause 1 of this Policy:

  • Personal information which is needed to provide our Services is processed for as long as you use Surfshark and no more than 2 years after you stop.

  • Personal information which is needed to provide our Smart DNS services (i.e. your IP address) is processed for as long as you use our Services.

  • Personal information which is needed to provide our Trust DNS service is processed for as long as you use Trust DNS service.

  • Personal information which is needed for analysing and improving the performance of our Website/Services and user experience is processed until the deletion of your account.

  • Personal information which is needed to offer you our Services is processed as long as you use them or have given us a consent and 2 years thereafter.

  • Personal information which is needed to communicate with users and provide customer support is processed for no longer than 2 years following the last communication with the exception of the device information (collected with your consent to solve your problems with the app), which we store for no longer than 7 days.

  • Personal information which is needed to interact with you via social media is processed for as long as you are registered on a specific social media network.

  • Personal information which is needed for internet advertising purposes is processed for 30 days unless provided otherwise in the section „Cookie and web beacons”.

When you use Surfshark Alert, we do not store monitored data (or any related additional information) on our platform, unless you choose to save it there for consistent monitoring.

If you request, we will delete your personal information specified in Clause 1, unless, we are legally required to maintain certain personal information, including situations such as the following:

  • If there is an unresolved issue relating to your account, such as an outstanding credit on your account or an unresolved claim or dispute, we will retain the necessary personal information about you until the issue is resolved;

  • Where we are required to retain the personal information about you for our legal, tax, audit, and accounting obligations, we will retain only the necessary personal information for the period required by applicable law; and/or,

  • Where necessary for our legitimate business interests such as fraud prevention or to maintain the security of our users.

3. How does our Website interact with third party services and content?

Information Transfers

Comments

Your information from Clause 1 may travel around the world a bit, but we always take extra care to keep it safe and sound.

Your information as specified in Clause 1 may be stored and processed in any country where we have facilities or in which we engage service providers. Please note that we use standard contractual clauses approved by the European Commission (you can access it here) to transfer your personal information from the EEA to other countries or we transfer personal information to countries that the European Commission has recognised as ensuring an adequate level of information protection (you can access the list of countries here).

Information recipients

Comments

It takes a village to keep our Services up and running. We need third-party tools and services for things like marketing, payments, live chat, and so forth. Since these don’t belong to us, we urge you to read their terms & policies on their sites.

Surfshark shares personal information with information recipients only in cases where necessary for the purposes described in Clause 1 and allowed in accordance with applicable laws. We do not sell or trade your information with anyone.

We only disclose personal information to law enforcement authorities or courts of competent jurisdiction when we are asked and legally obliged to do so (our Warrant Canary page will display if we’re ever asked to do so).

Information recipient or category of information recipient Purpose of personal information transfer Country of the recipient
Marketing service providers, such as Iterable and Appsflyer we use them to manage our contacts and automate our marketing United States, Sweden, Ireland, United Kingdom
Third-party payment providers, such as Stripe, Checkout. Coingate and similar they help us to process payments together with our own authorized payment processing companies United States, Ireland, BVI
Storage and infrastructure service providers, such as BigQuery (by Google), Stitch (by Talend) they help us to deliver targeted advertising to the Website visitors United States
Live chat and support service providers, such as Zendesk we use them to provide live chat technology and provide support to our users United States
Security service providers, such as Cloudflare we work with them to provide improved security and performance United States
Attorneys, notaries, bailiffs we transfer personal information in cases when we seek to defend our rights and legal interests United States, United Kingdom, the Netherlands

4. What choices do you have over how your information is used?

Comments

We respect GDPR and other privacy laws, and you can ask us to delete stuff or implement any other of your rights by emailing us at [email protected].

You may be aware that the General Data Protection Regulation or “GDPR” and other privacy laws give certain rights to individuals in relation to their personal information. Accordingly, we have implemented additional transparency to help users take advantage of those rights. As available and except as limited under applicable law, individuals have the rights described below:

  • You can access your personal information or receive a copy of it by contacting us.

  • You can object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information where it is technically possible.

  • You can demand the correction of inaccurate personal information and, subject to the nature of the collection and use, the completion of incomplete personal information (right to rectification).

  • Right to deletion of your personal information specified in Clause 1, unless, we are legally required or we have a legal basis to maintain certain personal information.

  • If we have collected and processed your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.

  • You have the right to complain to a data protection authority

If you wish to implement any of the above-mentioned rights, please contact us at [email protected].

5. Do we engage in automated individual decision-making, including profiling?

Comments

No.

Automated decision-making is the process of making a decision by automated means without any human involvement. Profiling analyses aspects of individual’s personality, behaviour, interests and habits to make predictions or decisions about them. We assure you, that we do not make decisions based solely on automated processing, including profiling, which would produce legal effects concerning you.

6. What age do I have to be to use the Services?

Comments

18 or older.

Surfshark is not intended for users under the age of 18. Such users are expressly prohibited from submitting any of their information to us, and from using portions of the Website or our Services for which registration is required. If any information is submitted by such users, it will not be collected or retained.

7. Cookies and web beacons

Comments

Most of the sites on the internet use cookies, as they’re pretty convenient. If you want to, you can reject those, but some things may not work completely or as well as they should. We also use web beacons, but if you reject cookies, they won’t work either.

A cookie is a small string of data that transfers to your computer for identification purposes. Cookies can be used to follow your activity on the Website and that data helps websites to understand your preferences and improve your website experience. You can turn off all cookies in the event you prefer not to receive them. You can also have your computer warn you whenever cookies are being used. There are also software products available that can manage cookies for you. Please be aware, however, that when you choose to reject cookies, this choice may limit the functionality of the Website and you may lose access to some of its features.

A web beacon is an invisible pixel-sized graphic image on a web page, web-based document or e-mail message. It helps us do things like view the URL of the page on which the beacon appears and the time the Website, document or email in question is viewed. They can be used to confirm the receipt of, and response to, our emails, including those that you forward to friends and family; and they help deliver a more personalized online experience.

Some links may take you outside of our Website and are beyond our control. Please note that these other sites may send their own cookies to users, collect data, or solicit personal information. We urge you to review the equivalent data protection, privacy, and cookie policies available on their websites. We do not accept any responsibility or liability for the data protection of privacy practices of third parties in relation to such websites and your use of third party websites is entirely at your own responsibility.

We use cookies on our Website as described in the table below. Please note that from time to time we may test additional analytical cookies on our Website. The table below is updated with the relevant analytical cookies once there is a final decision to use them permanently.

 

Cookie name Cookie expiry Provenance Purpose Cookie Category
__cfduid 29 days Third party (Cloudflare) It helps Cloudflare detect malicious visitors to our websites and minimizes blocking legitimate users Necessary (functional)
surfshark-locale 29 days Surfshark It stores user selected website language
surfshark-currency 29 days Surfshark It stores user selected currency
surfshark-coupon session Surfshark It stores the coupon which will be used during the purchase
surfshark-experiments 1 year Surfshark It stores data for our user experience testing
surfshark-exp 1 year Surfshark It stores data for our user experience testing
surfshark-skip-upgrade 1 month Surfshark Used to store post sale upgrade feature state
surfshark-alert-coupon session Surfshark Used to store coupon which will be used during purchase Alert service
_sstk 2 hours Surfshark Used for authentication purposes
_ssexp 2 hours Surfshark Used for authentication purposes
_ssrtk 2 months Surfshark Used for authentication purposes
sf-la 30 days Surfshark Landing page tracking cookie which indicates the source of the last visit
sf-fi 30 days Surfshark Landing page tracking cookie which indicates the source of the first visit
sf-rf 30 days Surfshark Referral tracking cookie
__zlcmid persistent Third party (Zendesk) To store unique user ID (for chat purposes)
surfshark-cookies-consent 6 months Surfshark Used to store user cookie consent
_gat 1 minute Third party (Google) It is used to distinguish users Analytic
collect Session Third party (Google) It is used to send data to Google Analytics about the visitor’s device and on-site behaviour
_gid 1 day Third party (Google) It is used to distinguish users
_ga  2 years Third party (Google) It is used to distinguish users
pll_language 1 year Surfshark Polylang uses this cookie to remember the language selected by the user when he comes back to visit again the website
_gat_surfsharkTracker 1 minute Third party (Google Tag Manager) Is used to throttle the request rate
sf-re 30 days Surfshark It tracks user retention
_gat_UA-116900630-1 1 minute Third party (Google Tag Manager) Is used to throttle the request rate
surfshark-aff-stack 1 month Surfshark It helps to track which users come from which affiliates Affiliate
sf-af 30 days Surfshark Affiliate network tracking cookie
_uetvid  16 days Third party (Bing) It stores and tracks visits across websites Marketing
_uetvid_exp Persistent Third party (Bing) It stores and tracks visits across websites
dpr


wd

sb

datr

fr

Session


1 week

2 years

2 years

3 months

Third party (Facebook) These cookies are used to measure how users move between Facebook pages and our website.
ads/ga-audiences session Third party (Google) It is used by Google Ads to repeat visitors who might become customers based on their online behaviour on different websites.
_gcl_au 3 months Third party (Google) It stores and tracks conversions
_uetsid 1 day Third party (Bing) It stores and tracks visits across websites
_uetsid_exp Persistent Third party (Bing) Contains the expiry-date for the cookie with corresponding name.
pagead/landing  session Third party (Google) Collects data on visitor behaviour from multiple websites, in order to present more relevant advertisement – This also allows the website to limit the number of times that the user is shown the same advertisement.
IDE 1 year Third party (Google DoubleClick) These cookies set by a third party (DoubleClick) and are used for serving targeted advertisements that are relevant to you across the web. Targeted advertisements may be displayed to you based on your previous visits to this website. For example, advertisements about a topic you have expressed an interest in while browsing our site may be displayed to you across the web. In addition, these cookies measure the conversion rate of ads presented to the user.
pagead/1p-conversion/# Session  Third party (Google) Tracks if the user has shown interest in specific products or events across multiple websites and detects how the user navigates between sites. This is used for measurement of advertisement efforts and facilitates payment of referral-fees between websites.
test_cookie 1 day Third party (Google DoubleClick) These cookies set by a third party (DoubleClick) and are used for serving targeted advertisements that are relevant to you across the web. Targeted advertisements may be displayed to you based on your previous visits to this website. For example, advertisements about a topic you have expressed an interest in while browsing our site may be displayed to you across the web. In addition, these cookies measure the conversion rate of ads presented to the user.
MUID 1 year Third party (Microsoft) It stores and tracks visits across websites
session_tracker


csv

token_v2

loid

edgebucket

_rdt_uuid

Session


2 years

2 years

2 years

2 years

3 months

Third party (Reddit) These cookies are used to track user conversions from reddit.com advertising on our website.
obuid


outbrain_cid_fetch

outbrain_click_id

14 months


4 minutes

1 day

Third party (Outbrain) These cookies are used to build a profile of your interests and show you relevant adverts, as well as to track conversions on our website from the Outbrain advertising network.
_ttp 13 months Third party (TikTok) Serves targeted advertising and measures the performance of advertising campaigns.

8. How do we secure your information?


Comments

We really care about your security & privacy and do a lot to protect it. However, anyone who tells you that 100% anything-proof security is possible either doesn’t know much about it or is trying to mislead you. Please keep that in mind.


We have implemented various security measures, including SSL/TLS encryption for data transfers, hashed passwords, firewalls, and regular audits. We take all steps reasonably necessary to ensure that your information is treated securely.

While we implement security measures on our Website and through our Services, you should be aware that 100% security is not always possible. Whenever you give out your information online there is a risk that a third party may intercept and use that information. While we strive to protect your information and privacy, we cannot guarantee the security of any information you disclose online. By using the Services, you expressly acknowledge and agree that we cannot guarantee the security of any information provided to or received by us through the Services and that any general information, other information or information received from you through the Website or our Services is provided at your own responsibility.

9. Does our Website respond to do-not-track signals?

Comments

Currently, it doesn’t. You can tweak your specific browser settings to achieve very similar things.

At this time Surfshark does not recognize automated browser signals regarding tracking mechanisms, which may include ‘do-not-track’ instructions. However, you can change your privacy preferences regarding the use of cookies and similar technologies through your browser. You may set your browser to accept all cookies, block certain cookies, require your consent before a cookie is placed in your browser, or block all cookies. Please note that blocking all cookies will affect your online experience and may prevent you from enjoying the full features offered by our Website.

10. What if I access the Website or your Services from my mobile phone, tablet or laptop?

Comments

The same things stand that we talked about in section “What information is collected and why?” at the very top of this Privacy Policy. Basically, we don’t collect much, and you can opt out of most of it.

If you are a visitor of our Website, but not a user of our Services, we collect and use information about you in the same way and for the same purposes as specified above in Clause 1 notwithstanding the device or application you use. If you are a user of our Services and access our Website using one or more of our applications notwithstanding the device, application, or browser extensions, we collect and use information in the same way and for the same purposes as specified above in Clause 1.

11. Who should you contact with questions or concerns?

Comments

Our 24/7 Customer Success Team will help you out as soon as they can.

If you have any questions or comments relating to Surfshark Services, send an email to [email protected] or chat with us on the Website.

12. When was this policy last updated?

Comments

Keep in mind that we can update this Policy in the future & check it regularly.

April 6, 2022.