What information do we collect about you?
The hostnames (e.g. www.netcraft.com) that you visit while the protection service is enabled from within any supported apps that are installed on your device. These are used to identify malicious URLs (e.g. /fake-bank-login.html) that should be blocked within the hostname being visited. We do not collect details of the URLs that you are visiting, as these are only checked locally on your device. A list of the supported apps installed on your device can be found under “Your supported apps” in the app’s settings.
Some versions of the app provide an SMS protection feature. These versions can be identified by a “SMS Protection” checklist item in the app’s home screen. These versions of the app collect hostnames (e.g. www.netcraft.com) contained within incoming SMS messages that you receive while the “Scan SMS messages” option is enabled. These are used to identify malicious URLs (e.g. /fake-bank-login.html) within the SMS message. These URLs are only checked locally on your device. If we detect a malicious URL within an SMS, then we will also collect the timestamp, caller-id of the sender, cryptographic hash of the message body (the message itself is not readable), and a list of the phishing URLs found.
Information submitted to Netcraft, when you choose to report malicious sites to us. This includes the URL, or URLs, of the suspected malicious content, and the contact email address you provide in the report.
Google may share information with us when you order a subscription, including your name and email address. Your payment information is not shared with us.
We do not collect any personal information except that described above. In particular, we do not collect personal information which can identify the browsing habits of individual users. Your device may send some additional information as part of the standard requests it performs, including the device type and web browser used.
How will we use the information about you?
Your data is used to allow us to provide our services. Specifically, to:
- Detect new malicious websites and malicious phone numbers.
- Track and improve the services we provide to our customers.
Your personal data will never be shared with any third parties except successors in title to our business and, if required, government bodies and law enforcement agencies. We may aggregate data from our users to produce reports that may be shared; this data is anonymised and cannot be associated with specific users.
How long is your information kept for?
We keep your information for no longer than is necessary for the purposes it was collected for, unless otherwise required by the law. This can vary depending on the nature of the data.
How will your contact information be used?
We will only use your email address to provide you with additional information about websites you report to Netcraft. If you do not want to receive these updates, we provide an un-subscribe link in every email sent to you concerning your reports, which can be used to stop any further email updates regarding any and all of your reports.
What is our legal basis for processing data?
Data protection laws require us to rely on one or more lawful grounds to process your personal information. We consider the following grounds to be relevant:
Specific consent. For example when you give consent to us using your email address for a certain purpose.
Contract. For example when you buy a subscription we will process your data as required to provide you with the service purchased.
Legal obligation. When we are required to comply to with a legal or regulatory obligation.
Legitimate interests. Where it is necessary to achieve our or others’ legitimate interests. The following gives some examples of what we consider our legitimate interests: to monitor how the app is used in order to improve the product; to determine the effectiveness of the product.
We will not process data in a way which would have a negative impact on you, or in a way that would breach your rights under data protection laws.
Access to your information and correction
You have the right to request a copy of the information that we hold about you. You may also make us correct inaccurate data, or ask us to delete or suppress your data. To do so, please email us at firstname.lastname@example.org, or send a letter to 2 Belmont, Bath, BA1 5DZ, United Kingdom.
Last updated 08/03/2019.