UltraAV Privacy Policy

Last Updated: October 16, 2024

Table of Contents:

1. Introduction
2. Product Specific Privacy Notices
3. What Information Do We Collect About You?
4. How Do We Use Your Information?
5. Disclosure of Information
6. Cookies and Other Tracking Technologies
7. Information Security
8. International Data Transfers
9. Data Retention
10. Your Rights
11. Age Restrictions
12. Privacy Policy Updates
13. Contact Us

1. Introduction. UltraAV is provided by Anchorfree, LLC. At Achorfree, LLC (“we”, “us”, or “our”). This UltraAV Privacy Policy (“Privacy Policy”) describes our privacy practices, including how we collect and use personal data and other information collected, across our products, services, apps, and websites that link to this policy (we refer to these collectively as our “Services” or individually as a “Product” or “Service”).

By visiting our websites, by submitting your personal information to us, and by accessing, installing and/or using our products or Services, you confirm that you have read this Privacy Policy and agree to be bound by this Privacy Policy. If you do not agree with this Privacy Policy or any provisions hereof, please do not use our Services.

For more information about us and our contact details, see the Contact Us section below.

2. Product Specific Privacy Notices. Certain of our Services provide different functionalities and cater to different needs, and may accordingly process data differently or in additional ways than generally described in the Privacy Policy. To the extent some Services may process or use data differently, we provide more information on the applicable processing or use through Product-specific privacy notices applicable to each such Services or in the Service or accompanying Service documentation where such information is relevant. Please refer to the below Product-specific privacy notices to better understand the privacy practices for each named Product:

• VPN Product Privacy Notice

• Antivirus Product Privacy Notice

3. What Information Do We Collect About You? This section describes the categories of personal data (or ‘personal information’) we collect from and/or about you. The types of information described below are not collected in all situations and may vary depending on the Product or Service you use. We collect the applicable information you provide through your use of a Service or Services, or as needed in specific Product-specific situations.

3.1 Information You Provide to Us.

• Account Information. If a Service requires, or allows you to create, an account before you can access the Service, then we may collect information such as your name, username, email address, and password as a part of the account registration process.
• Billing and Payment Information. In order to purchase a Service, you may need to provide us and/or our payment processing partners with personal information such as your billing name, billing contact details (such as street addresses and/or email addresses), and payment instrument details. This basic billing information is used for payment processing and refund requests.
• Communications and Submissions. You may choose to provide us with information when you communicate with us (e.g. via email, phone, or chat for support or to inquire about our Services), including when you fill out an online form, respond to surveys, provide feedback, post comments to our website, participate in promotions, or submit information through our Services.

3.2 Information Collected when You use Our Services.

• Usage information. We collect information about how you interact with our Services, including when you visit and use our websites or apps, including which UltraAV web pages or app features are used, and when and for how long you use our Services. We may use cookies and/or other technologies to collect this information. See Section 6 for more information on how we use cookies and other technologies.
• Device information. We collect information from and about the device you use to access our Services, including information about the browsers and apps you use to access our Services. For example, we may collect device or mobile advertising identifiers, browser types, device types and settings, operating system versions, mobile, wireless, and other network information (such as internet service provider name, carrier name and signal strength), and application version numbers. We may use cookies and other technologies to collect this information See Section 6 for more information on how we use cookies and other technologies.
• Diagnostic information. We may collect information about the nature of the requests that you make to our servers, such as what is being requested, information about the device and app used to make the request, timestamps, and referring URLs.
• Approximate location information. Unless otherwise expressly stated or with your consent, we do not collect your location information based on your device’s GPS or other device sensor data. However, we may collect your approximate location by calculating an imprecise latitude and longitude based on your IP address to provide you with better service (e.g. to connect you to the nearest and fastest VPN server).
• VPN Service Specific Information. Our VPN Products do not log any information that associates your account credentials or identity with your VPN session activity. We do not maintain any records that show what websites you were browsing or apps accessed through a VPN connection. However, we will:
  • Identify the locations of the VPN servers utilized
  • Collect similar diagnostic information as referenced above.
  • Ask you to rate your connection and provide some more detailed survey information if you are not satisfied with the service. Note this information is not tied to a specific user.
  • We may also assign your device a ‘hash’, which is a random ID generated when you first launch one of our VPN apps. Device hashes are not linked to VPN browsing activity or user identity, but may be used to measure individual user activity.

See the VPN Products Privacy Notice for more information.

3.3 nformation Provided to Us by Third Parties.

• Third Party Invitation. If you are invited to use one of our Services, the party who invited you may submit your personal data or contact information, such as your email address, to us.

• Third Party Accounts. Some Services may allow you to register an account using a third-party account (such as a Google or Microsoft account) you have. If you elect to register or enroll in our Services through your third-party account, that third party may send us information about you that they have, such as email address or account identifying information that will enable us to provide our Services to you. What information is shared with us is controlled by the applicable third party that you have an account with. You may be able to control what information they send us via your privacy settings for that third party account.

• Threat Information. We receive information from reputable members of the security industry who provide information to help us to provide, develop, test, and improve our Services (for example, lists of malicious URLs, spam blacklists, phone number blacklists, and sample malware). Some of this information provided by third parties may contain personal data such as name or IP address on an incidental basis.

4. How Do We Use Your Information? We use the information we collect for various purposes described in this section. For visitors from the European Economic Area (EEA) or U.K., we also describe, below, our lawful basis for processing personal data.

• To provide, maintain, troubleshoot, and support our services. We use your information for this purpose on the basis that it is required to fulfill our contractual obligations to you. Examples include:

  • For our VPN products, using information about how much bandwidth you use and how long you use our services in order to provide the services in accordance with a plan to which you have subscribed;

  • For our digital threat platform, using threat and device information to determine whether certain items pose a potential security threat; and

  • Generally, to ensure the proper functioning of our services.

• For billing and payment purposes. We use your information in order to perform billing administration activities and process payments, which are required to fulfill our contractual obligations.

• To communicate with users and prospective users. We use your information to communicate with you, including by responding to your requests, and sending you information and updates about our services. We may do this in order to fulfill our contract with you, because you consented to the communication, or because we have a legitimate interest in providing you with information about our services.

• To improve our services. We want to offer you the best Services and user experiences we can, so we have a legitimate interest in continually improving and optimizing our Services. To do so, we use your information to understand how users interact with our Services. For example, we (a) analyze certain usage, device, and diagnostic information to understand aggregated usage trends and user engagement with our Services (and, for example, invest in technical infrastructure to better serve regions with increasing user demand); (b) may use device and threat information to conduct spam, threat, and other scientific research to improve our threat detection capabilities; and (c) review customer feedback to understand how we can improve.

• To develop new services. We have a legitimate interest in using your information to plan for and develop new services. For example, we may use customer feedback to understand what new services users may want.

• To market and advertise our services. We may use your information to provide, measure, personalize, and enhance our advertising and marketing based on our legitimate interest in offering you Services that may be of interest. For example, we may use information such as who or what referred you to our Services to understand how effective our advertising is; or we may use information to administer promotional activities such as sweepstakes and referral programs. Note that our VPN Products do not use your VPN browsing activity for these purposes and we do not maintain any records that show what you were browsing or accessing through a VPN connection.

• To implement security measures and prevent against harm or liability. We may use information for security purposes (such as to investigate security issues or to monitor and prevent fraud) and to prevent abuse. We may do this to comply with our legal obligations, to protect an individual’s vital interests, or because we have a legitimate interest in preventing harm or liability to us and our users. For example, we may use account, usage, and device information to determine if an entity is engaging in abusive or unauthorized activity in connection with our services.

• For compliance with legal obligations. We may use your information as required to comply with applicable law or regulation, legal process, or other legal obligation to which we are subject. For example, we may be compelled by a contract or court to provide certain information necessary to our business partners in order to fulfill the terms of a business agreement or our legal obligations. We may also use your information to enforce our legal rights and resolve disputes. To learn more about our practices regarding sharing your information with third parties for legal compliance purposes, see Section 5 below.

5. Disclosure of Information. We may disclose or use your information in the following circumstances, as applicable:

• In accordance with your instructions or consent. For example, some Services may allow you to register an account using a third-party account (such as a Google or Microsoft account). If you choose to do so, we will share information with the applicable third-party account provider you used.

• To your business organization (for our business Services). If you receive access to our Services through a business customer of ours (e.g. your employer) that has agreed to provide you with access to our Services through a business account, we may be required to share your information necessary to maintain your account and the personal contact information associated with it with such organization or persons associated with the organization (e.g. an administrator). Please note, business organizations do not get access to, or receive any reports from, any network or Internet usage information related to your VPN activity; and business organizations do not receive any information our identity Products we provide, such as information associated with your credit report, credit alerts, or other identity-related information, unless you provide them with express consent for any such use in each instance of their request.

• For collaborating with others on your behalf. Some Services may provide ways for different users to interact or collaborate with each other. Your information will be shared in connection with those activities if you choose to engage in them.

• To our vendors and service providers. Certain aspects of our Services are enabled or provided by third parties service providers and partners (including our affiliates) we engage, and we may disclose information to such companies and/or individuals we engage to perform business functions and services on our behalf. Such functions may include, for example:

  • processing of payments

  • providing analytics about our Services

  • providing sales and customer support

  • providing certain features or functionalities of our services

  • maintaining or hosting the infrastructure required to provide our Services

  • delivering our marketing and advertising content.

Where your personal data may be shared with such third parties, we protect your data by entering into agreements containing appropriate confidentiality and data processing terms with the applicable third parties, reviewing their security practices, and limiting information sharing to the scope of what they are helping us with.

• To a new owner(s) of our Services or any of our assets. If ownership or control of all or part of our Services, assets, or business changes, we may transfer your information to the new owner.

• For collection of aggregated or de-identified data. We may collect, use and share technical usage data or other user data that is aggregated and/or de-identified such that it no longer reveals the identity of an individual user for regulatory compliance, research and analysis, our own marketing and advertising activities, improvement of our Services, and other legitimate business purposes.

• To comply with legal processes and the law. We may share your information if we are required to do so by applicable law; to comply with our legal obligations; to comply with legal process; and to respond to valid law enforcement requests relating to a criminal investigation or alleged or suspected illegal activity that may expose us (or affiliates), you, or any of our other users to legal liability. If we share your information for these purposes, we limit the information shared to what is legally necessary, and challenge information requests that we believe are unlawful, overbroad, or otherwise invalid. To reiterate, our VPN Products do not collect information about which websites you visit or apps you use, so this information is not accessible in a law enforcement request.

• To enforce our rights and prevent fraud and abuse. We may share limited amounts of your information to enforce and administer our agreements with customers and users, and to respond to claims asserted against us or our affiliates. We may also share your information in order to protect against fraud and/or abuse against us, our affiliates, users and others.

• To verify your data. To the extent you use certain of our identity protection offerings, some Services require you to verify your identity as part of creating an account and your information may be used or shared with applicable service providers for such verification purposes.

6. Cookies and Other Tracking Technologies. We use various technologies in our Services to help us collect certain website or app user information.

These technologies include:

• Cookies. “Cookies” are small text files that can be placed on your computer or mobile device in order to identify your web browser and the activities of your computer on the Website. We may use cookies and other tracking technologies to recognize visitors to our websites and store visitors’ preferences, record session information, record user-specific information on what pages users access, deliver and track targeted advertisements, and record past activity at a site in order to provide better service when visitors return to our site. You can set your browser to not accept cookies if you wish to not have said information tracked. However, deleting or blocking certain cookies could adversely impact the proper operation of our Services, and, in some cases, some features of the website(s) may not function as a result. For more information on how we use cookies and your choices pertaining to use of cookies, please review our cookie policy.

  Pixel Tags / Page Tags / Web Beacons / Tracking Links. These tools allow us to determine if you perform a specific action on a web page or email message. When you access a page, ad, or email, or click a link, these items let us know that you have accessed that page, opened an email, or clicked a link. They may also indicate your Internet Protocol (IP) address, which enables us to determine your approximate geographic location as assigned by your Internet Service Provider.

  Software Development Kits (SDKs) / Software. This mobile app software is provided by our business partners that enables our mobile apps to interact with the services those partners provide.

7. Information Security. We understand the importance of protecting information provided to or collected by us, including personal data, and employ reasonable and appropriate methods (including a range of administrative, organizational, technical, and physical safeguards designed to protect your data such as use of best practices, procedures, policies, training, technology, and oversight) to protect against and reduce the risk of unauthorized access, loss, or release of data. Access to your account or services information is restricted to our employees or contractors who require such access to perform their job functions. While our controls are strong and we strive to protect your personal information through these various means, we cannot guarantee or warrant the security of the information, as no data security measures can guarantee 100% protection. We recommend you take every precaution in protecting your personal information when you are on the Internet or otherwise. You should change your passwords often, use a combination of letters and numbers when creating passwords, and make sure you use a secure browser.

8. International Data Transfers. Depending on where you reside and what Services you use, we may transfer your personal data to countries other than the one in which you reside. We do this to facilitate our operations and provision of Services to you, and transferees may include our affiliate companies, service providers, and partners. Please note laws in other countries may be different to those that apply where you reside. For example, personal data collected within the U.K., Switzerland or the European Economic Area (EEA) may be transferred and processed in the United States for purposes described in this policy. We use appropriate safeguards that help to ensure that such data receives an adequate level of protection, which typically includes entering into a contract with corporate recipients that require both parties to adhere to the Standard Contractual Clauses (or “Model Clauses”) adopted by the European Commission or UK for transfers to third countries. In addition, we rely on the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) as set forth by the U.S. Department of Commerce, as applicable, and have certified, through our affiliate, to the U.S. Department of Commerce of our adherence to (a) the EU-U.S. DPF Principles with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF, (b) the UK Extension to the EU-U.S. DPF in regard to the processing of personal data from the United Kingdom (and Gibraltar), and (c) the Swiss-U.S. DPF Principles with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this Privacy Policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (“DPF”) program, please visit https://www.dataprivacyframework.gov. To view our EU/Swiss-U.S. Data Privacy Framework Privacy Policy, click here. You may contact us if you would like more information about such safeguards.

If you change your country of residence, the company responsible for your data may change accordingly (e.g. from us to one of our affiliate entities operating in such country), and your data may be transferred to that other company.

For users of our VPN Products, if you are a UK or EEA resident and you choose to use our software to route your Internet traffic through servers in countries not deemed ‘adequate’ by the UK or EEA, then you acknowledge that such transfers are executed at your direction and with your unambiguous consent.

9. Data Retention. We retain your personal information as reasonably necessary for the respective purpose. In determining the criteria by which to retain or dispose of your information, we consider the type, sensitivity, context, and purpose of collecting the information. We generally retain your personal information for as long as is needed to provide the Services to you, or for as long as you have an account or subscription with us. We may also retain personal information if required by law, or for our legitimate interests, such as abuse detection and prevention, and defending ourselves from legal claims. Residual copies of personal data may be stored in backup systems for a limited period as a security measure to protect against data loss. With respect to our VPN Products, we do not collect or retain data about your browsing activity while you are connected to the VPN Services. For more information on the types of information stored in connection with VPN Services or specific Products, visit see the applicable Product specific privacy notices.

10. Your Rights.

10.1 General. Depending on your state or country of residence, you may have certain legal rights with respect to your personal information, subject to any applicable exceptions and limitations. These may include the right to:

• access and receive a copy of your personal data;

• correct your personal data;

• restrict the processing of your personal data;

• object at any time to the processing of your personal data;

• have your personal data erased;

• data portability;

• withdraw any consent you previously gave to the processing of your data (such as opting out to marketing communications);

• lodge a complaint with a data protection authority;

• request that we provide you with the categories of personal data we collect, disclose or sell about you; the categories of sources of such information; the business or commercial purpose for collecting or selling your personal data; and the categories of third parties with whom we share personal data. Note some of this information may already be provided in this Privacy Policy.

For clarity, the above describes examples of rights an individual may have. You may have some, but not all of the rights described above, depending on where you reside and what laws and regulations apply to you.

You may be able to exercise some of these rights by using the settings and tools provided in our Services. For example, you may be able to update your user account details via the relevant account settings screen of our apps. You may also be able to opt out from receiving marketing communications from us by clicking an “opt out” or “unsubscribe” link in such communications. Some mobile and web browsers transmit "do-not-track" or “opt-out preference” signals. We currently do not take action in response to these signals.

In addition to options available to you within your account or on our website, you exercise your rights pertaining to use of your personal data by email at privacy@anchorfree.com or through the details specified in the “Contact Us” section below.

We may take steps to verify your identity before taking further action on certain requests, as permitted by applicable law. We may not fulfill your request unless you have provided sufficient information for us to reasonably verify you are the individual about whom we collected personal information. Depending on your jurisdiction, you may also be permitted to designate an authorized agent to submit certain requests on your behalf. If you do so, you must give the authorized agent written permission to make such requests, or a power of attorney. We may follow up with you to verify your identity before processing the authorized agent’s request.

10.2 U.S. Only - State Specific Privacy Rights. If you are a resident of California, Colorado, Connecticut, Maine, Nevada, Oregon, Texas, Utah, or Virginia, you may have specific or additional rights under your state’s privacy laws.

Depending on the jurisdiction where you reside and the scope of applicability, you may have the following rights with respect to your personal information:

• Right to know what personal information we collect, how we use and share it, and how long we keep it. The state laws generally require that we provide you information about the categories of personal information we collect and the purposes for which we collect each category. This Privacy Policy provides details about our collection and usage practices. As described in Section 3 of this Privacy Policy, we collect personal information when you interact with us and use our Products and Services, from third parties, and from the devices you use. Use of certain identity protection Services may require you to provide information such as social security number, driver’s license, financial account data, or other information that is considered sensitive personal information under state privacy laws. We retain information only as long as reasonably necessary for business, accounting, tax or legal purposes and then securely delete it. We use the information we collect for business and commercial purposes as those terms are defined by the CCPA. Third parties/service providers we use to perform business functions on our behalf may use information for the same purposes.

• Right to access, delete and correct information. You may have the right to request access to your information, or for us to delete or correct your personal information. Please contact us to request that we delete personal information we have about you, or to correct inaccurate personal information we have about you. Unless we need it for reasons specified or permitted by applicable laws or regulations, we will work with you to delete your personal information accordingly. You may also request access to your information, and we will provide the relevant information to you in a portable and readily usable format.

• Right to limit the use of sensitive personal information. For sensitive personal information that we collect, we will only use or disclose it either with your specific consent when required, or as otherwise permitted by law.
  If you are a resident of California, you have the right to limit the use of sensitive personal information if we use that information for purposes beyond what is needed to provide the Products and Services you request or for other reasons specified in the CPPA. As we do not use or disclose sensitive personal information for other purposes without your consent, we do not offer you an option to limit the use of sensitive personal information.

• Right to tell us not to use personal information to create profiles about you that we use to inform decisions that have legal or similarly significant effects. We do not use personal information to profile you to further decisions that have legal or similar significant effects.

• Right to tell us not to sell personal information or process it for certain targeted advertising purposes. The laws vary in the way they define sale and certain targeted advertising, but generally, they require that we provide you with the ability to limit activities that involve sharing personal information for monetary or other valuable consideration and using personal information about you from your activity across other websites or apps to target ads to you. You can opt out of certain sharing or processing of your personal information by accessing your privacy preferences page or the cookie “Storage Preferences” banner which further describes how we honor privacy control signals you may set on your browser. We do not respond to Do Not Track signals. We do not knowingly sell or share personal information related to children under 16 years of age.

• Right to appeal a denial of your request to exercise the privacy rights provided by the state law. Some states allow you to appeal a denial of your request to exercise your privacy rights provided by applicable state law. If you are a resident of Colorado, Connecticut, Oregon, Texas, or Virginia and we deny your request to exercise certain rights pertaining to your personal data, you can appeal the denial of a request to exercise privacy rights by following the instructions listed in the denial communication, by submitting a request through a privacy inquiry to privacy@anchorfree.com.

• Right to not be discriminated against. Some state laws ensure that you have the right to not be discriminated against. We do not discriminate against you, or anyone, for your/their exercise of any rights provided to you by applicable state law.

You can exercise your right to know, access, delete, and correct data directly, or, in California, Colorado, Connecticut, Oregon, and Texas, you may appoint an authorized agent to act on your behalf, by submitting a request. You can exercise your right to opt-out of selling and sharing by visiting your privacy choices page or the cookie “Storage Preferences” banner. Note we require you to verify your identity using the processes we describe in the dashboard or the privacy choices page before we fulfill your request.

Notice to California Residents: We do not ‘sell’ or ‘share’ personal information for our own monetary benefit. However, as the CCPA defines ‘sell’ and ‘share’ broadly, some of the advertising services that support our website, marketing efforts, and mobile applications use third party advertising services that may be deemed a ‘sale’ or ‘sharing’ under California law. Please visit our cookie policy page to see the list of cookies, cookie notices, or app-specific advertising services to indicate your continued preferences to receive such personalized ads.

This Privacy Policy describes the categories of personal information we collect, process, and share with service providers and other businesses. If you would like to exercise your rights to receive the specific pieces of information, or other rights applicable to you, please contact us through the methods specified in the ‘Contact Us’ section below.

11. Age Restrictions. Our Services are not intended for and may not be used by minors. In this context, minors are individuals under the age of 16, except for our identity and credit monitoring Services, which are restricted to those under the age of 18. We do not knowingly collect personal data from minors or allow them to use our Services. If we discover that we have collected personal data from a minor, we may delete such data without notice. Please note that the legal terms under which we make certain Services available may require users to be older than 16 years of age.

12. Privacy Policy Updates. We may update this Privacy Policy from time to time in accordance with this section for reasons such as changes in laws, industry standards, and business practices. We will post updates to this page and update the “Last updated” date above. If we make updates that materially alter your privacy rights, we will also provide you with advance notice, such as via email or through the Services. If you disagree with such an update to this policy, you may cancel your Services account. If you do not cancel your account before the date the update becomes effective, your continued use of our Services will be subject to the updated Privacy Policy.

13. Contact Us. We expect this Privacy Policy to evolve over time and welcome feedback from our users about our privacy practices. If you would like to exercise your rights, have any questions or complaints about our privacy practices, you can contact us using the following details:

Anchorfree, LLC
250 Northern Ave
3rd Floor, Boston, MA 02210
privacy@anchorfree.com

For visitors from the UK or EEA, the GDPR gives you additional rights to contact our Data Protection Officer (DPO). We have appointed Bird & Bird DPO Services SRL as a DPO for us and our Services. Our DPO may be reached:

• by email to: DPO.Aura@twobirds.com

• by mail to: Bird & Bird DPO Services SRL, Avenue Louise 235 b 1, 1050 Brussels, Belgium

Archived Version

• September 18, 2024