OPSWAT Privacy Policy

Last Updated: June 25, 2024

Summary
Contact Us
How We Process Your Personal Data
Cookies and Similar Technologies
Legal Basis for Collecting and Using Your Personal Data
Disclosures
International Transfers
Security
Data Retention
Your Rights
For California Residents
Children’s Privacy
Links to Third-Party Sites
Product-Specific Disclosures

Summary

OPSWAT Inc. and its subsidiaries (“OPSWAT”, “we”, “us”, and “our”) take data protection very seriously, and we are fully committed to protecting your information. This privacy policy explains:

the personal data we collect from you;
how we use your personal data (including how we disclose or transfer your personal data); and
your rights with respect to your personal data.

IMPORTANT:

“Personal data” means any data relating to an identified or identifiable natural person, including but not limited to your name, contact information (e.g., your email address, postal address, or telephone number), and your IP address.

Although you do not have to provide any of your personal data to us, if we ask you to do so and you refuse, we will not be able to provide you with the information, goods, or services you want from us to the extent your personal data is required.

We update our privacy policy from time to time, and we will notify you of any material changes by posting the new policy and revising the “Last Update” date at the top of the policy.

Contact Us

If you have any questions or concerns, please contact us by email at legal@opswat.com or by mail to:

OPSWAT Inc.
Attn: General Counsel
5411 Skycenter Dr,
Ste 900,
Tampa, FL 33607 USA

Additionally, if you would like to contact our EU Data Protection Officer, please email our DPO at privacy@opswat.com.

How We Process Your Personal Data

For website visitors, if you use our website at OPSWAT.com and/or any OPSWAT-associated sites existing as subdomains:

Activity	Personal Data We Collect	How We Use Your Personal Data	Legal Bases for Processing
Your general use of our websites	Page visit history IP address Browser type and operating system Date when you visit our website	Better understand user behavior and browser agent performance Improve website performance and content quality	Legitimate interest (to allow us to provide you with the content and services on the websites and improve our websites) Consent from you
Submitting a request to us through our websites (e.g., through our “Contact Us” or “Subscribe” forms and live chat)	Name Contact information (e.g., email address, phone number) Your country/state Company name and designation Any other information you share with us, including your interest in our products and the number of devices in your production environment	To respond to your request for contact To provide you with information that best meets your needs as expressed in your inquiry To deliver targeted and relevant advertising and marketing to you To ensure we comply with consent requirements pursuant to your country’s privacy requirements	Legitimate interests (to allow us to respond to your inquiry) Consent from you
If you interact with the Chatbot on one of our websites	Information you voluntarily provide to the Chatbot, including your name, title, and contact information (e.g., email address, phone number) Usage information (if associated with a unique device identifier tied to you)	To grant you access and allow your use of the Chatbot To respond to your request for contact To provide you with information that best meets your needs as expressed in your inquiry Improve Chatbot performance and content quality	Legitimate interests (to allow us to respond to your inquiry and improve our Chatbot) Consent from you

For customers, if you make a purchase through any of our online stores or any third-party e-commerce store:

Activity	Personal Data We Collect	How We Use Your Personal Data	Legal Bases for Processing
Making a purchase through our online stores	Name Entity name Contact information Recipient name and shipping information	To ship your purchased products To comply with export laws To process any item returns To provide you with support, per your request	Contract performance (in order for us to take steps at your request to fulfill your purchase)

IMPORTANT:

If you make a purchase through our online stores with a credit card, your credit card information is processed directly by OPSWAT’s payment processing vendor. OPSWAT does not store or directly process your credit card information.

For users of our products and services, if you create an account through one of our websites (including OPSWAT Portal) or for any of our products:

Activity	Personal Data We Collect	How We Use Your Personal Data	Legal Bases for Processing
Creating an account on My OPSWAT or through one of our associated websites	Name Contact information (e.g., email address, phone number) Company name Password	Validate that you are human and not a robot when you create an account Authenticate your secure access to your account when you log-in Create a My OPSWAT account for you Associate your requests for support with your account Troubleshoot an issue that you are reporting	Legitimate interest (to allow us to create an account for you as requested) Contract performance (to allow you to download OPSWAT products and updates; allow you to ask for technical support) Consent from you

For users of our products and services, if you use our products and services:

Activity	Personal Data We Collect	How We Use Your Personal Data	Legal Bases for Processing
If you are invited to your organization’s account	Name Email address Password IdP Group information API key	To provide login and authentication	Contract performance (to allow you access OPSWAT products licensed by your organization)
Using our products and services	Name Contact information (e.g., email address, phone number) IP address Hostname Usage information (e.g., information regarding your configuration and use of our products and services; information regarding how our products and services are performing based on your use) Other information that you provide to us in connection with your use of our products and services	To conduct account administration and other service activities To maintain the security of our infrastructure and services To improve our products and services To make recommendations to customers based on your usage To provide customer support regarding our products and services	Contract performance (to allow you to use OPSWAT products) Legitimate interest (to improve our products and services)
Reporting an issue with one of our products	Your name Your contact information (e.g., email address, phone number) Any personal data contained in troubleshooting logs provided to OPSWAT. Please refer to the Product Specific Disclosures section below for more details.	To troubleshoot an issue you are reporting.	Contract performance (to provide you technical support)
Providing professional services or support to you	Name Contact information (e.g., email address, phone number) Your business address (for on-site installations) Information regarding your company and role Personal data captured in content and/or metadata to troubleshoot the issue	To communicate with you throughout the course of our professional services engagement or to provide support to you To provide professional services or support to you	Contract performance (to provide you technical support)

For users of OPSWAT Academy, if you use OPSWAT’s e-learning platform (OPSWAT Academy):

Activity	Personal Data We Collect	How We Use Your Personal Data	Legal Bases for Processing
Enrolling in courses	Name, Contact information (e.g., email address, phone number) Country Information regarding your company and role	To create your OPSWAT Academy account, authenticate your access, and associate requests for support with your account (if you are using OPSWAT Academy previous to v. 3.0) For OPSWAT Academy 3.0: for marketing analytics purposes and to send product updates or related information If you are accessing OPSWAT Academy through your university, employer, or organization (“Organization”), we may provide the Organization with updates and details regarding your progress in the OPSWAT Academy courses.	Contract performance (to provide you with the courses you ordered) Consent from you

IMPORTANT:

If you make a purchase through our e-learning platforms with a credit card, your credit card information is processed directly by OPSWAT’s payment processing vendor. OPSWAT does not store or directly process your credit card information.

Other ways in which OPSWAT processes personal data:

Activity	Personal Data We Collect	How We Use Your Personal Data	Legal Bases for Processing
For prospective customers, marketing to you	Name Contact information (e.g., email address, phone number) Information regarding your company and role	To deliver targeted and relevant advertising and marketing to you	Consent from you
For suppliers, purchasing products and services from you	Name Contact information (e.g., email address, phone number, physical address) Information regarding your company and role	To purchase products and services for OPSWAT	Contract performance (to process the transaction)
For independent contractors, receiving services from you or providing services to our customers	Name Contact information (e.g., email address, phone number, physical address) Information regarding your company and role	To receive services for OPSWAT or provide services to our customers	Legitimate interest (to manage the relationship with the independent contractor) Contract performance
For resellers and business partners, establishing and maintaining our business relationships	Reseller name Contact information (e.g., email address, phone number, physical address) Information regarding your company and role	To manage our reseller and business partner relationships	Legitimate interest (to manage the relationship with the business partner) Contract performance
For in-person visitors, visiting one of our locations	Name Contact information (e.g., email address, phone number, physical address) Details regarding your visit Country of residence CCTV video	To ensure the safety, security, and health of the individuals at our locations	Legitimate interest (to ensure the safety, security, and health of individuals at our location) Consent from you

Marketing

OPSWAT (or our resellers or other selected third parties acting on our behalf) would like to contact you from time to time in order to provide you with information about products and services that OPSWAT assesses to be of interest to you. You have the right to ask OPSWAT not to process your personal data for certain or all marketing purposes, but if you do so, OPSWAT will need to share your contact information with third parties for the limited purpose of ensuring that you do not receive marketing communications from them on OPSWAT’s behalf.

Sensitive Personal Data

We do not intend to collect sensitive personal data from you (unless we are legally required to do so). Examples of special category information include race or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health, genetic data, biometric data, sexual life or sexual orientation, and criminal records.

We ask that you do not provide us with sensitive personal data when using our products and services.

Automated Decision Making

We do not use your personal data for automated decision making or profiling.

Cookies and Similar Technologies

If you use an internet browser to interact with our products and services, you should be aware that like many businesses with websites and cloud services, we also use “cookies” to collect information. A cookie is a small data file that we transfer to your computer’s hard disk for record-keeping purposes. You can control our use of cookies with respect to your device by changing options in the Internet browser you use. We will display notices to you about cookies and prompt you to accept a cookie from us. If you do not accept cookies, however, certain portions or features of our products and services using your internet browser will not be accessible. For more information about our use of cookies, please visit OPSWAT Cookies Policy.

Legal Basis for Collecting and Using Your Personal Data

Our legal basis for processing your personal data will depend on the personal data we collect and the context in which we collect such data. However, we will normally collect personal data from you only where we need the personal data to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms, or where we have your consent to do so. In some cases, we also have a legal obligation to collect personal data from individuals or otherwise need the personal data to protect a person’s vital interests or those of another person.

If we collect and use your personal data in reliance on our legitimate interests (or those of any third party) other than as described in this privacy policy, we will make clear to you at the relevant time what those legitimate interests are.

No mobile information will be shared with third parties/affiliates for marketing/promotional purposes. All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

If you have questions about or need further information concerning the legal basis on which we collect and use your personal data, please contact us using the contact details provided under the “Contact Us” heading.

Disclosures

OPSWAT discloses personal data to third parties under the following circumstances:

Our Affiliates: We disclose personal data to our affiliates to provide services and support and for the purposes otherwise described in this privacy policy.
Service Providers: We disclose personal data to third-party service providers to provide us with services such as website hosting and professional services, including information technology services, payroll services, auditing services, consultancy services, regulatory services, and legal services in other countries. For our customers, please see our list of subprocessors located at https://www.opswat.com/legal/subprocessors.
Business Partners: We provide personal data to our channel partners, such as distributors and resellers, and to other business partners, to fulfill product and information requests, to effectively deliver unified support, and to provide customers and prospective customers with information OPSWAT and its products and services.
Compliance with applicable law: When necessary, we disclose personal data to law enforcement, regulatory and other government agencies, and to professional bodies and other third parties as required by and/or in accordance with applicable laws or regulations (including responding to public authorities to meet national security or law enforcement requirements).
Exercising our legal rights: When necessary, we disclose personal data as necessary to exercise, establish or defend our legal rights.
Business transfers: We disclose or transfer personal data in connection with, or during negotiations of, any merger, sale of company assets, financing, acquisition, dissolution, corporate reorganization or similar event. If we disclose your personal data in connection with such an event, we will inform any buyer that your personal data shall only be used in accordance with this privacy policy.
Vital interests: We disclose personal data if required in urgent circumstances to protect the personal safety of individuals or the general public.
With your consent: We disclose your personal data for any other purpose with your consent.

International Transfers

OPSWAT’s global organizational structure requires the global transfer of personal data to OPSWAT’s affiliates. Consequently, the personal data you provide to us will be transferred across state or country borders, including to countries outside the country in which you reside (including to countries outside the European Economic Area (“EEA”), the United Kingdom, and Switzerland). OPSWAT also transfers your personal data internationally to service providers, business partners, and other third parties (as described in the “Disclosures” section). Some of these recipients process personal data outside of countries considered “adequate” by certain supervisory authorities, including the European Commission. If such an international transfer occurs, we will protect your personal data by taking contractual or other steps in accordance with applicable law. For transfers from the EEA, the United Kingdom, or Switzerland to non-adequate countries, we have implemented the European Commission’s Standard Contractual Clauses.

Security

We use technical and organizational measures to protect your personal data from accidental or unlawful loss, destruction of, or damage to personal data. However, while we strive to protect personal data, we cannot guarantee the security of the personal data provided to us. Although we use appropriate security measures, once we have received your personal data, the transmission of data over the Internet (including via email) is never completely secure. We urge you to protect your personal data when using the Internet by, for example, changing passwords often, using a combination of letters, numbers, and special characters (for example, % and $ and +), and making sure to use a secure browser.

Data Retention

We store your personal data for different time periods depending on the type of personal data we have, our stated business purpose for such data, our legal obligations and rights, and our agreements with you. We will retain your information for as long as we have a legitimate business purpose to do so, for no longer than is required or permitted by law. Please note that, pursuant to certain privacy laws, you also have the right to request the deletion of your personal data, as described in the “Your Rights” section.

Your Rights

If there are applicable privacy laws in your jursidiction, you have the following rights regarding your personal data (which you can invoke by going to Data Subject Request Form):

Right to access your information: You have the right to request access to the personal data that we hold about you, including access to duplicates of the personal data retained.
Right to correct your information: If your personal data is inaccurate or incomplete, you can ask us to correct your information.
Right to suspend processing: You have the right to request that we stop processing your personal data in certain circumstances, including when you believe that the information we hold about you is inaccurate or unlawful.
Right to port your data to another party: You have the right to receive the personal data concerning you, in a structured, commonly used and machine-readable format, and have your information transferred to another party.
Right to delete: You have the right to request we delete your personal data. If we delete your personal data, you will lose access to OPSWAT services requiring you to maintain registration with us of a user account ("User Account"). Additionally, please note that, in certain cases, we have an overriding legitimate basis for retaining your personal data (e.g., if your User Account is linked to a commercial transaction with OPSWAT where you are making payments to us or we are making payments to you).
Right to object: When we process your personal data based on legitimate interests, you have the right to object to this processing. If you object, we will no longer process your personal data unless there are compelling and prevailing legitimate grounds under applicable law (e.g., your data is necessary for us to establish, exercise, or defend our legal rights).
Right to complain to a supervisory authority: You have the right to lodge a complaint with your applicable supervisory authority.
Right to withdraw consent: You have the right to withdraw consent that you’ve previously provided to OPSWAT.

For California Residents

Please see our California Consumer Privacy Act Notice.

Children’s Privacy

We understand the importance of protecting children's privacy and we never knowingly collect personal data about individuals under the age of 18.

IMPORTANT:

If you are under 18 years of age, we ask that you do not use our products and services.

Links to Third-Party Sites

As you use our products and services, if you link to third-party sites not controlled by us and which do not operate under our privacy practices, our privacy practices no longer apply. We encourage you to review each third-party site's privacy policy before disclosing any personal data.

Product-Specific Disclosures

These product-specific disclosures include additional detail regarding how we process your personal data.

MetaDefender Access

If your device is monitored by an administrator, MetaDefender Access provides your administrator access to the following data. Your administrator has the ability to restrict access to personal data from being transferred and stored in MetaDefender Access, including username, host name, public IP, MAC address, local IP address, serial number, geolocation, and application details.

Data We Collect	How We Use Your Data
Application User ID	To provide the administrator auditing capability which user is logging in
If your administrator chooses the option within MetaDefender Access to collect information regarding other devices you connect to the network with MetaDefender Endpoint installed, MetaDefender Access will collect information regarding such devices, including: Local IP address MAC address Hostname Mobile device name Device type and serial number OS type Network adapter information such as DNS and media state Active Directory information such as AD domain and OU/Group name	To identify and locate your device(s) associated with your account To allow your administrator to monitor other devices you connect to the network with MetaDefender Endpoint installed To discover devices in the network, including those which are not running MetaDefender Endpoint
System and application information (e.g., OS information, missing patches, lock screen timeout) Anti-malware log Mobile device status and information (e.g., connected IP addresses, OS information, encryption state)	To determine if each device associated with your administrator's account is compliant with the security policy that your administrator set
Other information collected using scripts and which end-users input	To provide your administrator with customized information to be used for the purpose your administrator has determined
MetaDefender Endpoint crash dump and logs	To provide your administrator with a method to fetch logs from your devices running MetaDefender Endpoint. To provide your administrator or OPSWAT support representatives with a method to troubleshoot issues reported by your devices running MetaDefender Endpoint.
Session information	To allow your administrator the ability to monitor user sessions
Geolocation data of your devices connected to the network	To identify and locate devices connected to the network

IMPORTANT:

Please note that your administrator has the option to enable “Network Discovery,” a feature within MetaDefender Access that allows your administrator to monitor the networks you connect with your device running MetaDefender Endpoint. If you connect your device running MetaDefender Endpoint to networks other than your company’s network, your administrator has the ability to see limited information about such other networks and the devices connected to such other networks, including local IP addresses, MAC addresses, hostnames, device types, and OS types. If you have any questions or concerns about Network Discovery, please contact your administrator.

If you are using the personal version of MetaDefender Access, please note that we process the following personal data:

Data We Collect	How We Use Your Data
Email address Hostname IP address MAC address Serial number of your device	To determine the general security status of your device To determine what applications are installed on your device

IMPORTANT:

Please note that the retention period for your data is configurable by your administrator under commercial subscription for MetaDefender Access. By default, your data is retained for thirty (30) days.

The following personal data is collected but de-identified and stored separately to protect your privacy.

Data We Collect	How We Use Your Data
Information regarding running processes, including: File signature of process File signature of loaded modules File properties such as version and descriptions Digital signature information Running processes and their network connections Network connectivity: IP addresses and domain names Information about the application to which the process belongs	To determine whether the behavior of processes running on your device is safe or malicious (in other words to assess whether or not your device has been compromised by malware).
High-level OS/device information, including: Operating system name Service pack version Computer type (e.g., laptop) OS language	OS information is for classifying the relative distribution or concentration of operating systems and versions across all data which is submitted to us. Network information is for classifying the relative distribution or concentration of various network adapters as well as the distribution or concentration of Wi-Fi vs. Ethernet connections across all data which is submitted to us.
Information regarding application lists, including: Product name and product version Vendor name	To identify endpoint security products besides anti-malware (such as personal firewalls and disk encryption) installed on your device and determine whether your device is running the latest version made available by its vendor.
Information regarding anti-malware products on your devices, including: Anti-malware definition information	To specifically identify anti-malware product(s) installed on your device and see whether or not these product(s) have their real-time protection feature enabled, whether their definition database is up-to-date, and the last time the product(s) scanned the device for malware infection.
Information regarding your installed system drivers, including: Driver information such as name and status	To determine whether the OPSWAT driver made available to software vendors for embedding in their application is able to function correctly based on other drivers already installed on your device.
Your MetaDefender Endpoint Security SDK Account Token	If you are a software vendor embedding MetaDefender Endpoint Security SDK and enabling the data submission process, this token identifies your company as an authorized user of the data submission process.

MetaDefender Core Platform

Your Activity	Data We Collect	How We Use Your Data
If you activate the MetaDefender Core Platform license key	Email address IP address A unique identifier of the device on which the license key was activated by the activation process	To record in our license server that you activated a specific license key provided to you by us on a unique device To investigate license activation issues you report to us
If you configure MetaDefender Core Platform to automatically install updates	IP address A unique identifier of the device on which the automatic updating was configured	To investigate automatic updating issues you report to us
If you use MetaDefender Drive and consent to uploads to MetaDefender Cloud	Contents of the file and file metadata (to the extent that either contains personal data)	To analyze an uploaded file with multiple anti-malware engines and display results of each engine's analysis (i.e., is the file infected with a computer virus or not) To sanitize the uploaded file, if the file type is supported for this function, in order to provide the sanitized file to you only
If you use MetaDefender ICAP Server	The support package created by the support tool includes the following: Raw HTTP traffic snippets for badly formatted ICAP requests Information relating to the browsing history of the IP of the proxy device using ICAP to send requests to MetaDefender ICAP Server and URLs visited by devices using the proxy device which is sending requests to MetaDefender ICAP Server	To investigate issues you report to us concerning an instance of MetaDefender ICAP Server on which you have run the support tool and sent us the resulting support package
If you use MetaDefender Managed File Transfer and your instance is integrated to your Microsoft Active Directory	Your user information from Active Directory, which will likely include your name, company, any nicknames, username, and email address	To investigate issues you wish to report to us concerning an instance of MetaDefender Managed File Transfer on which You have run the support tool and sent us the resulting file
If you use MetaDefender Storage Security	The support package created by the support tool includes the following: Application logs and configuration information including IP addresses, file names, user emails, and usernames History of the mdss package commands executed OS and hardware information of your device Network information	To investigate issues you wish to report to us concerning an instance of MetaDefender Storage Security on which you have generated support package and send us the resulting file
If you use the Central Management support tool to create and send us a support package	The support tool generates a support package called “mdcentralmgmt-support-<TIMESTAMP>.tar.gz” for Linux and “mdcentralmgmt-support-<TIMESTAMP>.zip” for Windows which includes: The configuration files of Central Management found on the device on which you installed Central Management Log files of Central Management found on the device OS and hardware information of your device Network information Central Management directory information Central Management configuration database without user data	To investigate issues you wish to report to us concerning an instance of MetaDefender Central Management on which you have run the support tool and sent us the resulting support package

MetaDefender Cloud

Your Activity	Data We Collect	How We Use Your Data
When you upload data from your browser	Browser name IP address (obfuscated to protect your information) Browser unique identifier Hostname	To uniquely identify the device you are using to access MetaDefender Cloud To identify the location of your device when using MetaDefender Cloud

IMPORTANT:

For Commercial and Enterprise customers, MetaDefender offers two features to protect personal data:

(1) Private Scanning: Ensures deletion of your files within twenty-four (24) hours after scanning; and

(2) Private Processing: Ensures that the results of your scan are only available to the person who scanned the file with the API key.

When you scan data using MetaDefender Cloud, MetaDefender Cloud will process personal data as follows:

	Personal	Commercial/Enterprise Without Private Scanning	Commercial/Enterprise, Private Scanning Selected
Data We Collect	Any personal data contained in the data submitted for scanning itself Any associated metadata (e.g., the file type)	Any personal data contained in the data submitted for scanning itself Any associated metadata (e.g., the file type)	Any personal data contained in the data submitted for scanning itself Any associated metadata (e.g., the file type)
How We Use Your Data	To analyze the uploaded data with multiple anti-malware engines and display results of each engine's analysis (i.e., is the data infected with a computer virus or not) To sanitize the uploaded data, if the data type is supported for this function, in order to provide the sanitized data to you only	To analyze the uploaded data with multiple anti-malware engines and display results of each engine's analysis (i.e., is the data infected with a computer virus or not) To sanitize the uploaded data, if the data type is supported for this function, in order to provide the sanitized data to you only	After you submit the data for scanning in the client, MetaDefender Cloud temporarily stores the data in an encrypted AWS S3 bucket for data scanning After completion of the scanning process, the data is permanently removed from our storage
Data Retention	Up to 10 years unless otherwise restricted by law or by your choice to delete as part of your rights	Up to 10 years unless otherwise restricted by law or by your choice to delete as part of your rights	Up to 24 hours

If you make a purchase through Stripe (our online store provider), please note that OPSWAT will not have access to your payment information, since payment transactions are entirely processed through Stripe. Stripe is certified as a PCI Level 1 Service Provider. Please refer to Stripe’s Privacy Policy for further detail regarding how Stripe processes your payment information.

Mobile App

Your Activity	Data We Collect	How We Use Your Data
If you install the OPSWAT Mobile App	IP addresses to which your device is connected Android application package files of applications installed on your device Log files Installation UUID: unique alphanumeric string for identifying a device to the OPSWAT Mobile App Troubleshooting logs	To analyze connected IP addresses and applications on your mobile device for malicious activity To provide OPSWAT support representatives with a method to troubleshoot issues reported by your devices running the OPSWAT Mobile App Help to troubleshoot a crash with specific instances of the OPSWAT Mobile App Analytics information based on segmented device data
If you enroll your device to a MetaDefender Access account	Refer to MetaDefender Access Product-Specific Disclosures

Central Management

Your Activity	Data We Collect	How We Use Your Data
If you install Central Management v. 7.x	Activation key IP address Email address Log files of Central Management and MetaDefender Endpoint (to the extent they contain personal data)	To record in our customer license management system that you activated a specific license key provided to you by us on a unique device To troubleshoot any license activation issues and other issues you are reporting To provide trial license key via email
If you install Central Management v. 5.x	Refer to MetaDefender Platform Product-Specific Disclosures
If your device is monitored by an administrator	Contents of the file and file metadata (to the extent either contains personal data)	To analyze an uploaded file with multiple anti-malware engines to detect any threats

My OPSWAT

Your Activity	Data We Collect	How We Use Your Data
When you register for a My OPSWAT account	Name Email address Password Your associated organization	Create a user account for you Assign you to an account with a user role Create audit trails for actions you perform on an account
If you are invited to your organization’s account	Name Email address Password IdP Group information API key	Create a user account for you Assign you to an account with a user role
When you activate a license key	Account ID: a unique identifier OPSWAT generates to identify a unique account/server. License key: a unique key OPSWAT generates when a customer purchases licenses for OPSWAT products	To activate the product To investigate license activation issues you report to us
When you browse the product page	License key	To visualize the products you have licensed from OPSWAT
If you download a deployment report for a license key	License key	To generate a deployment report for a license key of a product
If you use My OPSWAT to manage your OPSWAT products	When you enroll a product instance or create a group, OPSWAT will collect any personal data contained in the name and/or description of such product instance or group (e.g., a person's name).	To allow you to identify and manage your product instances and groups
If you submit a support case through My OPSWAT	Troubleshooting logs, which include: The location where the product is installed IP addresses Hostname OS Information	To troubleshoot an issue that you are reporting
If you pay an invoice through PayPal	Your account name, to the extent this contains your personal data Invoice number	To send your invoice to PayPal for processing. Please note that any banking or credit card information submitted to PayPal is processed directly by PayPal. Please refer to PayPal’s privacy policy for further details regarding PayPal’s processing.

Additionally, to the extent you use My OPSWAT to manage your OPSWAT product(s), such product instances have the ability to report data to My OPSWAT. Please refer to the applicable Privacy Policy for your OPSWAT product(s) for more details regarding the personal data processed by such product(s).

MetaDefender Sandbox

When you use the Software-as-a-Service version of MetaDefender Sandbox and you upload data to MetaDefender Sandbox, we process the following personal data:

	Community Version	Commercial Version
Data We Collect	Any personal data contained in the uploaded data itself Any personal data contained in the analysis report from MetaDefender Sandbox	Any personal data contained in the analysis report from MetaDefender Sandbox
How We Use Your Data	For file analysis as part of the MetaDefender Sandbox services For producing the threat intelligence report to the user For error monitoring and error reporting	For producing the threat intelligence report to the user For error monitoring and error reporting

When MetaDefender Sandbox is installed on-premises, OPSWAT does not have access to the files you upload to MetaDefender Sandbox for processing.

WARNING:

Your network connection used for MetaDefender Sandbox should be separate from any other network connection. Using the product in any other way (e.g., a shared connection with your internal network) is a serious threat to the data protection of any files analyzed by MetaDefender Sandbox. You assume sole responsibility for failing to establish a separate network connection for MetaDefender Sandbox.

MetaDefender Netwall

By default, OPSWAT does not have access to your personal data when you use MetaDefender Netwall, since MetaDefender Netwall is deployed on-premises. OPSWAT will only process your personal data in the following instances:

Your Activity	Data We Collect	How We Use Your Data
When you create a local user account	Login information Email address	To create your user account
When you choose the option to connect to FTP or Windows File shares	Login information	For authentication and access control to the system For access to file shares
When you ask OPSWAT support representatives to investigate an issue with MetaDefender Netwall and provide OPSWAT with log files	Any personal data contained in product logs	Troubleshoot an issue with MetaDefender Netwall that you are reporting

MetaDefender OT Access

Your Activity	Data We Collect	How We Use Your Data
If MetaDefender OT Access is hosted by OPSWAT and you create an account with us	Name Login information Email address Phone number (optional)	For authentication and access control to the system We also use phone numbers and/or email for multi-factor authentication
When you ask OPSWAT support representatives to investigate an issue with MetaDefender OT Access and provide OPSWAT with log files	Any personal data contained in product logs	Troubleshoot your reported issue with MetaDefender OT Access

MetaDefender Industrial Firewall

If the MetaDefender Industrial Firewall management console is not used, then OPSWAT does not collect any personal data from you.

If the management console is used the following data is collected:

Your Activity	Data We Collect	How We Use Your Data
You create an account with us	Name Login information Email address	For authentication and access control to the system
When you ask OPSWAT support representatives to investigate an issue with MetaDefender Industrial Firewall and provide OPSWAT with log files	Any personal data contained in product logs	Troubleshoot your reported issue with MetaDefender Industrial Firewall

MetaDefender Email Gateway Security

If you deploy MetaDefender Email Gateway Security on-premises, OPSWAT does not process your emails. However, if you report an issue to us, OPSWAT processes your personal data as follows:

Your Activity	Data We Collect	How We Use Your Data
If you ask us to troubleshoot an issue	When you ask us to troubleshoot an issue, if you provide us with troubleshooting logs, such logs contain the email addresses of the sender and recipient and the subject line of the email, to the extent it contains personal data.	To investigate issues you report to us

If you use MetaDefender Cloud Email Security, we process your personal data as follows:

Your Activity	Data We Collect	How We Use Your Data
Creating an account	Name Login information (username and password) Email address Role	To create an account for you. Please note that the administrator for your company’s instance will also have access to your account information for the purposes of managing the company’s instance of MetaDefender Cloud Email Security.
When you use MetaDefender Cloud Email Security to scan your email	The email addresses of the sender and recipient The subject line of the email, to the extent it contains personal data Personal data contained in emails scanned with MetaDefender Cloud Email Security	For MetaDefender Cloud Email Security to scan your emails for malware and other vulnerabilities.
If you ask us to troubleshoot an issue	When you ask us to troubleshoot an issue, if you provide us with troubleshooting logs, such logs contain the email addresses of the sender and recipient and the subject line of the email, to the extent it contains personal data.	To investigate issues you report to us

IMPORTANT:

Please note that MetaDefender Cloud Email Security retains any emails you scan. If you are an administrator, you have the option to configure your version of MetaDefender Cloud Email Security to automatically delete any retained emails and email history on a regular basis (ranging from every hour to every twelve months).

Cybersecurity Assessment

If you participate in a Cybersecurity Assessment provided by OPSWAT or one of its subcontractors, OPSWAT processes personal data as follows:

Your Activity	Data We Collect	How We Use Your Data
If you participate in any cybersecurity assessment	Your participating users’ names and contact information Personal data contained in any information provided to OPSWAT or one of its subcontractors for the purpose of completing the Assessment	To perform the Assessment and provide any results from the Assessment to you
If you participate in an Email Risk Assessment	Your participating users’ email credentials and email inboxes Personal data contained in any emails and associated attachments processed by OPSWAT	To perform the Email Risk Assessment and provide the summary report to you

Back To Legal

OPSWAT Legal Center