Privacy Policy

Introduction

As the SPN product/service provided by Safing ICS Technologies GmbH is a new service, and one of a kind at present, the following Privacy Policy is comprehensive, it has been compiled to better serve those who have concerns about how their ‘Personally identifiable information’ (pii) and other data is being used online.

Pii, is used in privacy law and information security around the world and is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. We do apologise for the length of our policies; however, it is necessary to cover new ground.

Please read this privacy policy carefully to get a clear understanding of how we collect, use, protect or otherwise handle your Personally Identifiable Information in accordance with our services.

We have been open and transparent on the ways we collect, hold, use, and protect your PII/data, should you have any concerns arising from this privacy policy, please use the contact email address in Article 19. to contact us, we are always happy to hear your comments and suggestions.

Contents

Article 1. Where we collect Data/PII from

At present, Safing ICS Technologies GmbH runs four (4) services, these are as follows, Website, Forum, SPN, and Portmaster update server: these services collect different levels of data, however we aim to collect as little as possible, and all data received by us is treated with the strictest of confidence with privacy always in mind, all data is held securely.

Article 2. Personal Identifiable Information & Data we collect

Although the information collected is basic and may not be classed as PII, we treat all data with the same respect and as such have listed all the data we collect from the services we provide.

Websites and other Web Services

Safing operates these websites, hosted and managed by GitHub (Pages):

You can read GitHub’s privacy policy to see how they handle your data.


Safing additionally operates and manages the following websites:

The following personal identifiable information (PII) is held for technical reasons and is deleted after 72 hours:

This is how the 72 hours are broken up:

While 72 hours is the maximum holding time period we guarantee, the time to deletion is usually a lot shorter.


Independently from this process, we always reduce PII as early as possible to reduce the time it is held and also reduce the number of systems the information is exposed to in the first place. In some cases we even manage to delete IP addresses within an hour.

Your Account

If you register for and use an account on https://account.safing.io, we additionally collect this information:

This service also includes the domain https://api.account.safing.io, which hosts the API that the Portmaster interacts with.

The Portmaster Software

The Portmaster software runs locally on your device and monitors your network traffic in order to block unwanted connections. While it handles a lot of PII internally, at no point does the Portmaster software share any PII with us or anyone else, with the exception of the following cases:

The Portmaster interacts with the following Web Services by Safing: https://updates.safing.io, https://support.safing.io, https://account.safing.io, https://api.account.safing.io
Please refer to the previous sections to learn about these services.

If you choose to report an issue or give feedback via the support system within the Portmaster software, it sends your request with all its attached data to https://support.safing.io, which then forwards it to your chosen support channel.

If you use the Safing Privacy Network (SPN) module of the Portmaster, it supplies the username and password you enter to https://api.account.safing.io in order to log in. These credentials are not provided to any server in the SPN, but an authorization token is used instead. In the network itself, only the initial server knows and handles your IP address, which is never logged.

Please note that not all servers in the SPN are operated by Safing. If the Portmaster makes use of servers that are operated by the community (ie. a third party), we cannot guarantee how your information is handled by these operators. While we need to make you aware of this policy-wise, there is no privacy risk associated with this, as the SPN is built to protect your privacy in exactly this case and every server only receives minimal and only parts of the connection data, so that no server can both identify you and identify what you do online.

As the Portmaster is also a DNS Client, it sends DNS queries to the configured DNS Providers.
When you start using or configuring the Portmaster, please read the privacy policy of the configured DNS Providers.

Customer Support

Safing ICS Technologies GmbH run customer support services for its users, customer support covers all aspects of the services provided, including and not limited to: accounts, Portmaster, SPN, general enquiries and questions about our policies etc. The information received, gathered, collected and held whilst running this service is as follows:

Forum

At present the forum is run on a third party service, however, with respect to being open and transparent, our forum when running, is usually on the Reddit platform, we have no control on how their service collects, stores, shares, handles, or uses data, and as such, you are advised to read any and all privacy policies of the sites you intend to use.

Surveys

Safing ICS Technologies GmbH run surveys both continuous and in limited time scope in order to best know and understand the needs of our customers, these are used for development and enhancement of our services, data supplied by users is kept until a user deletes it, these surveys only collect basic information and not PII, by way of example and not limited to, "Which Operating Systems do you use?".

Newsletter

Safing ICS Technologies GmbH periodically sends out a newsletter, when signing up to this service, you agree that Rapidmail will store your email address, and that we have access to said email address. Rapidmail is a GDPR compliant company based in Germany, to read their privacy policy and how they deal with your PII, please follow the link below.

https://www.rapidmail.de/datenschutz

As with any third parties, we take no responsibility for your actions when using said services, it is within your best interests to read all policies on the third party sites you use or visit.

Article 3. How we store and protect your PII & Data

Data Storage:

All data, including and not limited to data listed in Article 2. Personal Identifiable Information & Data we collect is stored in a protected database on a specially guarded server. The server is operated by us and hosted by Hetzner.

Data Linking:

Information/data used for the purpose of linking payments to a specific user to enable services are as follows:

Data Retention:

we are required by law to keep payment records for a period of 7 years, for taxation purposes, even in the event that the account is deleted, we are required to keep the transaction identifiers for this period.

Payment records are only linked to your account until it is deleted, or expired, they then become orphaned and cannot be linked back to your account.

Payments of up to 400€ (incl. Taxes) do not require customer information, i.e. your invoices will be anonymous.

Data Protection:

In Transit: All traffic between the Customer and Safing ICS Technologies GmbH is encrypted using modern Transport Layer Security (TLS). TLS is a cryptographic protocol designed to provide communications security over a computer network and aims primarily to provide confidentiality and data integrity between two communicating computer applications.

At rest: Hot data (in use) is protected on our server, cold data (backups) are encrypted.

Article 4. How we use your PII & Data

The information collected whilst subscribing to the SPN or using the website is basic in nature and only used for the specific reasons of software development and the administration of your account.

Article 5. Third Party Services

Article 6. Third Party Disclosure

We do not sell, trade, or otherwise transfer to outside parties, your personally identifiable information. This does not include website hosting partners and other parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential as per their privacy policies and terms of service.

Information we gain through payment gateways for the purpose of linking to your account are limited to transaction identifiers, please refer to: Article 3. (how we protect your PII Data).

We may release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others’ rights, property, privacy, or safety.

Article 7. General Data Protection Regulation (GDPR) explained

The General Data Protection Regulation (GDPR) is the toughest privacy and security law in the world. Though it was drafted and passed by the European Union (EU), it is now implemented in many countries worldwide, it imposes obligations onto organizations anywhere, so long as they target or collect data related to people in the EU. The regulation was put into effect on May 25, 2018, and grants users’ certain rights under the GDPR policy, these are set out below and clarified in Article 16., alternatively, to read more about GDPR please visit the following link:

https://gdpr-info.eu/

In line with the GDPR, we collect and process the data outlined in this Privacy Policy on the following grounds, for the purposes of fulfilling our contractual obligations to users, including:

For a legitimate interest associated with the operation and development of our services and business, including:

You can exercise your rights under the GDPR to access, transfer, correct, delete, or object to the processing of your personal information by contacting us at:

support@safing.io

Article 8. California Online Privacy Protection Act, (CalOPPA) explained

CalOPPA is the first state law in the United States of America to require commercial websites and online services to post a privacy policy.

The law’s reach stretches well beyond California and requires a person or company in the United States (and conceivably the world) that operates websites/online services collecting personally identifiable information from California consumers to post a conspicuous privacy policy on its website, that states exactly the information being collected and those individuals with whom it is being shared. If you would like to read more about this policy, please visit:

https://consumercal.org/california-online-privacy-protection-act-caloppa/#sthash.0FdRbT51.dpuf

in conjunction with CalOPPA, we agree to the following:

Users can visit our site anonymously, but will need to subscribe to the service, to use said service. Users will be notified of any privacy policy changes as and when they happen and can keep up to date by clicking the link named, (Privacy Policy) at the bottom of our home page. To see what data, we collect from subscribers please refer to: Article 2. Personal Identifiable Information & Data we collect.

Article 9. Fair Information Practices, explained

The Fair Information Practices Principles, form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the world, understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information. In order to be in line with Fair Information Practices we will take the following responsive action, should a data breach occur:

• We will notify the users via email within 1 business day.

• We will notify the users via in site notification within 1 business day.

We also agree to the individual redress principle, which requires that individuals have a right to pursue legally enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or a government agency to investigate and/or prosecute non-compliance by data processors.

Safing ICS Technologies GmbH will not share or dispose of member’s information to third parties as per the data protection act 1998, this can be read by following the link below:

https://www.legislation.gov.uk/ukpga/1998/29/data.pdf

Article 10. Children’s Online Privacy Protection Act (COPPA)

The SPN provided by Safing ICS Technologies GmbH is in no way targeted for use in any way shape or form towards minors/children under the age of 18 years, however, as our service does not require data upon subscription concerning age, real name, or home address, we cannot, and will not be held responsible for your child’s actions whilst online, all data collected by us is treated in the same manner, protected behind numerous layers of encryption, used to provide the service to you, and not shared with any third parties.

Article 11. Do not track

In conjunction with CalOPPA and the 2013 amendments, we do not track users of our SPN (Safing Privacy Network), in this case we do not respond to, do not track signals or requests from you, on the understanding that, our service does not track users’ actions or usage whilst on the SPN service. Please read Article 13. No logs policy.

Article 12. Mobile devices

At present we do not provide any mobile applications for our services, however as it is possible to connect to our SPN service using your mobile devices internet browser, the following applies: We do not track, or collect any data from your mobile devices other than information provided by you to subscribe to our service, please refer to: Article 2. Personal Identifiable Information (PII/Data), we collect, and Article 3. How we store and protect your PII/Data.

Article 13. No logs policy

We do not log or store records on user activity using our SPN Service, we are committed to your privacy and DO NOT collect or log browsing history, traffic destination, data content, IP addresses, or DNS queries from Subscribers connected to our SPN.

For the avoidance of all doubt, should any government body or law enforcement agency compel Safing ICS Technologies GmbH to release such subscribed user information, listed above, we cannot supply this information as the data does not exist, and is therefore not in our possession.

Article 14. Cookies

Our service uses cookies required to operate, by way of example and not limited to, when logging in, below you will find an explanation on our cookie usage. Cookies used on our site are on site only; we do not use third party cookies, or transmit information collected, information collected by our cookies are used on our service only.

What are cookies?

Cookies are small text files which a website/service may put on to a member’s computer or mobile device when you first visit a site, service, or page. The cookie helps the website, to recognize your device the next time you visit. There are many functions cookies serve, for example they can help us to remember your username and preferences.

Session cookies last only for the duration of your visit and are deleted when you close your browser, these facilitate various tasks such as allowing a website/service to identify that a user of a particular device is navigating from page to page, supporting website security or basic functionality.

Persistent cookies last after you have closed your browser and allow a website to remember your actions and preferences. Sometimes persistent cookies are used by websites/services to provide targeted advertising based upon the browsing history of the device, we DO NOT use targeted advertising cookies of any description.

What do we use cookies for?

We use first party cookies (our own) on our services, for the following purposes:

Login: Once you login to our website/service, a cookie is set containing your encrypted credentials, required to recognize you between page visits.

You can disable this cookie by deselecting “Remember me” in the login form.

Session: Upon first visit of our website/service, the system will create a new unique session for you which will be saved using a cookie on your computer.

Sessions are required to recognize users between page accesses. It is a temporary cookie which will be deleted once you close your internet browser.

Third-Party Services: Displayed ads or sharing content through social networks or comparable actions might cause a cookie created by them, we DO NOT use third parties in that respect, therefor cookies in this category can only be added by the member using a third-party site etc. this is not recommended by Safing ICS Technologies GmbH.

How to disable or delete cookies?

Your internet browser offers specialized options to manage and remove cookies and also offer settings to reject many or all cookies. Please refer to the instructions for your internet browser from the list below.

Article 15. Third party behavioural tracking

Our SPN service DOES NOT use third-party tracking in any form, however, sites we may direct you to during subscription, by way of example only, the payment gateways we use, Stripe, PayPal, or wire transfer, may use such tracking on their services, for the avoidance of all doubt, it is your responsibility to check any third party sites you visit and read their privacy policy.

Article 16. Data request

In compliance with the GDPR, you can request a list of the information we hold on your account, however at this time it is best to remember that any information held by us, is the information freely given by you when you subscribe to our services, in this case data requests must be made using the information given to us, by way of example only, email address if used, in an email, requesting the information to:

support@safing.io

As the data we collect is solely used to run and administer your account, you can ask at any time for us to stop processing, or to erase the data held on your account, however in these aforementioned cases, this will result in the removal of your account from our services, this course of action does not automatically trigger a refund under Terms of Service. Article 10 your right to cancel, and Article 11 refunds. For cases of this type please contact us with your request at:

cancellations@safing.io or support@safing.io

for the avoidance of all doubt, we are a company based around privacy and security, any and all data collected on a members account is basic, by way of example only and not limited to, a verifiable email address, if required, and transaction id’s, these are protected behind encryption.

Information/data held by us on any subscriber is basic and minimal, any and all data requests made by Government, or law enforcement agencies can be applied for, however, this is in the form of single account data only and not by block.

By forwarding the required paperwork, in this case, a written request and reason, with a current court order covering the correct jurisdiction attached, Safing ICS Technologies GmbH will comply with the law, applied by the Austrian court’s jurisdiction under European law.

Article 17. Jurisdiction and Applicable Law

As Safing ICS Technologies GmbH is registered in Austria, any and all disputes will be decided only through the Austrian court system following European law as our guideline. It is important to note: the SPN provided by Safing ICS Technologies GmbH does not collect any IP addresses, browsing history, traffic data, or DNS queries that could be used to identify any specific user.

Article 18. Amendments to the Privacy Policy

This privacy policy is classed as a living document, and will change from time to time due to changes in laws concerning privacy around the world, as such we reserve the rights to amend/change our Privacy Policy as and when required, without prior notice to you, to remain consistent with applicable privacy laws and principles.

As your continued use of the website or Services constitutes your acceptance of our Privacy Policy, we recommend that subscribers check for updates and reads said content of any amended policies we might make in the future.


Amendment 0.1. on 05.08.2020

Due to the Court of Justice of the European Union ruling on data transfers, invalidating the Privacy Shield and GDPR compliance of such a ruling.

it is here by stated that Safing ICS Technologies GmbH, does not hold or transfer any data to any servers held in the United States of America, however, due to the operating nature of the SPN, we cannot and will not be held responsible for any private nodes held within the United States of America that you choose to use.


Amendment 0.2. on 18.08.2020

As per update to CalOPPA/CCPA (California Consumer Privacy Act) 14/08/2020, this amendment applies to Privacy Policy Articles 8,11,13 & 16.

Authorized Agents: When a consumer uses an authorized agent to submit a request to know, or a request to delete data of any kind, Safing ICS Technologies GmbH may require that the consumer do the following: Provide the authorized agent, signed permission to access any form of data/information.

In the case of anonymous users: users must verify their own identity directly with Safing ICS Technologies GmbH. Users must directly confirm with Safing ICS Technologies GmbH that they have provided the authorized agent permission to submit any such request.

Authorized agents must also provide a current, verifiable identification and all necessary documentation to access any information or data, users and agents are however reminded that: Safing ICS Technologies GmbH, does not collect or log browsing history, traffic destination, data content, IP addresses, or DNS queries from users/subscribers connected to our SPN, we cannot provide information or data we do not hold.


Amendment 0.3. on 22.01.21

Addition to Article 2, Personal Identifiable Information & Data we collect: the addition of customer support, data received, gathered, collected and held.

Alteration to Article 3, How we store and protect your PII & Data: alteration to main body text 1st paragraph.


Amendment 0.4. on 25.05.2021

Removal from Article 2, Personal Identifiable Information & Data we collect. Removal of a sentence about future potential Portmaster telemetry.

This sentence was originally added for legal flexibility, intended to cover such a potential feature. We honestly forgot that it was there. But to make things clear: No official Portmaster release will ever have telemetry functions implemented. Hence the removal.


Amendment 0.5. on 07.07.2021

Revision of Article 2 according to current developments:

Removal from Article 5: The third party service “Stripe” was removed, as integration was aborted a while ago.

Amendment 0.6. on 29.11.2021

Revision from Article 5: The third party service “Stripe” was added after reevaluating the payment service.

Amendment 0.7. on 17.08.2022

Revision of Article 2: Added Self-Hosted Plausible Server

We now run a self-hosted installation of Plausible Analytics to collect some anonymous usage data for statistical purposes. The goal is to track overall trends in our website traffic, it is not to track individual visitors. All the data is in aggregate only. No personal data is collected.

Amendment 0.8. on 16.11.2023

Clarified Article 5 (services we use) by adding Rapidmail.de there as well, instead of just mentioning it with the Newsletter.

Article 19. Contact

If you have any questions regarding our Privacy Policy and how we handle your information, please feel free to contact Safing ICS Technologies GmbH at the email address below, please state your enquiry in as much detail as possible and we will reply as soon as we can, normally within 24 hours of receipt of request:

privacymatters@safing.io

Please note: whereas we cannot change our policies to suit every individual, we will listen to your concerns and reply in a timely manner.

Thank you for taking the time to read our policies on how we operate our service and collect, use and protect all of your data.

© Safing ICS Technologies GmbH
2020/21 All rights reserved.