Pii, is used in privacy law and information security around the world and is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. We do apologise for the length of our policies; however, it is necessary to cover new ground.
At present, Safing ICS Technologies GmbH runs four (4) services, these are as follows, Website, Forum, SPN, and Portmaster update server: these services collect different levels of data, however we aim to collect as little as possible, and all data received by us is treated with the strictest of confidence with privacy always in mind, all data is held securely.
Although the information collected is basic and may not be classed as PII, we treat all data with the same respect and as such have listed all the data we collect from the services we provide.
Safing operates these websites, hosted and managed by GitHub (Pages):
Safing additionally operates and manages the following websites:
The following personal identifiable information (PII) is held for technical reasons and is deleted after 72 hours:
This is how the 72 hours are broken up:
While 72 hours is the maximum holding time period we guarantee, the time to deletion is usually a lot shorter.
Independently from this process, we always reduce PII as early as possible to reduce the time it is held and also reduce the number of systems the information is exposed to in the first place. In some cases we even manage to delete IP addresses within an hour.
If you register for and use an account on https://account.safing.io, we additionally collect this information:
This service also includes the domain https://api.account.safing.io, which hosts the API that the Portmaster interacts with.
The Portmaster software runs locally on your device and monitors your network traffic in order to block unwanted connections. While it handles a lot of PII internally, at no point does the Portmaster software share any PII with us or anyone else, with the exception of the following cases:
The Portmaster interacts with the following Web Services by Safing: https://updates.safing.io, https://support.safing.io, https://account.safing.io, https://api.account.safing.io
Please refer to the previous sections to learn about these services.
If you choose to report an issue or give feedback via the support system within the Portmaster software, it sends your request with all its attached data to https://support.safing.io, which then forwards it to your chosen support channel.
If you use the Safing Privacy Network (SPN) module of the Portmaster, it supplies the username and password you enter to https://api.account.safing.io in order to log in. These credentials are not provided to any server in the SPN, but an authorization token is used instead. In the network itself, only the initial server knows and handles your IP address, which is never logged.
Please note that not all servers in the SPN are operated by Safing. If the Portmaster makes use of servers that are operated by the community (ie. a third party), we cannot guarantee how your information is handled by these operators. While we need to make you aware of this policy-wise, there is no privacy risk associated with this, as the SPN is built to protect your privacy in exactly this case and every server only receives minimal and only parts of the connection data, so that no server can both identify you and identify what you do online.
As the Portmaster is also a DNS Client, it sends DNS queries to the configured DNS Providers.
Safing ICS Technologies GmbH run customer support services for its users, customer support covers all aspects of the services provided, including and not limited to: accounts, Portmaster, SPN, general enquiries and questions about our policies etc. The information received, gathered, collected and held whilst running this service is as follows:
At present the forum is run on a third party service, however, with respect to being open and transparent, our forum when running, is usually on the Reddit platform, we have no control on how their service collects, stores, shares, handles, or uses data, and as such, you are advised to read any and all privacy policies of the sites you intend to use.
Safing ICS Technologies GmbH run surveys both continuous and in limited time scope in order to best know and understand the needs of our customers, these are used for development and enhancement of our services, data supplied by users is kept until a user deletes it, these surveys only collect basic information and not PII, by way of example and not limited to, "Which Operating Systems do you use?".
As with any third parties, we take no responsibility for your actions when using said services, it is within your best interests to read all policies on the third party sites you use or visit.
All data, including and not limited to data listed in Article 2. Personal Identifiable Information & Data we collect is stored in a protected database on a specially guarded server. The server is operated by us and hosted by Hetzner.
Information/data used for the purpose of linking payments to a specific user to enable services are as follows:
Valid email address, if or when required.
User name, not your real name.
Payment identifiers, transaction code sent to us via the payment gateway used.
we are required by law to keep payment records for a period of 7 years, for taxation purposes, even in the event that the account is deleted, we are required to keep the transaction identifiers for this period.
Payment records are only linked to your account until it is deleted, or expired, they then become orphaned and cannot be linked back to your account.
Payments of up to 400€ (incl. Taxes) do not require customer information, i.e. your invoices will be anonymous.
In Transit: All traffic between the Customer and Safing ICS Technologies GmbH is encrypted using modern Transport Layer Security (TLS). TLS is a cryptographic protocol designed to provide communications security over a computer network and aims primarily to provide confidentiality and data integrity between two communicating computer applications.
At rest: Hot data (in use) is protected on our server, cold data (backups) are encrypted.
The information collected whilst subscribing to the SPN or using the website is basic in nature and only used for the specific reasons of software development and the administration of your account.
Valid email address: If or when required, Used for the administration of your account.
Transaction identifier, sent by payment gateway: Used for the administration of your account.
The internet browser and operating system you are using: Used for software development purposes.
The language set by the browser: Used for software development purposes.
The part of the IP address that designates country: Used for software development and administration purposes.
Referrer: How did you find the site? Used for software development purposes.
Hetzner: Hosting Provider.
GitHub: Hosting Provider.
PayPal: Payment gateway.
Stripe: Payment gateway.
Sparkasse Baden: Bank: Payments, wire transfer.
Mailbox.org: Email provider.
We do not sell, trade, or otherwise transfer to outside parties, your personally identifiable information. This does not include website hosting partners and other parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential as per their privacy policies and terms of service.
Information we gain through payment gateways for the purpose of linking to your account are limited to transaction identifiers, please refer to: Article 3. (how we protect your PII Data).
We may release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others’ rights, property, privacy, or safety.
The General Data Protection Regulation (GDPR) is the toughest privacy and security law in the world. Though it was drafted and passed by the European Union (EU), it is now implemented in many countries worldwide, it imposes obligations onto organizations anywhere, so long as they target or collect data related to people in the EU. The regulation was put into effect on May 25, 2018, and grants users’ certain rights under the GDPR policy, these are set out below and clarified in Article 16., alternatively, to read more about GDPR please visit the following link:
Providing users with the Services they have requested.
Managing user subscriptions and processing payments.
Providing customer support.
For a legitimate interest associated with the operation and development of our services and business, including:
Enhancing the quality, reliability, and effectiveness of our website and Services.
Communicating with customers to provide information and feedback related to our Services and website.
With the consent of users, which users can withdraw at any time.
You can exercise your rights under the GDPR to access, transfer, correct, delete, or object to the processing of your personal information by contacting us at:
in conjunction with CalOPPA, we agree to the following:
The Fair Information Practices Principles, form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the world, understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information. In order to be in line with Fair Information Practices we will take the following responsive action, should a data breach occur:
• We will notify the users via email within 1 business day.
• We will notify the users via in site notification within 1 business day.
We also agree to the individual redress principle, which requires that individuals have a right to pursue legally enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or a government agency to investigate and/or prosecute non-compliance by data processors.
Safing ICS Technologies GmbH will not share or dispose of member’s information to third parties as per the data protection act 1998, this can be read by following the link below:
The SPN provided by Safing ICS Technologies GmbH is in no way targeted for use in any way shape or form towards minors/children under the age of 18 years, however, as our service does not require data upon subscription concerning age, real name, or home address, we cannot, and will not be held responsible for your child’s actions whilst online, all data collected by us is treated in the same manner, protected behind numerous layers of encryption, used to provide the service to you, and not shared with any third parties.
In conjunction with CalOPPA and the 2013 amendments, we do not track users of our SPN (Safing Privacy Network), in this case we do not respond to, do not track signals or requests from you, on the understanding that, our service does not track users’ actions or usage whilst on the SPN service. Please read Article 13. No logs policy.
At present we do not provide any mobile applications for our services, however as it is possible to connect to our SPN service using your mobile devices internet browser, the following applies: We do not track, or collect any data from your mobile devices other than information provided by you to subscribe to our service, please refer to: Article 2. Personal Identifiable Information (PII/Data), we collect, and Article 3. How we store and protect your PII/Data.
We do not log or store records on user activity using our SPN Service, we are committed to your privacy and DO NOT collect or log browsing history, traffic destination, data content, IP addresses, or DNS queries from Subscribers connected to our SPN.
For the avoidance of all doubt, should any government body or law enforcement agency compel Safing ICS Technologies GmbH to release such subscribed user information, listed above, we cannot supply this information as the data does not exist, and is therefore not in our possession.
What are cookies?
Cookies are small text files which a website/service may put on to a member’s computer or mobile device when you first visit a site, service, or page. The cookie helps the website, to recognize your device the next time you visit. There are many functions cookies serve, for example they can help us to remember your username and preferences.
Session cookies last only for the duration of your visit and are deleted when you close your browser, these facilitate various tasks such as allowing a website/service to identify that a user of a particular device is navigating from page to page, supporting website security or basic functionality.
Persistent cookies last after you have closed your browser and allow a website to remember your actions and preferences. Sometimes persistent cookies are used by websites/services to provide targeted advertising based upon the browsing history of the device, we DO NOT use targeted advertising cookies of any description.
We use first party cookies (our own) on our services, for the following purposes:
Login: Once you login to our website/service, a cookie is set containing your encrypted credentials, required to recognize you between page visits.
You can disable this cookie by deselecting “Remember me” in the login form.
Session: Upon first visit of our website/service, the system will create a new unique session for you which will be saved using a cookie on your computer.
Sessions are required to recognize users between page accesses. It is a temporary cookie which will be deleted once you close your internet browser.
Third-Party Services: Displayed ads or sharing content through social networks or comparable actions might cause a cookie created by them, we DO NOT use third parties in that respect, therefor cookies in this category can only be added by the member using a third-party site etc. this is not recommended by Safing ICS Technologies GmbH.
How to disable or delete cookies?
Your internet browser offers specialized options to manage and remove cookies and also offer settings to reject many or all cookies. Please refer to the instructions for your internet browser from the list below.
Google Chrome https://support.google.com/chrome/answer/95647?hl=en
Mozilla Firefox https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer
Internet Explorer https://windows.microsoft.com/en-US/internet-explorer/delete-manage-cookies#ie=ie-11
In compliance with the GDPR, you can request a list of the information we hold on your account, however at this time it is best to remember that any information held by us, is the information freely given by you when you subscribe to our services, in this case data requests must be made using the information given to us, by way of example only, email address if used, in an email, requesting the information to:
As the data we collect is solely used to run and administer your account, you can ask at any time for us to stop processing, or to erase the data held on your account, however in these aforementioned cases, this will result in the removal of your account from our services, this course of action does not automatically trigger a refund under Terms of Service. Article 10 your right to cancel, and Article 11 refunds. For cases of this type please contact us with your request at:
email@example.com or firstname.lastname@example.org
for the avoidance of all doubt, we are a company based around privacy and security, any and all data collected on a members account is basic, by way of example only and not limited to, a verifiable email address, if required, and transaction id’s, these are protected behind encryption.
Information/data held by us on any subscriber is basic and minimal, any and all data requests made by Government, or law enforcement agencies can be applied for, however, this is in the form of single account data only and not by block.
By forwarding the required paperwork, in this case, a written request and reason, with a current court order covering the correct jurisdiction attached, Safing ICS Technologies GmbH will comply with the law, applied by the Austrian court’s jurisdiction under European law.
As Safing ICS Technologies GmbH is registered in Austria, any and all disputes will be decided only through the Austrian court system following European law as our guideline. It is important to note: the SPN provided by Safing ICS Technologies GmbH does not collect any IP addresses, browsing history, traffic data, or DNS queries that could be used to identify any specific user.
Due to the Court of Justice of the European Union ruling on data transfers, invalidating the Privacy Shield and GDPR compliance of such a ruling.
it is here by stated that Safing ICS Technologies GmbH, does not hold or transfer any data to any servers held in the United States of America, however, due to the operating nature of the SPN, we cannot and will not be held responsible for any private nodes held within the United States of America that you choose to use.
Authorized Agents: When a consumer uses an authorized agent to submit a request to know, or a request to delete data of any kind, Safing ICS Technologies GmbH may require that the consumer do the following: Provide the authorized agent, signed permission to access any form of data/information.
In the case of anonymous users: users must verify their own identity directly with Safing ICS Technologies GmbH. Users must directly confirm with Safing ICS Technologies GmbH that they have provided the authorized agent permission to submit any such request.
Authorized agents must also provide a current, verifiable identification and all necessary documentation to access any information or data, users and agents are however reminded that: Safing ICS Technologies GmbH, does not collect or log browsing history, traffic destination, data content, IP addresses, or DNS queries from users/subscribers connected to our SPN, we cannot provide information or data we do not hold.
Addition to Article 2, Personal Identifiable Information & Data we collect: the addition of customer support, data received, gathered, collected and held.
Alteration to Article 3, How we store and protect your PII & Data: alteration to main body text 1st paragraph.
Removal from Article 2, Personal Identifiable Information & Data we collect. Removal of a sentence about future potential Portmaster telemetry.
This sentence was originally added for legal flexibility, intended to cover such a potential feature. We honestly forgot that it was there. But to make things clear: No official Portmaster release will ever have telemetry functions implemented. Hence the removal.
Revision of Article 2 according to current developments:
Removal from Article 5: The third party service “Stripe” was removed, as integration was aborted a while ago.
Revision from Article 5: The third party service “Stripe” was added after reevaluating the payment service.
Revision of Article 2: Added Self-Hosted Plausible Server
We now run a self-hosted installation of Plausible Analytics to collect some anonymous usage data for statistical purposes. The goal is to track overall trends in our website traffic, it is not to track individual visitors. All the data is in aggregate only. No personal data is collected.
Please note: whereas we cannot change our policies to suit every individual, we will listen to your concerns and reply in a timely manner.
Thank you for taking the time to read our policies on how we operate our service and collect, use and protect all of your data.
© Safing ICS Technologies GmbH
2020/21 All rights reserved.