Malwarebytes Privacy Policy
Last Updated: March 2, 2015

We believe you have the right to a malware-free existence. We also believe just as strongly that you have the right to privacy. That's why we support (and contribute to) the Electronic Frontier Foundation (EFF) and other organizations devoted to protecting online privacy. This fundamental belief shapes our privacy policy below. Please, if you have any questions or suggestions, don't hesitate to contact us at legal@malwarebytes.org.
Caution: Legalese ahead.

When do we collect your information?

We may collect your information: (1) when you interact with certain portions of our website, such as our forums, blogs, and support center ("Website Collection"); (2) when you license and use our software ("Software Collection"); and (3) when you communicate with us by email, chat, or otherwise ("Dialogue Collection").

Simply
We collect your information when expected and in expected places on our website.

How do we collect your information?

Directly
Some information you provide to us directly. For example, when you post comments, ask questions in our blog, or fill out a user profile. Also, we may collect and store all posted forum and blog information and user profiles and make them available for public viewing.

Simply
We collect your information when you give it to us or post in forums or blogs.

Cookies
We collect information through "cookies," which are text files saved by your browser when you log into our software or services. We may use both session cookies and persistent cookies to identify that you have logged in, to tell us how and when you interact with our software or services, and to check aggregate usage and web traffic. Unlike persistent cookies, session cookies are deleted when you log off and close your browser. If you prefer, you can always change your browser options to stop accepting cookies or to prompt you before accepting cookies. However, if you do not accept cookies you may not be able to access the entirety of our software and services.

Simply
We also collect your information using "cookies" when you visit our website. You can prevent this method of information collection if you like.

Account Registration
If you create an account with us through a third party like Facebook or Twitter ("SNS Accounts") you may have to provide us with your user name or user ID so that we can authenticate your identity.

Simply
We collect your information when you create an account.

Software Functionality
Our software collects information about your use of the software as well as transfers of information between your computers that run the software and our servers. This is necessary to ensure our software is operating correctly and to confirm the status of your license of our software.

Simply
We collect information about your Malwarebytes® license.

What information do we collect?

We may collect both personally identifiable information ("PII") and non-personally identifiable information ("Non-PII"). PII is information that is either expressly provided by you, such as your name, or information that can be used either alone or in combination with other information to personally identify you, such as your email address, phone number, and user name. Non-PII is all information that is not PII or is information that was PII but which we modify and/or aggregate with other data in order to make it Non-PII.

Simply
There are two types of information we collect: personal and non-personal.

How do we use PII?

Other than with respect to the exceptions below, we do not share PII with third parties. We use PII solely for shaping our external communication and messaging efforts.

Simply
With few exceptions, we don't share your personal information with a third party.

Exceptions

Analytics
Our servers automatically record information about how a person ("User") uses our software or services ("Log Data"). Log Data may include a User's Internet Protocol (IP) address, browser type, operating system, web page that the User was visiting before accessing our server, search terms, and the pages or features of our software or services accessed by the User and the time spent there. We may share Log Data with Google Analytics. Google's privacy policy is available at http://www.google.com/policies/privacy.

Simply
Exception #1: We share your information with Google for analytical purposes.

Third-Party Service Providers
We may engage third-party service providers to administer and provide our services. We may provide PII to such third parties only for the purpose of performing services on our behalf. We require such third parties to agree not to disclose your PII or use your PII for any other purpose.

Simply
Exception #2: If we give your information to a partner company, they won't use your information outside of our business relationship.

Business Transactions
Information that we collect from Users, including PII, is considered a business asset. Accordingly, if we go out of business or enter bankruptcy, or if we are acquired, e.g., as a result of a transaction such as a merger, acquisition, or asset sale, your PII may be disclosed or transferred to the third-party acquirer in connection with the transaction.

Simply
Exception #3: If someone buys us or we go bankrupt, your information may be transferred to someone else.

Governmental; Law Enforcement
We may disclose PII to government agencies, law enforcement officials, and private parties as we, in our sole discretion, believe necessary: (1) to satisfy or comply with any applicable law, regulation or legal process; (2) to respond to lawful requests, including subpoenas, warrants or court orders; (3) to protect our property, rights and safety and the rights, property and safety of third parties or the public in general; and (4) to prevent or stop activity we consider to be illegal or unethical.

Simply
Exception #4: If the government asks for your information, we may comply.

Consent
We may share your PII with third-party sites or platforms, such as social networking sites, but only if you have expressly requested that we do so. Similarly, by posting profile, content, or other information, including PII to a forum or blog, you indicate your consent to its public use.

Simply
Exception #5: If you post your information in one of our forums or on the blog, well, that's public.

Security
We take commercially reasonable measures to protect PII from unauthorized access, use, and disclosure. However, no method of transmitting information over the Internet or storing information is completely secure. Accordingly, we can't guarantee the absolute security of your PII.

Simply
Stuff happens.

Links
Our website may contain links to other websites and services. Any information that you provide on or to a third-party website or service is provided directly to the owner of the website or service and is subject to that party's privacy policy. Our Privacy Policy does not apply to such websites or services and we are not responsible for the content, privacy, or security practices and policies of those websites or services.

Simply
Our privacy policy doesn't apply when you visit sites we link to.

Deletion
You may access and modify the PII associated with your use of our services at any time by contacting us at policies@malwarebytes.org. If you want us to delete your PII, your forum account, or your support account, please contact us at policies@malwarebytes.org with your request. We will delete your information as soon as possible; however, some information may remain in archived/backup copies for our records or as otherwise required by law.

Simply
We'll delete or modify your information if you ask.

International
Your PII may be transferred to, and maintained on, computers located outside of your state, province, country, or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction. If you are located outside the United States and choose to provide your PII to us, we may transfer your PII to the United States and process it there.

Simply
If you're not in the U.S., we may transfer your information to the U.S.

Children
Our services are not directed to children under eighteen, and we do not knowingly collect PII from children under thirteen. If we learn that we have collected PII of a child under thirteen we will delete such information from our files as soon as possible, provided, however, that some information may remain in archived/backup copies for our records or as otherwise required by law.

Simply
We don't knowingly collect information on children, and delete it if we inadvertently do collect it.

Revisions

Any information that we collect is subject to our privacy policy in effect at the time such information is collected. We may, however, modify and revise this Privacy Policy from time to time. If we make any material changes to this Privacy Policy, we will notify you of such changes by posting them on our website or by sending you an email or other notification.

Simply
We'll let you know if we revise our privacy policy.

Questions? Please contact us at legal@malwarebytes.org if you have any questions about our Privacy Policy.

Software Collection Addendum
We maintain and use the information we receive via Software Collection in the manner described below:

User-Agent String
Each API communication coming from any of our client software identifies itself with a string that includes information about the software itself:
• The program and build which is sending the request
• The current license state (as identified by the product)
• Which subcomponent of the application triggered this notification
• The version of the software as well as any subcomponents (currently, databases) that it uses

Why?
So we can manage your Malwarebytes product and ensure that it is up to date.

GeoIP Data
When we collect data from our client systems, we do not retain the IP address from which the request originates. However, we do use it to gather geographic information on the system calling in:
• A location item indicating the continent, country, city, and approximate latitude/longitude of the user
• The type of connection (dialup/broadband/satellite/mobile)
• The ISP through which the connection is made
• The organization to which the IP address is licensed, if any

Why?
So our malware intelligence team can track malware outbreaks and patterns.

Client Data
We collect client data from each program that describe the client environment (i.e., our software and the computer system it is running on.) For this data we identify each system with a unique identifier that is created at install time, so it is possible to track changes to an individual system over time. In this, we collect:
• The operating system the program is installed on
• The system language in use on that system
• The processor architecture (i.e., 32- or 64-bit)
• The file system in use (i.e., FAT32)

Why?
So we can gather performance data around our products and how they operate in relation to different hardware and software environments.

License Data
We collect data from products which have a paid or licensed mode reflecting the applicable license. These data also use a unique identifier, but a different one from the client data; as such, we can track license changes over time but cannot correlate a license key to a client data report. In this, we collect:
• The key or keys used to license the current product
• If it represents a console system, the number of seats being managed by that installation of the console.

Why?
So we can remind you when your Malwarebytes subscription is about to expire.

Malware Data
We collect data about the malware that is removed by our products. This information does not use a system identifier; it is not possible to correlate two different malware removals with each other. We collect:
• The vendor name of the malware removed
• An encrypted description of which database rule was used to remove the malware in question

Why?
So our malware intelligence team can track malware outbreaks and the efficacy of Malwarebytes products.

Trial Data
When a client attempts to start a trial, we track it remotely in order to validate that the trial is allowed. For this information we use another unique system identifier. We collect:
• The client's request for a trial
• The start date and duration of the trial provided
• Any attempted conversion/purchase generated by clicking an in-app link, so that it can be correlated with a trial

Why?
So we can update your Malwarebytes products accurately and when they need it.

Exploit Data
In all Malwarebytes Anti-Exploit products (beginning with the 1.4 release) we collect a complex data object for any exploit process which is blocked by the software. In this data we collect:
• Process ID of the exploit process
• File path of exploit process
• MD5 hash of the exploit payload, if any
• Command-line arguments passed to the exploit
• A list of URLs describing the payload request made by the exploit, including redirect jumps if any
• (Potentially) a copy of the exploit executable itself

Why?
So our malware intelligence team can track exploit outbreaks and deepen its understanding of new exploit techniques.

Analytics and marketing services
We use the following analytics and marketing services so that we can deliver a better experience to visitors to our website.