Our Privacy Principles
No Tracking. No Selling. No Hidden Tricks.
At Gridinsoft, we believe cybersecurity should protect your privacy — not compromise it. That’s why we’ve built our tools and services with strict privacy-by-design principles.
We Don’t Collect What We Don’t Need
Only the essentials: no extra data, no surprises. We minimize data collection at every level. Most of our free tools run entirely in your browser — no logins, no tracking scripts, and no telemetry sent.
No Profiling. No Ads. No Reselling
We don’t track, trade, or advertise based on you. We never use your behavior to build profiles or target you with ads. Your information is not shared, sold, or handed off to third-party marketers.
Optional Analytics with Full Consent
Anonymous stats only, and only if you agree. When we do collect analytics (like software version or system type), it’s for product improvement only — and only with your permission.
At Gridinsoft, we believe cybersecurity should respect your privacy from the ground up. That’s why we follow the
privacy by design principle: we limit data collection to the minimum, offer offline functionality, and give you total control over what
you share. This approach aligns with global best practices, including GDPR compliance, and ensures your digital tools don’t double as
surveillance tools.
Privacy Means Control
You’re in the Driver’s Seat
Your data, your decisions — no backseat tracking.
Your privacy is always in your hands. You decide what data is used, when, and how. Our tools work without hidden trackers, ad profiles, or silent data collection. Whether you’re scanning your device, checking a suspicious link, or reviewing a risky email, you stay in control at every step.
Know Where You’re Going
Clarity at Every Turn
We show you exactly what data is collected, why it matters, and how it's used — no guesswork, no hidden routes. Transparency puts
you firmly in control.
Decide What to Share
Full Control, No Pressure
Whether it’s diagnostic reports or usage data, nothing leaves your system without your say-so. You choose what’s shared, and when.
Stay on the Safe Road
Protected by Default
All communications are secured. Threat reports are encrypted. There are no ads, no surveillance, and no detours into shady data
sharing.
How we protect your data and uphold global compliance since launching our cybersecurity line in 2008.
Security & Privacy at Gridinsoft
At a Glance
- 17 years defending against malware and protecting privacy (cybersecurity line launched 2008).
- GDPR-aligned; the same protections apply to all users, regardless of location.
- 100% cloud-hosted; no on-premises servers. Compute hosted in Rackspace & DigitalOcean, front-stopped by Cloudflare’s global edge network.
- End-to-end encryption: TLS 1.2+ in transit, AES-256 at rest.
- No card data stored; payments processed via PayPro Global & 2Checkout (both PCI-DSS Level 1 certified).
- OPSWAT Silver-certified scanning engine, independently re-tested every year.
Compliance Foundations
| Framework / Law | Status | Key Controls |
|---|---|---|
| EU GDPR | Controller with EU representative | Consent records, DSR workflow, 30-day deletion SLA |
| UK GDPR & PIPEDA | Voluntarily adopted | Single global privacy standard; opt-out of sale/marketing by default |
| OPSWAT Silver | Active | Annual binary & process audit |
| VirusTotal Partner Engine | Approved | Listed among 150+ industry engines; live reputation sharing & false-positive feedback loop |
Data Lifecycle
| Stage | Data Points | Legal Basis | Purpose | Retention |
|---|---|---|---|
| Account sign-up | Email, encrypted password, IP | Contract performance | Until account deletion |
| Product telemetry (opt-in) | Hash-anonymised scan logs, feature usage | Legitimate interest (product improvement) | 12 months rolling |
| Support tickets | License key, diagnostic files | Legitimate interest (support) | 24 months after last interaction |
| Payments | Order ID | Contract | Legal obligation | 7 years (tax compliance) |
| Security logs | IP, timestamps | Legitimate interest (security) | 30 days |
Requests for data export or erasure can be sent to [email protected] and will be fulfilled within 30 days.
Infrastructure & Hosting
| Layer | Provider(s) | Safeguards |
|---|---|---|
| Edge / DDoS | Cloudflare CDN & WAF | Anycast network, OWASP rules, bot mitigation, rate limiting |
| Compute & Storage | Rackspace (US) | DigitalOcean (US/EU) | ISO 27001, SOC 2 Type II facilities, disk-level encryption |
| CI & Back-office | GitLab SaaS, Atlassian Cloud | SSO, MFA, customer-managed data |
Sub-processors & Integrations
| Category | Vendor | Personal Data Shared |
|---|---|---|
| Edge / WAF | Cloudflare, Inc. | Transient IP |
| Hosting | Rackspace US, DigitalOcean LLC | Production databases & files |
| Analytics | Google Analytics | Pseudonymised visitor IDs (truncated IP) |
| Marketing | Google Ads | Conversion metadata |
| Payments | PayPro Global, 2Checkout/Avangate | Billing details |
| Support | OSTicket (self-hosted) | Email, ticket content |
All vendors sign GDPR-compliant DPAs and undergo annual security reviews.
Access Control & Authentication
- Company-wide SSO and MFA enforced.
- Role-based access with automatic expiry; no shared accounts.
- 90-day credential rotation policy for privileged secrets.
Customer Responsibilities
- Keep Gridinsoft software updated to the latest release.
- Enable real-time protection modules whenever possible.
- Use unique, strong passwords and MFA for the Member Area.
Contact
Have questions or privacy concerns? We’re here to help.
- Email (Legal & DPO): [email protected]
- Support: [email protected]
- Phone (UA): +38 044 405 82 32
- Operational HQ: Lesya Kurbasa Ave 7B, 03194 Kyiv, Ukraine
- Registered Office: Pervomayskaya 20A, 39600 Kremenchuk, Ukraine