Revision History - Malwarebytes Privacy Policy
Show other documents from
Version Comments
Changes to the "Website Analytics" section.
A new section has been added for "Using Malwarebytes For Ios".
Minor clarifications made.
A new version has been posted.
The link to contact the U.S.-based third party dispute resolution provider has been updated.
Update under the "Choice" section about being added to the mailing list if you "interact" with Malwarebytes, such as attending a webinar.
Minor change under "Malware And Pup Data".
Changes to "How Do We Collect Your Information?", "Third-Party Service Providers", "Client Data", and "Malware And Pup Data".
References added throughout concerning Potentially Unwanted Programs ("PUPs").
Changes under Client Data, License Data, and Malware Data.
Many new changes throughout this Privacy Policy.
Some email addresses have been updated.
The following sections have been updated: "Client Data", "License Data", "Malware Data", "Exploit Data" and "Analytics and marketing services".
Inspectlet added and FullStory removed to the Analytics and marketing services section.
FullStory added to the list of Analytics and marketing services.
A completely new version has been published. More information can be found here:
This is the initial version that ParanoidPaul captured. It is not necessarily the first version of the document.
Indicates that the document has been updated silently, without a change to the posted "last modified" date!

	Last Updated: April 24, 2017  

	We believe you have the right to a malware-free existence. We also believe just as strongly that you have the right to privacy. That's why we support (and contribute to) the Electronic Frontier Foundation (EFF) and other organizations devoted to protecting online privacy. This fundamental belief shapes our privacy policy below. Please, if you have any questions or suggestions, don't hesitate to contact us at 

	This Privacy Policy applies to the website and the downloadable digital properties owned and operated by Malwarebytes Inc. and its affiliates. This Privacy Policy describes how Malwarebytes collects, uses, shares and secures the personal information you provide. It also describes your choices regarding use, access and correction of your personal information. 
 Caution: Legalese ahead.       

When Do We Collect Your Information?

	We may collect your information: (1) when you interact with certain portions of our website, such as our forums, blogs, and support center ("Website Collection"); (2) when you license and use our software ("Software Collection"); and (3) when you communicate with us by email, chat, or otherwise ("Dialogue Collection").   


	We collect your information when expected and in expected places on our website.          

How Do We Collect Your Information?


	Some information you provide to us directly. For example, when you post comments, ask questions in our blog, fill out a user profile or voluntarily decide to grant us remote access to provide you with technical support. Also, we may collect and store all posted forum and blog information and user profiles and make them available for public viewing.   


	We collect your information when you give it to us or post in forums or blogs.     


	Malwarebytes and its partners collect information through "cookies" and other similar tracking technologies to analyze trends, administer the website, track users' movements around the website, and to gather demographic information about our user base as a whole. Cookies are text files saved by your browser when you log into our software or services. We may use both session cookies and persistent cookies to identify that you have logged in, to tell us how and when you interact with our software or services, and to check aggregate usage and web traffic. Unlike persistent cookies, session cookies are deleted when you log off and close your browser. If you prefer, you can always change your browser options to stop accepting cookies or to prompt you before accepting cookies. However, if you do not accept cookies you may not be able to access the entirety of our software and services.   


	We also collect your information using "cookies" and other similar tracking technologies when you visit our website. You can prevent this method of information collection if you like.     

Account Registration 

	If you create an account with us through a third party like Facebook or Twitter ("SNS Accounts") you may have to provide us with your user name or user ID so that we can authenticate your identity.   


	We collect your information when you create an account.     

Software Functionality 

	Our software collects information about your use of the software as well as transfers of information between your computers that run the software and our servers. This is necessary to ensure our software is operating correctly and to confirm the status of your license of our software.    


	We collect information about your Malwarebytes license.          

What Information Do We Collect?

	We may collect both personally identifiable information ("PII") and non-personally identifiable information ("Non-PII"). PII is information that is either expressly provided by you, such as your name, or information that can be used either alone or in combination with other information to personally identify you, such as your email address, phone number, and user name. 

	We may collect the following personal information from you: Contact Information (such as name, email address, mailing address, or phone number); Unique Identifiers (such as username and password); Information about your business (such as company name, company size, business type). 

	Our third party service providers may collect billing information (credit card number and billing address) on our behalf to process orders. 

	Non-PII is all information that is not PII or is information that was PII but which we modify and/or aggregate with other data in order to make it Non-PII. As is true of most websites, we gather certain information automatically. This information may include Internet protocol (IP) addresses, browser type, Internet service provider (ISP), referring/exit pages, the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, and/or clickstream data to analyze trends in the aggregate, and anonymously generated device identifiers and administer the site.   


	There are two types of information we collect: personal and non-personal.     

Mobile Application

	When you download and use our Services, we automatically collect information on the type of device you use, operating system version, and the unique device identifier.  

	We send you push notifications from time-to-time in order to update you about any events or promotions that we may be running. If you no longer wish to receive these types of communications, you may turn them off at the device level. To ensure you receive proper notifications, we will need to collect certain information about your device such as operating system and user identification information. 

	We do not ask for, access or track any location based information from your mobile device at any time while downloading or using our Mobile Apps or Services. 

	We use mobile analytics software to allow us to better understand the functionality of our Mobile Software on your phone. This software may record information such as how often you use the application, the events that occur within the application, aggregated usage, performance data, and where the application was downloaded from. We do not link the information we store within the analytics software to any personally identifiable information you submit within the mobile application.   


	We collect information that allows us to fight against malware and potentially unwanted programs ("PUPs") on your device and contact if you allow us to send push notifications.          

How Do We Use Pii?

	Other than with respect to the exceptions below, we do not share PII with third parties. We use PII to improve our products and for shaping our external communication and messaging efforts.   


	With few exceptions, we don't share your personal information with a third party.          



	Our servers automatically record information about how a person ("User") uses our software or services ("Log Data"). Log Data may include a User's Internet Protocol (IP) address, browser type, operating system, web page that the User was visiting before accessing our server, search terms, and the pages or features of our software or services accessed by the User and the time spent there. We may share Log Data with Google Analytics. Google's privacy policy is available at   


	Exception #1: We share your information with Google for analytical purposes.     

Third-Party Service Providers

	We may engage third-party service providers to administer and provide our services. We may provide PII to such third parties only for the purpose of performing services on our behalf, such as fulfilling orders and delivering updates, payment processing, providing customer service, sending marketing communications, conducting research and analysis, and providing cloud computing infrastructure. We require such third parties to agree not to disclose your PII or use your PII for any other purpose.  

	For our cloud-based Software, we utilize Amazon Web Services for our infrastructure. With such infrastructure, you are able to benefit from Amazon Web Services Cloud Compliance security and privacy measures, including but not limited to ISO and SOC certifications. For more information on Amazon Web Services Cloud Compliance please visit    


	Exception #2: If we give your information to a partner company, they won't use your information outside of our business relationship.     

Business Transactions

	Information that we collect from Users, including PII, is considered a business asset. Accordingly, if we go out of business or enter bankruptcy, or if we are acquired, e.g., as a result of a transaction such as a merger, acquisition, or asset sale, your PII may be disclosed or transferred to the third-party acquirer in connection with the transaction. You will be notified via email and/or a prominent notice on our website, of any change in ownership, uses of your personal information, and choice you may have regarding your personal information.   


	Exception #3: If someone buys us or we go bankrupt, your information may be transferred to someone else.     

Governmental; Law Enforcement

	We may disclose PII to government agencies, law enforcement officials, and private parties as we, in our sole discretion, believe necessary: (1) to satisfy or comply with any applicable law, regulation or legal process; (2) to respond to lawful requests, including subpoenas, warrants or court orders; (3) to protect our property, rights and safety and the rights, property and safety of third parties or the public in general; and (4) to prevent or stop activity we consider to be illegal or unethical. 

	In certain situations, Malwarebytes may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.   


	Exception #4: If the government asks for your information, we may comply.     


	We may share your PII with third-party sites or platforms, such as social networking sites, but only if you have expressly requested that we do so. 

	Similarly, by posting profile, content, or other information, including PII to a forum or blog, you indicate your consent to its public use. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. We will list you in our publicly accessible member directory on the forum website. 

	We also display testimonials of satisfied customers on our websites in addition to other endorsements. With your consent, we may post your testimonial along with your name. If you wish to update or delete your testimonial, you can contact us at   


	Exception #5: If you post your information in one of our forums or on the blog, well, that's public.     


	We partner with a third party to display advertising on our website or to manage our advertising on other sites. Our third party partner may use cookies or similar technologies in order to provide you advertising based upon your browsing activities and interests. If you wish to opt out of interest-based advertising click here [or if located in the European Union click here]. Please note you will continue to receive generic ads. 

	You may sign-up to receive email or newsletter or other communications from us.  If you would like to discontinue receiving this information, you may update your email preferences by using the "Unsubscribe" link found in emails we send to you or at your member profile on our website or by contacting us at       


	We take commercially reasonable measures to protect PII from unauthorized access, use, and disclosure. However, no method of transmitting information over the Internet or storing information is completely secure. Accordingly, we can't guarantee the absolute security of your PII.   


	We do what we reasonably can to protect your information.     


	Our website may contain links to other websites and services. Any information that you provide on or to a third-party website or service is provided directly to the owner of the website or service and is subject to that party's privacy policy. Our Privacy Policy does not apply to such websites or services and we are not responsible for the content, privacy, or security practices and policies of those websites or services.   


	Our privacy policy doesn't apply when you visit sites we link to.     


	Upon request, Malwarebytes will provide you with information about whether we hold any of your personal information. You may access and modify the PII associated with your use of our services at any time by contacting us at If you want us to delete your PII, your forum account, or your support account, please contact us at with your request. We will respond to your requests within a reasonable timeframe. We will delete your information as soon as possible; however, some information may remain in archived/backup copies for our records or as otherwise required by law. We may retain your information for as long as your account is active or as needed to provide you services, comply with our legal obligations, resolve disputes and enforce our agreements. 

For Our Partnerbytes Platform Only:

	Malwarebytes acknowledges that you have the right to access your personal information.  Malwarebytes has no direct relationship with the individuals whose personal data it processes. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct their query to the Malwarebytes' Client (the data controller). If requested to remove data we will respond within a reasonable timeframe. In certain circumstances we may be required by law to retain your personal information, or may need to retain your personal information in order to continue providing a service.   


	We'll delete or modify your information if you ask.     


	Your PII may be transferred to, and maintained on, computers located outside of your state, province, country, or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction. If you are located outside the United States and choose to provide your PII to us, we may transfer your PII to the United States and process it there. 

	Malwarebytes participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework.  Malwarebytes is committed to subjecting all personal data received from European Union (EU) member countries, in reliance on the Privacy Shield Framework, to the Framework's applicable Principles.  To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce's Privacy Shield List. 

	Malwarebytes is responsible for the processing of personal data it receives, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf.  Malwarebytes complies with the Privacy Shield Principles for all onward transfers of personal data from the EU, including the onward transfer liability provisions. 

	With respect to personal data received or transferred pursuant to the Privacy Shield Framework, Malwarebytes is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.  In certain situations, Malwarebytes may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. 

	If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at 

	Under certain conditions, more fully described on the Privacy Shield website, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.   


	If you're not in the U.S., we may transfer your information to the U.S. We participate in the EU-U.S. Privacy Shield Framework.     


	Our services are not directed to children under eighteen, and we do not knowingly collect PII from children under thirteen. If we learn that we have collected PII of a child under thirteen we will delete such information from our files as soon as possible, provided, however, that some information may remain in archived/backup copies for our records or as otherwise required by law.   


	We don't knowingly collect information on children, and delete it if we inadvertently do collect it.          


	We may modify and revise this Privacy Policy from time to time. If we make any material changes to this Privacy Policy, we will notify you of such changes by posting them on our website or by sending you an email or other notification prior to the change becoming effective.   


	We'll let you know if we revise our privacy policy. If we make a material change, we will let you know before the change takes place.     

	QUESTIONS? Please contact us @ 3979 Freedom Circle, 12th Floor, Santa Clara, CA 95054 or via email at if you have any questions about our Privacy Policy.          

Software Collection Addendum

	We maintain and use the information we receive via Software Collection in the manner described below:     

User-Agent String 

	Each API communication coming from any of our client software identifies itself with a string that includes information about the software itself: 

 	 The program and build which is sending the request
 	 The current license state (as identified by the product)
 	 Which subcomponent of the application triggered this notification
 	 The version of the software as well as any subcomponents (currently, databases) that it uses


	So we can manage your Malwarebytes product and ensure that it is up to date.     

Geoip Data 

	When we collect data from our client systems, we do not retain the IP address from which the request originates. However, we do use it to gather geographic information on the system calling in: 

 	 A location item indicating the continent, country, city, and approximate latitude/ longitude of the user based on your IP address
 	 The type of connection (dialup/broadband/satellite/mobile)
 	 The ISP through which the connection is made
 	 The organization to which the IP address is licensed, if any


	So our malware intelligence team can track malware and PUP outbreaks and patterns.     

Client Data

	In addition to data you provide that is necessary for the functionality of the Software or in our performance of providing the Software to you, we collect client data from each program that describe the client environment (i.e., our software and the computer system it is running on). For this data we identify each system with a unique identifier that is created at install time, so it is possible to track changes to an individual system over time. In this, we collect: 

 	 The operating system the program is installed on 
 	 The system language in use on that system 
 	 The processor architecture (i.e., 32- or 64-bit)
 	 The file system in use (i.e., FAT32)
 	 Information from the Windows Security/Action Center, including security settings and programs installed or in use
 	 Information about other Malwarebytes program settings and how they are configured


	So we can gather performance data around our products and how they operate in relation to different hardware and software environments.     

License Data

	We collect data from products which have a paid or licensed mode reflecting the applicable license. These data also use a unique identifier. In this, we collect: 

 	 The key or keys used to license the current product
 	 If it represents a console system, the number of seats being managed by that installation of the console
 	 Endpoint domain information


	So we can remind you when your Malwarebytes subscription is about to expire or to determine the correct license type.     

Malware And Pup Data

	We collect data about the malware and PUPs that are detected by our products. We collect: 

 	 The vendor name of the malware or PUP removed
 	 An encrypted description of which database rule was used to remove the malware or PUP in question
 	 Artifacts detected as malware or PUPs
 	 Information related to detected artifacts


	So our malware intelligence team can track malware and PUP outbreaks and improve the efficacy of Malwarebytes products.     

Trial Data 

	When a client attempts to start a trial, we track it remotely in order to validate that the trial is allowed. For this information we use another unique system identifier. We collect: 

 	 The client's request for a trial 
 	 The start date and duration of the trial provided 
 	 Any attempted conversion/purchase generated by clicking an in-app link, so that it can be correlated with a trial


	So we can update your Malwarebytes products accurately and when they need it.     

Exploit Data

	In all Malwarebytes Anti-Exploit products (beginning with the 1.4 release) we collect a complex data object for any exploit process which is blocked by the software. In this data we collect: 

 	 Process ID of the exploit process
 	 File path of exploit process 
 	 MD5 hash of the exploit payload, if any
 	 Command-line arguments passed to the exploit
 	 A list of URLs describing the payload request made by the exploit, including redirect jumps if any
 	 Exploit payload files
 	 Exploit file-format (doc, pdf, xls, etc...)
 	 (Potentially) a copy of the exploit executable itself


	So our malware intelligence team can track exploit outbreaks and deepen its understanding of new exploit techniques.     

Analytics And Marketing Services

	We use the following analytics and marketing services so that we can deliver a better experience to visitors to our website: 

 	 Google Analytics 
 	 Google Remarketing 
 	 Demand Base

If you'd like to be notified when makes updates to documents like this, choose which ones you'd like to subscribe to today (it's free!).