Your data, explained in plain terms

This Privacy Policy describes how 365 Protection LLC (“we”, “us”, “our”) collects, uses, shares, and protects information when you visit 365-protection.com, purchase a subscription, or use any product in the 365 Protection suite.

Privacy is part of the product. We aim to collect only what we need, keep it for only as long as we need it, and never sell your personal information.

Information you give us

• Account details: name, email address, password (hashed), and household contact preferences.
• Billing details: billing address, last four digits of the payment card, card brand, expiry. Full card numbers are handled by our PCI-DSS compliant payment processor and never touch our servers.
• Support content: messages, attachments, and metadata you send to support.

Information collected automatically

• Device and app data: operating system, app version, language, country, anonymized device identifier.
• Usage data: features used, scans run, alerts received. We aggregate this to improve the Service.
• Cookies and similar: see our Cookie Policy.

Security signals

• File hashes, URLs visited, and threat metadata used by the antivirus, adblock, and browser tools to identify malware, phishing, and trackers. These are processed in our secure cloud and not linked to your identity.

We use your information to:

• provide, maintain, and improve the Service;
• process payments and manage subscriptions;
• send alerts you have opted into (breach alerts, scan results);
• detect and prevent fraud, abuse, and security incidents;
• comply with legal obligations.

We do not use your data to train advertising profiles, and we do not sell personal information for money.

If you are in the EU, UK, or EEA, we rely on the following legal bases under the GDPR:

• Contract: to deliver the Service you bought.
• Legitimate interest: to keep the Service secure, prevent fraud, and improve product quality.
• Consent: for non-essential cookies, marketing emails, and optional analytics. Withdraw any time.
• Legal obligation: tax, accounting, and lawful requests from authorities.

We share only what is necessary, only with:

• Service providers that host infrastructure, process payments, send transactional email, and detect malware on our behalf, under written data-processing agreements.
• Third-party security vendors whose licensed components are part of the Service (for example backup, VPN infrastructure, or breach data partners).
• Authorities where required by valid legal process. We push back on overly broad requests and notify users where lawful.
• Corporate transactions: if 365 Protection LLC is involved in a merger, acquisition, or asset sale, your data may transfer to the acquirer under equivalent privacy commitments.

We do not sell personal information for money.

We may transfer information to countries outside your home jurisdiction for the purposes described above. When data leaves the EEA, UK, or Switzerland, we use Standard Contractual Clauses or equivalent safeguards. Backup and storage data is replicated within the EU by default.

We keep account data for the life of your subscription and a short additional period for tax, accounting, and dispute resolution.

• Account data: until deletion request or 30 days after subscription cancellation.
• Billing records: up to 7 years to meet tax law.
• Support tickets: 24 months.
• Security telemetry: 90 days in identifiable form, then aggregated.

We protect your data with AES-256 encryption at rest, TLS in transit, per-account encryption keys for stored files, hardware-key support for admin access, continuous monitoring, and regular third-party penetration tests. No system is perfectly secure, and we cannot guarantee absolute security, but we take it very seriously and publish security advisories when they affect users.

Depending on where you live, you may have the right to:

• access the personal data we hold about you;
• correct inaccurate or incomplete data;
• delete your account and associated personal data;
• export your data in a portable format;
• object to or restrict certain processing;
• withdraw consent at any time;
• lodge a complaint with your local data protection authority.

To exercise any of these rights, email privacy@365-protection.com from the address on your account. We respond within 30 days.

If you live in California, Colorado, Connecticut, Virginia, Utah, or another U.S. state with a comprehensive privacy law, you have rights to access, correct, delete, and opt out of sale or sharing of personal information.

We do not sell personal information for money. To opt out of any sharing for cross-context behavioral advertising, disable the Advertising category in your cookie preferences. We honor Global Privacy Control (GPC) signals where required by law.

The Service is not directed to children under 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If you believe a child has provided us data, contact privacy@365-protection.com and we will delete it.

We may update this Policy from time to time. Material changes will be announced by email or a prominent notice on the Website at least 14 days before they take effect.

Privacy questions: privacy@365-protection.com

General support: support@365-protection.com

Postal: 365 Protection LLC. A registered mailing address is provided in your welcome email and on request.