Our principles for user data processing

The main principles

  • Information sent by Kaspersky Lab products to the company’s servers (the “cloud”) is limited to the data needed to improve the level of protection against cyberthreats, refine the product operation and offer better solutions to our users
  • Data sent to Kaspersky Lab is depersonalised and does not include users’ confidential information
  • Users voluntarily consent to send this data to Kaspersky Lab by agreeing to the licence agreement during product installation, as well as to the Kaspersky Security Network (KSN) user agreement
  • The information received, as well as traffic, is protected in accordance with legal requirements and stringent industry standards, including encryption, digital certificates, firewalls and more.

What is Kaspersky Security Network?

Kaspersky Security Network is an expert cloud-based system that automatically processes depersonalised statistics received from millions of devices owned by Kaspersky Lab users across the globe who have voluntarily consented to this. KSN was created to maximise the effectiveness of discovering new and unknown threats.

What is the ‘cloud’?

It is a service that runs on a company’s servers rather than on user devices and which can be used over the Internet from anywhere in the world. Examples of cloud services include e-mail, file sharing and file hosting services. Kaspersky Lab servers are distributed across the globe, providing faster processing of information and interchangeability in case of emergency.

What is the purpose of cloud-based protection?

Most IT security vendors use the cloud to improve protection levels. Hybrid protection (antivirus databases + proactive defence + the cloud) is the most effective.

The high performance of corporate servers means that cyberthreats detected on user devices can be analysed faster and more accurately. While the traditional antivirus and anti-phishing database updating cycle usually takes several hours, the cloud can provide users with protection against a new threat within minutes.

Using the cloud can also make a product ‘lighter’ by keeping it from using too much memory and resources on the user device.

What data is processed in the cloud?

Licence and product information

This information is needed to maintain communication between the product and Kaspersky Lab services – sending and receiving product and antivirus database updates, etc. The cloud uses it to recognise legitimate users.

Data on the product’s operation and its interaction with the user is also analysed. How long does scanning for threats take? Which features are used more often than the others? Answers to these and other questions help developers to improve products, making them faster and easier to use.

Device data

Data such as device type, operating system, applications installed on the device, etc. is needed to ‘link’ a licence to a specific machine. And why do that? Linking a licence to a specific machine means that the user doesn’t have to buy a new licence for the security product after reinstalling the operating system, for example. Identifying a certain person based on this kind of device information is impossible because it does not include any data that can be used to identify the user. This information also helps us to analyse cyberthreats because it shows how many devices are affected by any specific threat.

Threats detected

If a threat (new or known) is found on a device, information about that threat is sent to Kaspersky Lab. This enables us to analyse threats, their sources, principles of infection, etc., resulting in higher protection quality for every user.

Information on installed applications

This information helps to create lists of ‘white’ or harmless applications and prevent security products from mistakenly identifying such applications as malicious. This data is also used to update and extend program categories for solutions like Parental Control. In addition, this information helps us to understand our users better and offer them security solutions that match their needs.

Search requests, cookies and web page addresses

On the one hand, this data helps to improve protection against fake and infected web pages. In cases when cybercriminals intentionally push dangerous pages to the top of search results, this information enables us to quickly detect a malicious campaign and protect our users. On the other hand, it is needed to create personalised offers of additional protection solutions to different groups of users based on their online behaviour.

OS events

New malware can often be identified only by its suspicious behaviour. Because of this, the product analyses data on processes running on the device (events that do not depend on user actions but result from OS and program operation). This makes it possible to identify processes indicative of malicious activity early on and prevent any dire consequences, such as the destruction of user data.

Suspicious files

If an (yet) unknown file exhibiting suspicious behaviour is detected on a device, it can be sent to the cloud for a more thorough analysis. Personal files (such as photos or documents) are rarely malicious and do not behave suspiciously. As a result, this category includes most executable files (.exe).

Wi-Fi connection data

This information is analysed in order to warn users of insecure (i.e., poorly protected) Wi-Fi access points, helping to prevent personal data from being intercepted.

User contact data

Email addresses are provided by users optionally and are used for authorisation on the My Kaspersky web portal, which enables users to manage their protection remotely. Email addresses are also used to send targeted messages (e.g., containing important alerts) to users of Kaspersky Lab products. Users can also optionally specify their names (or names by which they would like to be addressed on the My Kaspersky portal and in emails).

Can data transfer be restricted?

By agreeing to the licence agreement during product installation and to the Kaspersky Security Network (KSN) user agreement, the user voluntarily consents to have certain information sent to Kaspersky Lab. The amount and structure of this information varies by product, so please read the agreements carefully. Business users can block data from being sent to Kaspersky Lab. Home users can limit the data sent to depersonalised information on the licence, product, the device on which it is installed, threats detected and sites visited by unchecking the corresponding box in the settings list.