Argentina

Brasil

Canada (English)

Canada (Français)

Caribbean (English)

Caribe (Español)

Chile

Colombia

Costa Rica

Ecuador

El Salvador

Guatemala

Hispanoamérica

México

Panamá

Perú

Puerto Rico (English)

United States

Uruguay

Venezuela

België (Nederlands)

Belgique (Français)

Česko

Danmark

Deutschland

España

Estonia (English)

France

Iceland (English)

Ireland (English)

Israel (English)

Italia

Latvia (English)

Lithuania (English)

Luxembourg (Français)

Magyarország

Nederland

Norge

Österreich

Polska

Portugal

România

Schweiz (Deutsch)

Suisse (Français)

Svizzera (Italiano)

South Africa

Suomi

Sverige

Türkiye

United Arab Emirates (English)

United Kingdom

Ελλάδα

Россия

Australia

Cambodia (English)

Hong Kong (English)

香港

India (English)

Indonesia (English)

Malaysia (English)

New Zealand

Philippines (English)

Singapore (English)

Thailand (English)

Vietnam (English)

대한민국

中国

台灣

日本

Products Privacy Notice

To read this notice in Estonian, Lithuanian or Latvian, please click on the relevant language.

In our ongoing quest for transparency, Norton shares its Products Privacy Notice to help you understand how we handle your personal data. For more information about our data practices and your rights, please see our General Privacy Notice.

Norton Security Products (desktop)
Norton 360 Mobile Apps
Norton AntiTrack
Norton Password Manager / Norton Safe Web Plus (Mac App)
Norton VPN
Norton Utilities Premium / Norton Utilities Ultimate
Norton Family
Norton Genie
Norton Ultimate Help Desk
Norton Computer Tune-Up
Norton Driver Updater
Norton Mobile Security
NortonLive Spyware and Virus Removal
Norton Safe Web / Norton Safe Web Plus (Mac App)
Norton Safe Search
Norton Private Browser
Norton Home Page
Norton Password Generator
Privacy Monitor and Privacy Monitor Assistant
LifeLock / Identity Advisor
Dark Web Monitoring
SurfEasy
Norton Safe Email
Norton Money
HomeShield Pro

Norton Security Products (desktop)

Norton Security Products provide endpoint security which defends against ransomware, viruses, spyware, malware, scams and other similar online threats. The scope of the services depends on the version of your product, and it may also include additional services and features such as VPN services, Safe Email, Dark Web Monitoring, Parental Control (Norton Family), Privacy Monitor, Password Manager, AI Assistant (Norton Genie), Identity Protection features, as well as scam insurance and restoration services.

Security products include Norton 360, Norton AntiVirus, Norton Internet Security, Norton One, Norton Small Business, Norton Security Protection, and Norton Security On-The-Go, and Norton Power Eraser (a free virus removal tool). Norton Security Products are also offered as a bundled product with other Norton products.

	Categories of Data and Personal Data Processed (How Long It is Stored)	Purpose of Processing Your Personal Data
Data You Provide:	Security Data may include: Emails reported as potential threats (1 year). Malware Detections chosen to be reported (up to 3 years). File backups as selected by User (if purchasing/using Norton Online Backup) (encrypted).	Security Data: This data is processed to deliver the product by evaluating for potential security risks and/or blocking emails, enforcing the rules and policies defined by the User for their controlled profiles, and helping the User detect misuse of Personal Data associated with such profiles. Additionally, emails and malwares files provided by Users help in improving the product’s detection rate and reducing false positives.
Data We Collect/Access:	Location Data may include: IP Address (36 months). Approximate Location derived from IP address (50 months). Device Data may include: Product Serial Number (while active or 36 months). Internal installation identifiers (50 months). Operating system version and settings (50 months). Device manufacturer and model (50 months). Device names and/or assigned names (50 months). Device identifiers including MAC address (while active or 50 months). Internal Device identifiers - Norton Machine ID (36 months). Other security software and apps running on the device, including our apps (36 months). Browsers installed and default browser (50 months). Security Data may include: URLs/Websites visited and associated metadata (36 months). Files identified as potential or known malware (36 months). Application names and versions (36 months). File metadata including file paths (36 months). Security statistics such as number of detections etc. (6 months). Service Data may include: Network data and connection activity (36 months). User interactions with Norton websites and Norton extensions download pages (26 months). Emails if Norton Safe Email is enabled (not stored by default; with your consent, we can store suspicious email messages for in-depth analysis and to keep our detection models up to date for 30 days in raw form, then we remove personal identifiers). Events and product usage such as number and result of scans, detections, error logs and screen flows (50 months). Failure diagnostics including crash dumps and system logs (36 months).	Location Data: This data is used to determine appropriate language settings for communicating with you and for determining country of origin for threats detected. Device Data: This data is used and generated internally at Gen for the purpose of tracking account activity between internal company systems, applications, and architecture. It is also used to deliver the product in accordance with your device(s) as well as tracking and determining trends in threats detected and communicating about potential solutions to detected threats. Security Data: This data is used to deliver the product by alerting you to potentially malicious applications, malware, URLs and links and by informing you about site safety and blocking browsing to unsafe websites, improving the detection of malware and cyber-threats (e.g., through file sample analysis), and pursuing general cybersecurity research. Service Data: This data is used to understand product usage and to further develop and improve the product performance, communicating about potential solutions to detected threats as well as telemetry.
Data We Collect/Access from Third Parties:	Service Data may include: Failure diagnostics including crash dumps and system logs (36 months).	Service Data: This data is processed for the purposes of understanding product usage and improving the product.

Categories of Data and Personal Data Processed (How Long It is Stored)

Purpose of Processing Your Personal Data

Data You Provide:

Security Data may include:

Emails reported as potential threats (1 year).
Malware Detections chosen to be reported (up to 3 years).
File backups as selected by User (if purchasing/using Norton Online Backup) (encrypted).

Security Data: This data is processed to deliver the product by evaluating for potential security risks and/or blocking emails, enforcing the rules and policies defined by the User for their controlled profiles, and helping the User detect misuse of Personal Data associated with such profiles. Additionally, emails and malwares files provided by Users help in improving the product’s detection rate and reducing false positives.

Data We Collect/Access:

Location Data may include:

IP Address (36 months).
Approximate Location derived from IP address (50 months).

Device Data may include:

Product Serial Number (while active or 36 months).
Internal installation identifiers (50 months).
Operating system version and settings (50 months).
Device manufacturer and model (50 months).
Device names and/or assigned names (50 months).
Device identifiers including MAC address (while active or 50 months).
Internal Device identifiers - Norton Machine ID (36 months).
Other security software and apps running on the device, including our apps (36 months).
Browsers installed and default browser (50 months).

Security Data may include:

URLs/Websites visited and associated metadata (36 months).
Files identified as potential or known malware (36 months).
Application names and versions (36 months).
File metadata including file paths (36 months).
Security statistics such as number of detections etc. (6 months).

Service Data may include:

Network data and connection activity (36 months).
User interactions with Norton websites and Norton extensions download pages (26 months).
Emails if Norton Safe Email is enabled (not stored by default; with your consent, we can store suspicious email messages for in-depth analysis and to keep our detection models up to date for 30 days in raw form, then we remove personal identifiers).
Events and product usage such as number and result of scans, detections, error logs and screen flows (50 months).
Failure diagnostics including crash dumps and system logs (36 months).

Location Data: This data is used to determine appropriate language settings for communicating with you and for determining country of origin for threats detected.

Device Data: This data is used and generated internally at Gen for the purpose of tracking account activity between internal company systems, applications, and architecture. It is also used to deliver the product in accordance with your device(s) as well as tracking and determining trends in threats detected and communicating about potential solutions to detected threats.

Security Data: This data is used to deliver the product by alerting you to potentially malicious applications, malware, URLs and links and by informing you about site safety and blocking browsing to unsafe websites, improving the detection of malware and cyber-threats (e.g., through file sample analysis), and pursuing general cybersecurity research.

Service Data: This data is used to understand product usage and to further develop and improve the product performance, communicating about potential solutions to detected threats as well as telemetry.

Data We Collect/Access from Third Parties:

Service Data may include:

Failure diagnostics including crash dumps and system logs (36 months).

Service Data: This data is processed for the purposes of understanding product usage and improving the product.

Norton 360 Mobile Apps (Android and iOS)

Norton 360 mobile applications (“Norton 360 App”) are designed to provide protected Users’ and their selected smartphone and tablet devices with protection against digital threats and allow Users to keep digital information private and secure over the network and monitor their identity. The scope of the services depends on the version of your product, and it may include Safe SMS, Safe Call (provided in cooperation with Hiya Inc.) and Safe Email features as well as an AI Assistant (Norton Genie), scam insurance and restoration services.

	Categories of Data and Personal Data Processed (How Long It is Stored)	Purpose of Processing Your Personal Data
Data You Provide:	If purchasing the Norton 360 App through the eStore, please see the Norton Enrollment Process for additional information. If purchasing through the Apple AppStore or Google PlayStore, please see the below information. Account Data may include: Email (while active or 36 months). Norton account password (while active or 36 months). Country (while active or 36 months). Security Data may include: User feedback related to detected calls (not connected to you).	Account Data: This data is processed to administer the account including establishing and authenticating it as well as communicating with you and providing services connected with your account. Security Data: This data is processed for the purposes of the functionality of call filtering and evaluation of caller reputation in cooperation with Hiya Inc. It is also used to fix bugs, improve the detection models and to create, use and store aggregated statistics derived from call information to help us analyze unsolicited calls. The information is, however, not connected to you.
Data We Collect/Access:	Device Data may include: IP Address (36 months). Mobile device identifiers (while active or 36 months). Internal identifiers including installation ID (50 months). Device name and type (while active or 36 months). Operating system platform and version (while active or 36 months). Approximate Location derived from IP Address (50 months). Security Data may include: Files identified as potential or known malware (36 months). File metadata including file paths (36 months). Applications including characteristics such as permissions, signing certs, package and library info, app versions (36 months). File and application data (limited to App store data, applications downloaded, and browsing data. iOS devices will also collect malicious links from calendar invites) (36 months). Web-browsing and URLs accessed (36 months). If the Safe SMS (SMS security) is enabled, text messages with URLs or sent by senders not in your contact list are collected and analyzed for threats. The text messages are not connected to our customers. These texts may include data such as: phone numbers, emails, crypto, or other identifiers associated with the text message. Includes identifiers offered to user as target for user’s requested response. (texts stripped off the personal identifiers together with URLs and other sender identifiers are stored up to 5 years). Emails if Norton Safe Email is enabled (not stored by default; with your consent, we can store suspicious email messages for in-depth analysis and to keep our detection models up to date for 30 days in raw form, then we remove personal identifiers). Call information and threat detection data (for Safe Call feature) – incoming phone numbers, line type, country (for incoming non-contact calls); time, length and disposition of phone call (36 months, incoming phone number removed after 30 days). Security statistics such as number of detections (12 months). Service Data may include: Events and product usage such as number and result of scans, detections, network service information, download and use frequency, log data) (36 months). Error reports/crash dumps (36 months). Device/phone settings (including but not limited to device model and manufacturers) (50 months).	Device Data: This data is processed for the purposes of delivering the product in accordance with your device(s) and determining appropriate language settings for communicating with you. It is also processed for the purposes of delivering the product in accordance with your device(s) as well as tracking and determining trends in threats detected and communications about potential solutions to detected threats. Security Data: This data is processed for the purposes of delivering the product by alerting you to potentially malicious applications, malware, URLs and links (including links in emails, text messages or data downloaded to SD cards), communicating about potential solutions to detected threats as well as improving the app security feature (malicious malware and applications blocking feature and SD card are only available on the Android OS). Service Data: This data is processed for the purpose of understanding product usage to further develop and improve the product performance, communicating about potential solutions to detected threats as well as telemetry.
Data We Collect/Access from Third Parties:	Service Data may include: Reporting data based on metadata collected by product (limited to number of Users by general geolocations/regions, and operating systems) (25 months).	Service Data: This data is processed for the purpose of understanding product usage to further develop and improve the product performance as well as telemetry.

Categories of Data and Personal Data Processed (How Long It is Stored)

Purpose of Processing Your Personal Data

Data You Provide:

If purchasing the Norton 360 App through the eStore, please see the Norton Enrollment Process for additional information. If purchasing through the Apple AppStore or Google PlayStore, please see the below information.

Account Data may include:

Email (while active or 36 months).
Norton account password (while active or 36 months).
Country (while active or 36 months).

Security Data may include:

User feedback related to detected calls (not connected to you).

Account Data: This data is processed to administer the account including establishing and authenticating it as well as communicating with you and providing services connected with your account.

Security Data: This data is processed for the purposes of the functionality of call filtering and evaluation of caller reputation in cooperation with Hiya Inc. It is also used to fix bugs, improve the detection models and to create, use and store aggregated statistics derived from call information to help us analyze unsolicited calls. The information is, however, not connected to you.

Data We Collect/Access:

Device Data may include:

IP Address (36 months).
Mobile device identifiers (while active or 36 months).
Internal identifiers including installation ID (50 months).
Device name and type (while active or 36 months).
Operating system platform and version (while active or 36 months).
Approximate Location derived from IP Address (50 months).

Security Data may include:

Files identified as potential or known malware (36 months).
File metadata including file paths (36 months).
Applications including characteristics such as permissions, signing certs, package and library info, app versions (36 months).
File and application data (limited to App store data, applications downloaded, and browsing data. iOS devices will also collect malicious links from calendar invites) (36 months).
Web-browsing and URLs accessed (36 months).
If the Safe SMS (SMS security) is enabled, text messages with URLs or sent by senders not in your contact list are collected and analyzed for threats. The text messages are not connected to our customers. These texts may include data such as: phone numbers, emails, crypto, or other identifiers associated with the text message. Includes identifiers offered to user as target for user’s requested response. (texts stripped off the personal identifiers together with URLs and other sender identifiers are stored up to 5 years).
Emails if Norton Safe Email is enabled (not stored by default; with your consent, we can store suspicious email messages for in-depth analysis and to keep our detection models up to date for 30 days in raw form, then we remove personal identifiers).
Call information and threat detection data (for Safe Call feature) – incoming phone numbers, line type, country (for incoming non-contact calls); time, length and disposition of phone call (36 months, incoming phone number removed after 30 days).
Security statistics such as number of detections (12 months).

Service Data may include:

Events and product usage such as number and result of scans, detections, network service information, download and use frequency, log data) (36 months).
Error reports/crash dumps (36 months).
Device/phone settings (including but not limited to device model and manufacturers) (50 months).

Device Data: This data is processed for the purposes of delivering the product in accordance with your device(s) and determining appropriate language settings for communicating with you. It is also processed for the purposes of delivering the product in accordance with your device(s) as well as tracking and determining trends in threats detected and communications about potential solutions to detected threats.

Security Data: This data is processed for the purposes of delivering the product by alerting you to potentially malicious applications, malware, URLs and links (including links in emails, text messages or data downloaded to SD cards), communicating about potential solutions to detected threats as well as improving the app security feature (malicious malware and applications blocking feature and SD card are only available on the Android OS).

Service Data: This data is processed for the purpose of understanding product usage to further develop and improve the product performance, communicating about potential solutions to detected threats as well as telemetry.

Data We Collect/Access from Third Parties:

Service Data may include:

Reporting data based on metadata collected by product (limited to number of Users by general geolocations/regions, and operating systems) (25 months).

Service Data: This data is processed for the purpose of understanding product usage to further develop and improve the product performance as well as telemetry.

Norton AntiTrack

Norton AntiTrack is an app and browser extension that keeps your online activities and digital footprint private. Its key features help to obscure your identity from tracking and fingerprinting attempts made by browsers and individual websites.

	Categories of Data and Personal Data Processed (How Long It is Stored)	Purpose of Processing Your Personal Data
Data You Provide:	Account Data may include: Norton AntiTrack does not require you to provide any data outside of the enrollment and billing processes. If you choose to use the Private Email feature, you may provide additional email addresses (36 months).	Account Data: Norton AntiTrack does not require you to provide any data outside of the enrollment and billing processes, so no additional personal data is processed.
Data We Collect/Access:	Service Data may include: Browser activity (not stored). Cookie origin domain (not actual content of cookies) (not stored). Reported URL problems (36 months). Domain with trackers and fingerprints that user reviewed, added or removed from exclusion for detection through the app (36 months). Emails, if Private Email is enabled (not stored). Crash/hang dumps and Error reports (90 days). Reporting data based on metadata collected by product (36 months). Usage data to assist with debugging a problem with the service (36 months). Usage information (36 months). Aggregated statistics about trackers and fingerprints blocked (36 months). License identifier (36 months). Device Data may include: Operating system version and language (36 months). Web browser name, version, language (36 months).	Service Data: This data is used to deliver the services and features that you have selected. This data is processed for the purposes of understanding product usage to further develop and improve the product performance as well as telemetry. Device Data: This data is processed for the purposes of delivering the product in accordance with your device(s) and determining appropriate language settings for communicating with you.
Data We Collect/Access from Third Parties:	Service Data may include: Reporting data based on metadata collected by product (e.g., number of Users by browser types, general geolocations/regions, and operating systems) (36 months).	Service Data: This data is processed for the purposes of understanding product usage and improving the product.

Categories of Data and Personal Data Processed (How Long It is Stored)

Purpose of Processing Your Personal Data

Data You Provide:

Account Data may include:

Norton AntiTrack does not require you to provide any data outside of the enrollment and billing processes.
If you choose to use the Private Email feature, you may provide additional email addresses (36 months).

Account Data: Norton AntiTrack does not require you to provide any data outside of the enrollment and billing processes, so no additional personal data is processed.

Data We Collect/Access:

Service Data may include:

Browser activity (not stored).
Cookie origin domain (not actual content of cookies) (not stored).
Reported URL problems (36 months).
Domain with trackers and fingerprints that user reviewed, added or removed from exclusion for detection through the app (36 months).
Emails, if Private Email is enabled (not stored).
Crash/hang dumps and Error reports (90 days).
Reporting data based on metadata collected by product (36 months).
Usage data to assist with debugging a problem with the service (36 months).
Usage information (36 months).
Aggregated statistics about trackers and fingerprints blocked (36 months).
License identifier (36 months).

Device Data may include:

Operating system version and language (36 months).
Web browser name, version, language (36 months).

Service Data: This data is used to deliver the services and features that you have selected. This data is processed for the purposes of understanding product usage to further develop and improve the product performance as well as telemetry.

Device Data: This data is processed for the purposes of delivering the product in accordance with your device(s) and determining appropriate language settings for communicating with you.

Data We Collect/Access from Third Parties:

Service Data may include:

Reporting data based on metadata collected by product (e.g., number of Users by browser types, general geolocations/regions, and operating systems) (36 months).

Service Data: This data is processed for the purposes of understanding product usage and improving the product.

Norton Password Manager / Norton Safe Web Plus (Mac App)

Norton Password Manager has five variants: (1) a component of the Norton Security product and plugin for Internet Explorer browser; (2) browser extensions for all major browsers except Internet Explorer; (3) mobile apps for Android and iOS; (4) a web application requiring no additional installation of software or browser extensions; and (5) Norton Safe Web Plus is a Mac app that supplies the functionality of Norton Password Manager and Safe Web. All variants are a password manager which manages usernames, passwords, and other information useful for performing online activities.

	Categories of Data and Personal Data Processed (How Long It is Stored)	Purpose of Processing Your Personal Data
Data You Provide:	Account Data may include: Username(s) (while active or 6 months). Password(s) (while active or 6 months). Phone number (while active or 6 months). Physical address(es) (including city, state, and postal code) (while active or 6 months). Additional payment information (Credit/Debit Card Information, specifically account numbers, card type, and expiration dates; bank account number and name of bank) (while active or 6 months). Gender (including title) (while active or 6 months. Additional email(s) (while active or 6 months). Date of birth (while active or 6 months). Freeform notes / text (while active or 36 months).	Account Data: This data is provided by you if you choose to and is collected for the purposes of delivering the product functionality including conveniently filling web forms with this data and examining the data for security risks.
Data We Collect/Access:	Location Data may include: IP address (not stored). Geolocation (26 months). Device Data may include: Web browser type/version (26 months). Product version and preferred language (26 months). Operating system (Including version or platform) (26 months). Website domains for stored logins (while active or 36 months). Free form text (as provided by User) (while active or 36 months). Service Data may include: Metadata (including number of accounts stored with products and number of websites visited, number of product features used) (26 months).	Location Data: This data is processed for the purposes of determining appropriate language settings for communicating with the User and for reporting about product usage based on general location. Device Data: This data is processed for the purpose of delivering the product in accordance with your device(s) and by providing login services and analyzing product usage. Service Data: This data is for the purpose of understanding product usage to further develop and improve the product performance as well as telemetry.
Data We Collect/Access from Third Parties:	Security Data may include: Potentially compromised passwords (specific usernames/passwords are never known to Gen services nor to third parties) (while active or 36 months).	Security Data: This data is processed for the purposes of delivering the product by identifying and informing you of potentially compromised passwords stored within your device(s).

Categories of Data and Personal Data Processed (How Long It is Stored)

Purpose of Processing Your Personal Data

Data You Provide:

Account Data may include:

Username(s) (while active or 6 months).
Password(s) (while active or 6 months).
Phone number (while active or 6 months).
Physical address(es) (including city, state, and postal code) (while active or 6 months).
Additional payment information (Credit/Debit Card Information, specifically account numbers, card type, and expiration dates; bank account number and name of bank) (while active or 6 months).
Gender (including title) (while active or 6 months.
Additional email(s) (while active or 6 months).
Date of birth (while active or 6 months).
Freeform notes / text (while active or 36 months).

Account Data: This data is provided by you if you choose to and is collected for the purposes of delivering the product functionality including conveniently filling web forms with this data and examining the data for security risks.

Data We Collect/Access:

Location Data may include:

IP address (not stored).
Geolocation (26 months).

Device Data may include:

Web browser type/version (26 months).
Product version and preferred language (26 months).
Operating system (Including version or platform) (26 months).
Website domains for stored logins (while active or 36 months).
Free form text (as provided by User) (while active or 36 months).

Service Data may include:

Metadata (including number of accounts stored with products and number of websites visited, number of product features used) (26 months).

Location Data: This data is processed for the purposes of determining appropriate language settings for communicating with the User and for reporting about product usage based on general location.

Device Data: This data is processed for the purpose of delivering the product in accordance with your device(s) and by providing login services and analyzing product usage.

Service Data: This data is for the purpose of understanding product usage to further develop and improve the product performance as well as telemetry.

Data We Collect/Access from Third Parties:

Security Data may include:

Potentially compromised passwords (specific usernames/passwords are never known to Gen services nor to third parties) (while active or 36 months).

Security Data: This data is processed for the purposes of delivering the product by identifying and informing you of potentially compromised passwords stored within your device(s).

Norton VPN

Introduction

As a VPN service provider, Norton values your privacy and protects your personal data. Our VPN products help keep your online activity private and encrypt your internet connection, preventing third parties from monitoring what you do online.

This Privacy Notice covers VPN features in Norton VPN and Norton 360 product plans. It does not apply to other Norton products or features.

Why do we collect data?

Our VPN operates under a strict privacy-first approach. We collect minimal data, anonymize information when possible, and delete it as soon as possible. Additionally, we process some data to provide, optimize, and improve our VPN service and comply with legal obligations.

Next, let's clarify what we don't collect before further explaining what we do.

Our no-log policy: Data we don’t collect

Our VPN is designed to ensure that we do not know what you do online, and we guarantee that your online activities are never tracked, logged, or stored. Our no-log policy has been independently verified by VerSprite, who has also audited our security and privacy controls, and we continue to work with independent auditors to maintain transparency and trust. You can find user data requests in our VPN Transparency Report.

Specifically, our VPN doesn’t collect:

Your browsing history.
The originating IP addresses of your devices.
Any DNS queries (i.e., requests to find and connect to websites) while you’re connected. We use our own secure DNS servers to keep your browsing private.

How we limit data processing and apply our General Privacy Notice

Here's how our VPN product Privacy Notice and data processing practices differ from our General Privacy Notice:

Identity data: We only collect payment information and an email address for the license subscription. You can request to delete your account and associated data at any time.
Product data: We only collect the product data shown below. Our VPN doesn't collect the other data types mentioned in the General Privacy Notice (e.g., website data).
Sharing with business partners: We don’t share product data with partners other than license–related data.

What data does our VPN collect and why?

Data from our VPN applications

We collect minimal data to ensure our VPN works well. This data doesn't reveal which sites you visit or what services you use. Below is what we collect, why we collect it, and how long we keep it.

Service data	Why we collect it	Retention period
Connection events Such as successful /unsuccessful connections and disconnections from our VPN server	To monitor VPN performance, fix issues, and ensure reliability of the VPN service. Example: How often are users experiencing connection failures? What percentage of connection attempts are successful? We don't collect IP addresses. However, for troubleshooting purposes, we can link connection events to licenses and devices. Based on this data, we know whether our customers have used our VPN service in the last 35 days.	24 months for general connection events; 7 days for device-specific connectivity issues debugging; 35 days for connection timestamps.
Application events Such as install, uninstall, updates and interaction, OS version, language, error states, and device name and type	To understand app usage, enhance features, improve user experience, and ensure compatibility with various device types and operating systems. Example: Which operating systems are most used by our customers? Is a new feature we introduced in the app popular? Are people uninstalling after our latest release? We keep the device names so we can display them in the My Norton portal. For troubleshooting purposes, we can link application events to licenses and devices.	36 months for error states in the app installation and usage; 24 months for general application events.
User-generated crash reports	For diagnosing and fixing specific app crashes you report. Our VPN applications don't send automatic reports with personal data. If you choose to share a crash report, we link it to your service records, which can be connected to your license.	90 days.

Service data

Why we collect it

Retention period

Connection events

Such as successful /unsuccessful connections and disconnections from our VPN server

To monitor VPN performance, fix issues, and ensure reliability of the VPN service.

Example: How often are users experiencing connection failures? What percentage of connection attempts are successful?

We don't collect IP addresses. However, for troubleshooting purposes, we can link connection events to licenses and devices. Based on this data, we know whether our customers have used our VPN service in the last 35 days.

24 months for general connection events;

7 days for device-specific connectivity issues debugging; 35 days for connection timestamps.

Application events

Such as install, uninstall, updates and interaction, OS version, language, error states, and device name and type

To understand app usage, enhance features, improve user experience, and ensure compatibility with various device types and operating systems.

Example: Which operating systems are most used by our customers? Is a new feature we introduced in the app popular? Are people uninstalling after our latest release?

We keep the device names so we can display them in the My Norton portal. For troubleshooting purposes, we can link application events to licenses and devices.

36 months for error states in the app installation and usage;

24 months for general application events.

User-generated crash reports

For diagnosing and fixing specific app crashes you report.

Our VPN applications don't send automatic reports with personal data. If you choose to share a crash report, we link it to your service records, which can be connected to your license.

90 days.

Data from our VPN backends

We collect only essential information to run our VPN service safely and efficiently.

Service data	Why we collect it	Retention period
Cumulative sum of data transmitted (in MB)	We track the aggregate volume of data transferred to help us with: 1. Network and server planning: We use data transfer information to improve our network and servers. This helps us provide reliable service as usage increases. 2. Preventing service abuse: We monitor data transfer sums to prevent service misuse (e.g., one user generating more traffic than thousands combined). This helps maintain service quality for all customers.	36 months.

Service data

Why we collect it

Retention period

Cumulative sum of data transmitted (in MB)

We track the aggregate volume of data transferred to help us with:

1. Network and server planning: We use data transfer information to improve our network and servers. This helps us provide reliable service as usage increases.

2. Preventing service abuse: We monitor data transfer sums to prevent service misuse (e.g., one user generating more traffic than thousands combined). This helps maintain service quality for all customers.

36 months.

Third-party analytics and your control

To improve our VPN apps, we primarily rely on internal analytics. While some third-party tools, like Google Firebase and Crashlytics, are used for diagnostics, they do not track or store personal data. You have full control and can disable third-party analytics at any time in your VPN settings.

Service data	Why we collect it	Retention period
App usage metadata How the applications are being used	To improve user experience. This data doesn't show what you use the VPN for.	36 months.

Service data

Why we collect it

Retention period

App usage metadata

How the applications are being used

To improve user experience.

This data doesn't show what you use the VPN for.

36 months.

Norton Utilities Premium

Norton Utilities helps analyze, configure, optimize, and maintain a computer of the User to keep it running like new. It also includes the Cloud Cleaner feature that helps users manage their cloud storage (optimize, remove duplicates) by checking metadata associated with stored files and pictures. Files and pictures are not downloaded or stored by us. To connect to Google Drive, we need to ask Google for permission to use its APIs. Google allows companies to use its APIs only if they undertake to limit its use of information accessed through the APIs. As a result, Product’s use and transfer to any other product of information received from these Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

	Categories of Data and Personal Data Processed (How Long It is Stored)	Purpose of Processing Your Personal Data
Data You Provide:	Account Data may include: Norton Utilities does not require Users to provide any information outside of enrollment and billing processes.	Account Data: Norton Utilities does not require Users to provide any information outside of enrollment and billing processes.
Data We Collect/Access:	Location Data may include: IP address (not stored). Device Data may include: Activation data (limited to status of installation of product on device) (not stored). Device ID (not stored). Service Data may include: File meta data - checksum, archive_state, created_date, modified_date, folder_path, file_name, file_size, file_type, file_id and thumbnail_link (24 hours). User reviews/feedback (not stored).	Location Data: This data is processed for the purposes of determining appropriate language settings for communicating with you. Device Data: This data is used for the purpose of providing the service and delivering the product in accordance with your device(s). Service Data: This data is used for the purpose of providing the service and understanding product usage to further develop and improve the product performance as well as telemetry.
Data We Collect/Access from Third Parties:	Service Data may include: Metadata based on User reviews/feedback (not stored).	Service Data: This data is used for the purpose of understanding product usage to further develop and improve the product performance as well as telemetry.

Categories of Data and Personal Data Processed (How Long It is Stored)

Purpose of Processing Your Personal Data

Data You Provide:

Account Data may include:

Norton Utilities does not require Users to provide any information outside of enrollment and billing processes.

Account Data: Norton Utilities does not require Users to provide any information outside of enrollment and billing processes.

Data We Collect/Access:

Location Data may include:

IP address (not stored).

Device Data may include:

Activation data (limited to status of installation of product on device) (not stored).
Device ID (not stored).

Service Data may include:

File meta data - checksum, archive_state, created_date, modified_date, folder_path, file_name, file_size, file_type, file_id and thumbnail_link (24 hours).
User reviews/feedback (not stored).

Location Data: This data is processed for the purposes of determining appropriate language settings for communicating with you.

Device Data: This data is used for the purpose of providing the service and delivering the product in accordance with your device(s).

Service Data: This data is used for the purpose of providing the service and understanding product usage to further develop and improve the product performance as well as telemetry.

Data We Collect/Access from Third Parties:

Service Data may include:

Metadata based on User reviews/feedback (not stored).

Service Data: This data is used for the purpose of understanding product usage to further develop and improve the product performance as well as telemetry.

Norton Family

Norton Family helps protect Users and their devices with parental controls applied through User-defined and User-managed protection settings and features.

	Categories of Data and Personal Data Processed (How Long It is Stored)	Purpose of Processing Your Personal Data
Data You Provide:	Account Data may include: Child name (while active or 60 days). Restriction level (child’s age range) (while active or 60 days). Picture (for avatar, if chosen) (while active or 60 days). Restriction settings as determined by parent (while active or 60 days). Emergency contact information (such as parent’s phone) (while active or 60 days). Location identifying labels (such as “home” or “school,” as defined by parent) (while active or 60 days).	Account Data: This data is provided by you and is processed for the purposes of delivering the product by helping you to supervise the online activities on your protected device(s) and helping to enforce your defined rules for the online activities on your protected device(s).
Data We Collect/Access:	Location Data may include: Parent's time zone (while active or 60 days). Child’s geolocation (as permitted by region, and if enabled by parent) collected in the background (while active or 60 days). Device Data may include: Child's operating system platform and version (36 months). Installation status of the Norton Family client software on subscriber or protected User’s device (36 months). Child policy configurations as determined by parent (36 months). Device name (while active or 60 days). Device name, type, language, hardware, software, and application inventory (only applicable to Android mobile devices) (36 months). Browser type and version (36 months). Device identifiers such as IDFA (only applicable to iOS mobile devices (36 months). Security Data may include: Setting configurations deviations performed by child (while active or 60 days). Application exception and workflow failure logs (12 months). URLs visited by child and search terms (while active or 60 days). Device usage time (while active or 60 days). Application usage time (while active or 60 days). Service Data may include: Crash logs for PC (36 months). Product usage telemetry (limited to pages visited with Product) (12 months). License ID, status, and entitlement information (while active or 60 days).	Location Data: This data is processed to determine appropriate language settings for communicating with you and delivering the product by helping you to supervise the location of your protected device. Device Data: This data is processed for the purposes of delivering the product in accordance with your device(s), helping you to supervise the online activities on your protected device(s), and helping to enforce your defined rules for the online activities on your protected device(s). Device identifiers are used to track information about app usage such as which in-app events a user triggers. Security Data: This data is processed for the purposes of delivering the product in accordance with your device(s) as well as improving the product’s installation success rate by providing input for research and development to improve products and services to better protect your network, devices, data, and identity. Service Data: This data is processed for the purpose of understanding product usage to further develop and improve the product performance as well as telemetry.
Data We Collect/Access from Third Parties:	Service Data may include: Crash logs for mobile devices (90 days). Metadata reports on product usage (12 months).	Service Data: This data is processed for the purpose of understanding product usage to further develop and improve the product performance as well as telemetry.

Categories of Data and Personal Data Processed (How Long It is Stored)

Purpose of Processing Your Personal Data

Data You Provide:

Account Data may include:

Child name (while active or 60 days).
Restriction level (child’s age range) (while active or 60 days).
Picture (for avatar, if chosen) (while active or 60 days).
Restriction settings as determined by parent (while active or 60 days).
Emergency contact information (such as parent’s phone) (while active or 60 days).
Location identifying labels (such as “home” or “school,” as defined by parent) (while active or 60 days).

Account Data: This data is provided by you and is processed for the purposes of delivering the product by helping you to supervise the online activities on your protected device(s) and helping to enforce your defined rules for the online activities on your protected device(s).

Data We Collect/Access:

Location Data may include:

Parent's time zone (while active or 60 days).
Child’s geolocation (as permitted by region, and if enabled by parent) collected in the background (while active or 60 days).

Device Data may include:

Child's operating system platform and version (36 months).
Installation status of the Norton Family client software on subscriber or protected User’s device (36 months).
Child policy configurations as determined by parent (36 months).
Device name (while active or 60 days).
Device name, type, language, hardware, software, and application inventory (only applicable to Android mobile devices) (36 months).
Browser type and version (36 months).
Device identifiers such as IDFA (only applicable to iOS mobile devices (36 months).

Security Data may include:

Setting configurations deviations performed by child (while active or 60 days).
Application exception and workflow failure logs (12 months).
URLs visited by child and search terms (while active or 60 days).
Device usage time (while active or 60 days).
Application usage time (while active or 60 days).

Service Data may include:

Crash logs for PC (36 months).
Product usage telemetry (limited to pages visited with Product) (12 months).
License ID, status, and entitlement information (while active or 60 days).

Location Data: This data is processed to determine appropriate language settings for communicating with you and delivering the product by helping you to supervise the location of your protected device.

Device Data: This data is processed for the purposes of delivering the product in accordance with your device(s), helping you to supervise the online activities on your protected device(s), and helping to enforce your defined rules for the online activities on your protected device(s). Device identifiers are used to track information about app usage such as which in-app events a user triggers.

Security Data: This data is processed for the purposes of delivering the product in accordance with your device(s) as well as improving the product’s installation success rate by providing input for research and development to improve products and services to better protect your network, devices, data, and identity.

Service Data: This data is processed for the purpose of understanding product usage to further develop and improve the product performance as well as telemetry.

Data We Collect/Access from Third Parties:

Service Data may include:

Crash logs for mobile devices (90 days).
Metadata reports on product usage (12 months).

Service Data: This data is processed for the purpose of understanding product usage to further develop and improve the product performance as well as telemetry.

Norton Genie

Norton Genie is scam detection technology, that helps to identify scams and keep you safer from financial fraud and identity theft. Norton Genie will analyze a message, email, social post or website in seconds to look for signs of a potential scam. Norton Genie can also provide tips on what to do next, and answer follow-up questions you might have.

	Categories of Data and Personal Data Processed (How Long It is Stored)	Purpose of Processing Your Personal Data
Data You Provide:	Security Data may include: Screenshots and images of suspected scams which could be photos, emails, social posts, web sites, text messages and all information contained in them (30 days). Original text, email or image submissions and any personal information contained in the submission including metadata (e.g. email headers) (30 days). Text submissions and text extracted from image and text submissions with personal data removed from the submission (1 year). Phone numbers from submissions (30 days). Apple ID, for beta testers only (3 years). Service Data may include: User conversations. Questions or anything you submit to the app (36 months). Email addresses from which you send the submissions (30 days).	Security Data: This data is processed for the purposes of detecting scams, evaluating potential security risks, and helping to assess risks involved in the submitted information. Additionally, submissions provided by Users help in improving the product’s scam detection rate. Apple ID is used to assist with testing and development of the product. Service Data: This data is processed for effective functioning of the product and for the purpose of responding to the questions or other inputs and for improving the quality of future conversations.
Data We Collect/Access:	Location Data may include: IP Address (not stored). Device Data may include: Internal installation identifier (while active or 36 months). Device operating system (while active or 36 months). Security Data may include: Submission Timestamps. Extracted submission content including malicious URLs. Extracts of submissions determined to be unknown or suspected to be malicious. These include data that may identify the malicious sender: phone numbers, emails, crypto, or other sender identifier types. Includes identifiers offered to user as target for user’s requested response. (up to 5 years since the last sighting for suspected malicious data and false-positive data, or 1 year since sighting for unclassified data, forever if the number is also publicly available and classified). Service Data may include: Failure diagnostics including crash dumps and system logs (36 months).	Location Data: This data is processed for the purposes of determining the country, and city of the user and to identify scam locations to improve scam detection rates. Device Data: This data is used for the purposes of delivering the product in accordance with your device(s) as well as tracking and determining trends in threats detected. Security Data: This data is processed for the purposes of delivering the product by alerting you to potentially malicious submissions and for improving the detection of scams (e.g., through file sample analysis), and pursuing general cybersecurity research. Service Data: This data is processed for the purposes of understanding product usage to further develop and improve the product performance as well as telemetry.
Data We Collect/Access from Third Parties:	Security Data may include: Submissions of other users of the product (30 days). Phone numbers from publicly available sources (as long as necessary for the service). Service Data may include: Failure diagnostics including crash dumps and system logs (36 months). Reporting data based on metadata collected by product (limited to number of Users by general geolocations/regions, and operating systems) (25 months).	Security Data: This data is processed for the purposes of delivering the product by alerting you to potentially malicious submissions and for improving the detection of scams (e.g., through file sample analysis), and pursuing general cybersecurity research. Service Data: This data is processed for the purposes of understanding product usage to further develop and improve the product performance as well as telemetry.

Categories of Data and Personal Data Processed (How Long It is Stored)

Purpose of Processing Your Personal Data

Data You Provide:

Security Data may include:

Screenshots and images of suspected scams which could be photos, emails, social posts, web sites, text messages and all information contained in them (30 days).
Original text, email or image submissions and any personal information contained in the submission including metadata (e.g. email headers) (30 days).
Text submissions and text extracted from image and text submissions with personal data removed from the submission (1 year).
Phone numbers from submissions (30 days).
Apple ID, for beta testers only (3 years).

Service Data may include:

User conversations. Questions or anything you submit to the app (36 months).
Email addresses from which you send the submissions (30 days).

Security Data: This data is processed for the purposes of detecting scams, evaluating potential security risks, and helping to assess risks involved in the submitted information. Additionally, submissions provided by Users help in improving the product’s scam detection rate.

Apple ID is used to assist with testing and development of the product.

Service Data: This data is processed for effective functioning of the product and for the purpose of responding to the questions or other inputs and for improving the quality of future conversations.

Data We Collect/Access:

Location Data may include:

IP Address (not stored).

Device Data may include:

Internal installation identifier (while active or 36 months).
Device operating system (while active or 36 months).

Security Data may include:

Submission Timestamps.
Extracted submission content including malicious URLs.
Extracts of submissions determined to be unknown or suspected to be malicious. These include data that may identify the malicious sender: phone numbers, emails, crypto, or other sender identifier types. Includes identifiers offered to user as target for user’s requested response. (up to 5 years since the last sighting for suspected malicious data and false-positive data, or 1 year since sighting for unclassified data, forever if the number is also publicly available and classified).

Service Data may include:

Failure diagnostics including crash dumps and system logs (36 months).

Location Data: This data is processed for the purposes of determining the country, and city of the user and to identify scam locations to improve scam detection rates.

Device Data: This data is used for the purposes of delivering the product in accordance with your device(s) as well as tracking and determining trends in threats detected.

Security Data: This data is processed for the purposes of delivering the product by alerting you to potentially malicious submissions and for improving the detection of scams (e.g., through file sample analysis), and pursuing general cybersecurity research.

Service Data: This data is processed for the purposes of understanding product usage to further develop and improve the product performance as well as telemetry.

Data We Collect/Access from Third Parties:

Security Data may include:

Submissions of other users of the product (30 days).
Phone numbers from publicly available sources (as long as necessary for the service).

Service Data may include:

Failure diagnostics including crash dumps and system logs (36 months).
Reporting data based on metadata collected by product (limited to number of Users by general geolocations/regions, and operating systems) (25 months).

Service Data: This data is processed for the purposes of understanding product usage to further develop and improve the product performance as well as telemetry.

Norton Ultimate Help Desk

Norton Ultimate Help Desk allows the User to contact an expert to assist with technical issues ranging from network setup to device diagnostics and troubleshooting. All personal data processed for this product is not connected to your Norton account unless you choose to do so.

	Categories of Data and Personal Data Processed (How Long It is Stored)	Purpose of Processing Your Personal Data
Data You Provide:	Account Data, if chosen may include: Issue description and details.	Account Data: This data is processed for the purpose of delivering the product by communicating with you and identifying the root causes of the issues posed.
Data We Collect/Access:	Device Data may include: Operating system and settings. Security settings (e.g., active firewall, antivirus software). System configurations (e.g., active ports, hosts file, installed programs, active processes, open memory, log file, and registry data). Service Data may include: Scan statistics (e.g., number of scanned files, number of threats found, fixed, or remaining and date and time of scan).	Device Data: This data is processed for the purposes of delivering the product in accordance with your device(s) and identifying the root causes of the issues posed. Service Data: This data is processed for the purpose of understanding product usage to further develop and improve the product performance as well as telemetry.
Data We Collect/Access from Third Parties:	Security Data may include: Submissions of other users of the product (30 days). Phone numbers from publicly available sources (as long as necessary for the service). Service Data may include: Norton Ultimate Help Desk does not collect/access personal data from third parties as part of its services.	Norton Ultimate Help Desk does not collect/access personal data from third parties as part of its services.

Categories of Data and Personal Data Processed (How Long It is Stored)

Purpose of Processing Your Personal Data

Data You Provide:

Account Data, if chosen may include:

Issue description and details.

Account Data: This data is processed for the purpose of delivering the product by communicating with you and identifying the root causes of the issues posed.

Data We Collect/Access:

Device Data may include:

Operating system and settings.
Security settings (e.g., active firewall, antivirus software).
System configurations (e.g., active ports, hosts file, installed programs, active processes, open memory, log file, and registry data).

Service Data may include:

Scan statistics (e.g., number of scanned files, number of threats found, fixed, or remaining and date and time of scan).

Device Data: This data is processed for the purposes of delivering the product in accordance with your device(s) and identifying the root causes of the issues posed.

Service Data: This data is processed for the purpose of understanding product usage to further develop and improve the product performance as well as telemetry.

Data We Collect/Access from Third Parties:

Security Data may include:

Submissions of other users of the product (30 days).
Phone numbers from publicly available sources (as long as necessary for the service).

Service Data may include:

Norton Ultimate Help Desk does not collect/access personal data from third parties as part of its services.

Norton Ultimate Help Desk does not collect/access personal data from third parties as part of its services.

Norton Computer Tune-Up

Norton Computer Tune-Up is a feature within Norton Ultimate Help Desk, that helps to keep the User’s device running like new, using diagnostics.

	Categories of Data and Personal Data Processed (How Long It is Stored)	Purpose of Processing Your Personal Data
Data You Provide:	Account Data if chosen may include: Issue description and details.	Account Data if chosen may include: This data is processed for the purpose of delivering the product by communicating with you and identifying the root causes of the issues posed.
Data We Collect/Access:	Device Data may include: Operating system and settings. Security settings (e.g., active firewall, antivirus software). System configurations (e.g., active ports, hosts file, installed programs, active processes, open memory and CPU utilization, log file and registry data). Service Data may include: Scan statistics (e.g., number of scanned files, number of threats found, fixed, or remaining, and date and time of scan).	Device Data: This data is processed for the purposes of delivering the product in accordance with your device(s) and identifying the root causes of the issues posed. Service Data: This data is processed for the purpose of understanding product usage to further develop and improve the product performance as well as telemetry.
Data We Collect/Access from Third Parties:	Norton Computer Tune-Up does not collect/access personal data from third parties as part of its services.	Norton Computer Tune-Up does not collect/access personal data from third parties as part of its services.

Categories of Data and Personal Data Processed (How Long It is Stored)

Purpose of Processing Your Personal Data

Data You Provide:

Account Data if chosen may include:

Issue description and details.

Account Data if chosen may include: This data is processed for the purpose of delivering the product by communicating with you and identifying the root causes of the issues posed.

Data We Collect/Access:

Device Data may include:

Operating system and settings.
Security settings (e.g., active firewall, antivirus software).
System configurations (e.g., active ports, hosts file, installed programs, active processes, open memory and CPU utilization, log file and registry data).

Service Data may include:

Scan statistics (e.g., number of scanned files, number of threats found, fixed, or remaining, and date and time of scan).

Device Data: This data is processed for the purposes of delivering the product in accordance with your device(s) and identifying the root causes of the issues posed.

Service Data: This data is processed for the purpose of understanding product usage to further develop and improve the product performance as well as telemetry.

Data We Collect/Access from Third Parties:

Norton Computer Tune-Up does not collect/access personal data from third parties as part of its services.

Norton Driver Updater

Norton Driver Updater provides scan and potential update or fix of outdated drivers on a users’ PC to optimize it for better performance and avoid potential crashes or malfunctions.

	Categories of Data and Personal Data Processed (How Long It is Stored)	Purpose of Processing Your Personal Data
Data You Provide:	No personal data provided directly except for what is required for enrollment and payment.	No personal data provided directly except for what is required for enrollment and payment.
Data We Collect/Access:	Device Data may include: Device information such as type, vendor, model, manufacturer, version (12 months). Device identifiers (12 months). Driver information such as versions, updated dates, names, matching device id, driver rank, driver flags (12 months). Service Data may include: Events and product usage information (12 months). Scan statistics (12 months). Location Data may include: IP address (not stored).	Device Data: This data is processed for the purposes of delivering the product in accordance with your device(s) and identifying the root causes of the issues posed. Service Data: This data is processed for the purpose of understanding product usage to further develop and improve the product performance as well as to ensure continuous functionality (installations, versions, updates, settings) and map how users interact with our product. Location Data: This data is processed for the purposes of delivering the product in accordance with your device(s), determining appropriate language settings for communicating with you, and reporting about product usage based on general location.
Data We Collect/Access from Third Parties:	This product does not collect data from third parties.	This product does not collect data from third parties.

Categories of Data and Personal Data Processed (How Long It is Stored)

Purpose of Processing Your Personal Data

Data You Provide:

No personal data provided directly except for what is required for enrollment and payment.

Data We Collect/Access:

Device Data may include:

Device information such as type, vendor, model, manufacturer, version (12 months).
Device identifiers (12 months).
Driver information such as versions, updated dates, names, matching device id, driver rank, driver flags (12 months).

Service Data may include:

Events and product usage information (12 months).
Scan statistics (12 months).

Location Data may include:

IP address (not stored).

Device Data: This data is processed for the purposes of delivering the product in accordance with your device(s) and identifying the root causes of the issues posed.

Service Data: This data is processed for the purpose of understanding product usage to further develop and improve the product performance as well as to ensure continuous functionality (installations, versions, updates, settings) and map how users interact with our product.

Location Data: This data is processed for the purposes of delivering the product in accordance with your device(s), determining appropriate language settings for communicating with you, and reporting about product usage based on general location.

Data We Collect/Access from Third Parties:

This product does not collect data from third parties.

Norton Mobile Security

Norton Mobile Security provides protection for smartphones and tablets against digital threats.

	Categories of Data and Personal Data Processed (How Long It is Stored)	Purpose of Processing Your Personal Data
Data You Provide:	If purchasing the Norton Mobile Security through the eStore, please see the Norton Enrollment Process for additional information. If purchasing through the Apple AppStore or Google PlayStore, please see the below information. Account Data may include: Email (while active or 36 months). Norton account password (while active or 36 months). Country (while active or 36 months).	Account Data: This data is processed to administer the account including establishing and authenticating your account as well as communicating with you.
Data We Collect/Access:	Device Data may include: Mobile device IDs (UDID, IMEI, and IDFA) (while active or 36 months). Device name and type (including Wi-Fi MAC Address) (while active or 36 months). Operating system platform and version (while active or 36 months). Security Data may include: File and application data (limited to app store data, applications downloaded, and browsing data. Android devices will also collect calendar and SD contents) (3 years). Web-browsing and URLs accessed (3 years). User interface and screen activity (limited to keyword tags and actions) (25 months). Service Data may include: Usage information (e.g., network service information, download and use frequency, log data) (12 months). Error reports/crash dumps (90 days). Device/phone settings (including but not limited to device model and manufacturers) (90 days).	Device Data: This data is processed for the purposes of delivering the product in accordance with your device(s) and determining appropriate language settings for communicating with you. Security Data: This data is processed for the purposes of delivering the product by alerting you to potentially malicious applications, malware, and links (including links in emails or data downloaded to SD cards) as well as improving the app security feature (malicious malware and applications blocking feature and SD card are only available on the Android OS). Service Data: This data is processed for the purpose of understanding product usage to further develop and improve the product performance as well as telemetry.
Data We Collect/Access from Third Parties:	Service Data may include: Reporting data based on metadata collected by product (limited to number of Users by general geolocations/regions, and operating systems) (25 months).	Service Data: This data is processed for the purpose of understanding product usage to further develop and improve the product performance as well as telemetry.

Categories of Data and Personal Data Processed (How Long It is Stored)

Purpose of Processing Your Personal Data

Data You Provide:

If purchasing the Norton Mobile Security through the eStore, please see the Norton Enrollment Process for additional information. If purchasing through the Apple AppStore or Google PlayStore, please see the below information.

Account Data may include:

Email (while active or 36 months).
Norton account password (while active or 36 months).
Country (while active or 36 months).

Account Data: This data is processed to administer the account including establishing and authenticating your account as well as communicating with you.

Data We Collect/Access:

Device Data may include:

Mobile device IDs (UDID, IMEI, and IDFA) (while active or 36 months).
Device name and type (including Wi-Fi MAC Address) (while active or 36 months).
Operating system platform and version (while active or 36 months).

Security Data may include:

File and application data (limited to app store data, applications downloaded, and browsing data. Android devices will also collect calendar and SD contents) (3 years).
Web-browsing and URLs accessed (3 years).
User interface and screen activity (limited to keyword tags and actions) (25 months).

Service Data may include:

Usage information (e.g., network service information, download and use frequency, log data) (12 months).
Error reports/crash dumps (90 days).
Device/phone settings (including but not limited to device model and manufacturers) (90 days).

Device Data: This data is processed for the purposes of delivering the product in accordance with your device(s) and determining appropriate language settings for communicating with you.

Security Data: This data is processed for the purposes of delivering the product by alerting you to potentially malicious applications, malware, and links (including links in emails or data downloaded to SD cards) as well as improving the app security feature (malicious malware and applications blocking feature and SD card are only available on the Android OS).

Service Data: This data is processed for the purpose of understanding product usage to further develop and improve the product performance as well as telemetry.

Data We Collect/Access from Third Parties:

Service Data may include:

Reporting data based on metadata collected by product (limited to number of Users by general geolocations/regions, and operating systems) (25 months).

Service Data: This data is processed for the purpose of understanding product usage to further develop and improve the product performance as well as telemetry.

NortonLive Spyware and Virus Removal

NortonLive Spyware and Virus Removal is a one-time product that remediates one (1) virus per device to help get the device running again. NortonLive Spyware and Virus Removal is offered as a feature as part of the Norton Security products but may also be purchased as a separate one-time service. All personal data processed for this product is not connected to your account, unless you choose to do so.

	Categories of Data and Personal Data Processed (How Long It is Stored)	Purpose of Processing Your Personal Data
Data You Provide:	Account Data if chosen may include: Issue description and details.	Account Data: This data is processed for the purpose of delivering the product by communicating with you and identifying the root causes of the issues posed.
Data We Collect/Access:	Device Data may include: Application names and versions. Norton machine ID (anonymized). Operating system information. Security settings (e.g., active firewall, antivirus software). System configurations (e.g., active ports, hosts file, installed programs, active processes, open memory, log file, and registry data). Service Data may include: Crash dump information (specifically related to Norton product crash). Scan statistics (e.g., number of scanned files, number of threats found, fixed, or remaining, and date and time of scan).	Device Data: This data is processed for the purposes of delivering the product in accordance with your device(s) and identifying the root causes of the issues posed. Service Data: This data is processed for the purpose of understanding product usage to further develop and improve the product performance as well as telemetry.
Data We Collect/Access from Third Parties:	NortonLive Spyware and Virus Removal does not collect/access personal data from third parties as part of its services.	NortonLive Spyware and Virus Removal does not collect/access personal data from third parties as part of its services.

Categories of Data and Personal Data Processed (How Long It is Stored)

Purpose of Processing Your Personal Data

Data You Provide:

Account Data if chosen may include:

Issue description and details.

Account Data: This data is processed for the purpose of delivering the product by communicating with you and identifying the root causes of the issues posed.

Data We Collect/Access:

Device Data may include:

Application names and versions.
Norton machine ID (anonymized).
Operating system information.
Security settings (e.g., active firewall, antivirus software).
System configurations (e.g., active ports, hosts file, installed programs, active processes, open memory, log file, and registry data).

Service Data may include:

Crash dump information (specifically related to Norton product crash).
Scan statistics (e.g., number of scanned files, number of threats found, fixed, or remaining, and date and time of scan).

Device Data: This data is processed for the purposes of delivering the product in accordance with your device(s) and identifying the root causes of the issues posed.

Service Data: This data is processed for the purpose of understanding product usage to further develop and improve the product performance as well as telemetry.

Data We Collect/Access from Third Parties:

NortonLive Spyware and Virus Removal does not collect/access personal data from third parties as part of its services.

Norton Safe Web (Website, Browser Extension, Mac App) and Norton Safe Web Plus (Mac App)

Norton Safe Web is a website that displays risk information for various websites. It also manages a community of online Users, offering the ability for Users to submit their own website ratings and provide comments on website ratings. The community features also display statistics for the community and a site rating (e.g., the most ratings by Users, the most-rated websites). The Norton Safe Web website also manages services for website owners to register their ownership and perform rating review requests. Users may use the website without supplying any data if they wish to browse and view website rating information. To participate in the User community or with the site owner features, Users must have a Norton Account (see Norton Enrollment process).

Norton Safe Web/Safe Web Plus is also a browser extension and Mac app that monitors browsing activity and web page content for unsafe risks. It uses reputation services and web page content analysis to help protect the User from malicious website content, phishing, and other threats. This extension includes features that permit browsing of potentially risky websites in a special isolation mode to help provide additional protection. This extension also helps protect Users from unsafe website access when using your webmail and social media websites.

All personal data proceed for this product is not connected to your Norton account.

	Categories of Data and Personal Data Processed (How Long It is Stored)	Purpose of Processing Your Personal Data
Data You Provide:	Norton Safe Web does not require Users to provide any data outside of enrollment and billing processes. Norton Safe Web can be used as a free extension tool. If used as such, no User Data is required to be provided.	Norton Safe Web does not require Users to provide any data outside of enrollment and billing processes. Norton Safe Web can be used as a free extension tool. If used as such, no User Data is used or processed.
Data We Collect/Access:	Location Data may include: IP address. Device Data may include: Web browser type/version. Product version and preferred language. Operating system (including version or platform). Browser application and settings. Security Data may include: Browsing activity. Service Data if enabled by User may include: Metadata (limited to number of blocked websites and number of unsafe websites clicked).	Location Data: This data is processed for the purposes of delivering the product in accordance with your device(s), determining appropriate language settings for communicating with you, and reporting about product usage based on general location. Device Data: This data is processed for the purpose of product functionality in delivering the product in accordance with your device(s). Security Data: This data is processed for the purposes of delivering the product functionality by informing you about site safety information and/or blocking unsafe websites. Service Data: This data is processed for the purpose of understanding product usage to further develop and improve the product performance as well as measure usage trends.
Data We Collect/Access from Third Parties:	Service Data may include: Reporting data based on metadata collected by product (e.g., number of Users by browser types, general geolocations/regions, and operating systems).	Service Data: This data is processed for the purpose of understanding product usage to further develop and improve the product performance as well as telemetry.

Categories of Data and Personal Data Processed (How Long It is Stored)

Purpose of Processing Your Personal Data

Data You Provide:

Norton Safe Web does not require Users to provide any data outside of enrollment and billing processes. Norton Safe Web can be used as a free extension tool. If used as such, no User Data is required to be provided.

Data We Collect/Access:

Location Data may include:

IP address.

Device Data may include:

Web browser type/version.
Product version and preferred language.
Operating system (including version or platform).
Browser application and settings.

Security Data may include:

Browsing activity.

Service Data if enabled by User may include:

Metadata (limited to number of blocked websites and number of unsafe websites clicked).

Device Data: This data is processed for the purpose of product functionality in delivering the product in accordance with your device(s).

Security Data: This data is processed for the purposes of delivering the product functionality by informing you about site safety information and/or blocking unsafe websites.

Service Data: This data is processed for the purpose of understanding product usage to further develop and improve the product performance as well as measure usage trends.

Data We Collect/Access from Third Parties:

Service Data may include:

Reporting data based on metadata collected by product (e.g., number of Users by browser types, general geolocations/regions, and operating systems).

Service Data: This data is processed for the purpose of understanding product usage to further develop and improve the product performance as well as telemetry.

Norton Safe Search (Website and Browser Extension)

Norton Safe Search (website) is a search website that helps protect the User from unsafe websites by filtering search results and providing website safety ratings to the User to provide a safer web browsing experience. Norton Safe Search (browser extension) has two variants. The first variant overrides the browser’s default search engine to the Norton Safe Search website. The second variant performs the same search engine override but also combines the features of the Norton Safe Web and Norton Home Page browser extensions into a single browser extension.

	Categories of Data and Personal Data Processed (How Long It is Stored)	Purpose of Processing Your Personal Data
Data You Provide:	Norton Safe Search does not require Users to provide any data outside of enrollment and billing processes. Norton Safe Search can be used as a free extension tool or website. If used as such, no User Data is collected.	Norton Safe Search does not require Users to provide any data outside of enrollment and billing processes. Norton Safe Search can be used as a free extension tool or website. If used as such, no User Data is used or processed.
Data We Collect/Access:	Location Data may include: IP address. Approximate Location derived from IP address (50 months). Device Data may include: Product version and preferred Language. Operating system (including version or platform). Browser type, version, and settings. Security Data may include: Browsing activity. Search terms. Service Data may include (if User permission is given to enable product telemetry): URL of blocked websites. Metadata (e.g., number of blocked websites and number of unsafe websites clicked).	Location Data: This data is processed for the purposes of delivering the product in accordance with your device(s), determining appropriate language settings for communicating with you, and reporting about product usage based on general location. Device Data: This data is processed for the purpose of delivering the product in accordance with your device(s). Security Data: This data is processed for the purposes of delivering the product by informing you about site safety and/or blocking unsafe websites, and tailoring ads to your interests. Service Data: This data is processed for the purpose of understanding product usage to further develop and improve the product performance as well as telemetry.
Data We Collect/Access from Third Parties:	Service Data may include: Reporting data based on metadata collected by product (e.g., number of Users by browser types, general geolocations/regions, and operating systems).	Service Data: This data is processed for the purpose of understanding product usage to further develop and improve the product performance as well as telemetry.

Categories of Data and Personal Data Processed (How Long It is Stored)

Purpose of Processing Your Personal Data

Data You Provide:

Norton Safe Search does not require Users to provide any data outside of enrollment and billing processes. Norton Safe Search can be used as a free extension tool or website. If used as such, no User Data is collected.

Data We Collect/Access:

Location Data may include:

IP address.
Approximate Location derived from IP address (50 months).

Device Data may include:

Product version and preferred Language.
Operating system (including version or platform).
Browser type, version, and settings.

Security Data may include:

Browsing activity.
Search terms.

Service Data may include (if User permission is given to enable product telemetry):

URL of blocked websites.
Metadata (e.g., number of blocked websites and number of unsafe websites clicked).

Device Data: This data is processed for the purpose of delivering the product in accordance with your device(s).

Security Data: This data is processed for the purposes of delivering the product by informing you about site safety and/or blocking unsafe websites, and tailoring ads to your interests.

Service Data: This data is processed for the purpose of understanding product usage to further develop and improve the product performance as well as telemetry.

Data We Collect/Access from Third Parties:

Service Data may include:

Reporting data based on metadata collected by product (e.g., number of Users by browser types, general geolocations/regions, and operating systems).

Service Data: This data is processed for the purpose of understanding product usage to further develop and improve the product performance as well as telemetry.

Norton Private Browser

Norton Private Browser is a web browser with security features such as Web Shield, which helps block fake and dangerous websites, URLs, downloads, and scams. The browser also includes Privacy Guard to help block ads and trackers as you browse, and Norton Coupons, which scans the websites you visit to find available coupons to help you generate savings while shopping online. Norton Coupons is provided in cooperation with NextGen Shopping, LLC. Norton Private Browser search functionality includes advertising provided by third-party ad networks. Search ad clicks are managed by Microsoft's ad network. Further information on Microsoft privacy is available here.

Norton Private Browser gives you the option to use Norton Safe Search as your search engine, which flags safe and potentially dangerous results in your search.

	Categories of Data and Personal Data Processed (How Long It is Stored)	Purpose of Processing Your Personal Data
Data You Provide:	This product does not require Users to provide any data to use the product.	This product does not require Users to provide any data to use the product.
Data We Collect/Access:	Device Data may include: Account, Device, and or Installation Identifiers (36 months). Google Client ID, Android ID, Firebase Analytics ID (36 months). Location (36 months). Information concerning the computer or device (36 months). Applications on the device (36 months). Network connection type, number of devices in network (36 months). Security Data may include: Subset of URLs and referrers (36 months). Malware samples, suspicious files (3 years). IP Address (not stored). Service Data may include: IP Address (not stored). Browsers (installed, default) (36 months). Other products/licenses on the device and their status (36 months). Extensions installed in the browser (36 months). Event logs, crash logs and error logs (36 months). In-Product messaging parameters (36 months). Basic information about your shopping cart (cart amount subtotal and total, discount value and applied promo code details) for websites on which you applied Norton Coupons, including the merchant’s domain (36 months). By default, Private Browser for Desktop processes locally on your system the following data: Browsing history information; for example, Private Browser for Desktop may store the URLs of pages that you visit, a cache of text, images, and other resources from those pages. If the pre-rendering feature is turned on, a list of IP addresses linked to those pages may also be stored for some period of time. Name, surname, email, or passwords to help you fill out forms or signs into sites you visit. Permission that you have granted to websites. Cookies or data from websites that you visit. Data saved by add-ons. Record of what you downloaded from websites. IP addresses are not stored, only used for product localization and analytics purposes based on approximate location (city/country level).	Device Data: This data is used and generated internally at Gen for the purpose of tracking account activity between internal company systems, applications, and architecture. It is also processed for the purposes of delivering the product in accordance with your device(s), and to introduce new features or products based on previous experience. Location is used to set up proper product language version for Windows. Security Data: This data is processed for the purposes of delivering the product by informing you about site safety and blocking browsing to unsafe websites, improving the detection of malware and cyber-threats (e.g., through file sample analysis), and pursuing general cybersecurity research. Service Data: This data is processed for the purposes of recognizing what features should be enabled or disabled, what product should be installed or uninstalled, to better understand user’s behavior, to provide import functionality, to improve user onboarding and product experience, and for understanding product usage to further develop and improve the product performance as well as telemetry.
Data We Collect/Access from Third Parties:	No data is collected from Third Parties.	No data is collected from Third Parties.

Categories of Data and Personal Data Processed (How Long It is Stored)

Purpose of Processing Your Personal Data

Data You Provide:

This product does not require Users to provide any data to use the product.

Data We Collect/Access:

Device Data may include:

Account, Device, and or Installation Identifiers (36 months).
Google Client ID, Android ID, Firebase Analytics ID (36 months).
Location (36 months).
Information concerning the computer or device (36 months).
Applications on the device (36 months).
Network connection type, number of devices in network (36 months).

Security Data may include:

Subset of URLs and referrers (36 months).
Malware samples, suspicious files (3 years).
IP Address (not stored).

Service Data may include:

IP Address (not stored).
Browsers (installed, default) (36 months).
Other products/licenses on the device and their status (36 months).
Extensions installed in the browser (36 months).
Event logs, crash logs and error logs (36 months).
In-Product messaging parameters (36 months).
Basic information about your shopping cart (cart amount subtotal and total, discount value and applied promo code details) for websites on which you applied Norton Coupons, including the merchant’s domain (36 months).

By default, Private Browser for Desktop processes locally on your system the following data:

Browsing history information; for example, Private Browser for Desktop may store the URLs of pages that you visit, a cache of text, images, and other resources from those pages. If the pre-rendering feature is turned on, a list of IP addresses linked to those pages may also be stored for some period of time.
Name, surname, email, or passwords to help you fill out forms or signs into sites you visit.
Permission that you have granted to websites.
Cookies or data from websites that you visit.
Data saved by add-ons.
Record of what you downloaded from websites.
IP addresses are not stored, only used for product localization and analytics purposes based on approximate location (city/country level).

Device Data: This data is used and generated internally at Gen for the purpose of tracking account activity between internal company systems, applications, and architecture. It is also processed for the purposes of delivering the product in accordance with your device(s), and to introduce new features or products based on previous experience. Location is used to set up proper product language version for Windows.

Security Data: This data is processed for the purposes of delivering the product by informing you about site safety and blocking browsing to unsafe websites, improving the detection of malware and cyber-threats (e.g., through file sample analysis), and pursuing general cybersecurity research.

Service Data: This data is processed for the purposes of recognizing what features should be enabled or disabled, what product should be installed or uninstalled, to better understand user’s behavior, to provide import functionality, to improve user onboarding and product experience, and for understanding product usage to further develop and improve the product performance as well as telemetry.

Data We Collect/Access from Third Parties:

No data is collected from Third Parties.

Norton Home Page

Norton Home Page provides a search box to initiate searches using the Safe Search engine (which provides safety information for search results), controls to access popular websites quickly, and links to topical informational articles covering security news and updates. All personal data processed for this product is not connected to your account.

	Categories of Data and Personal Data Processed (How Long It is Stored)	Purpose of Processing Your Personal Data
Data You Provide:	Norton Home Page does not require Users to provide any User Data.	Norton Home Page does not require Users to provide any User Data, as such no User Data is processed.
Data We Collect/Access:	Location Data may include: IP address (not stored). Device Data may include: Product version and preferred language. Operating system (including version or platform). Browser type and version and settings. Security Data may include: Search terms. Service Data may include (if User has provided permission to access): Feature usage telemetry.	Location Data: This data is processed for the purposes of delivering the product in accordance with your device(s), determining appropriate language settings for communicating with you, and reporting about product usage based on general location. Device Data: This data is processed for the purpose of delivering the product in accordance with your device(s). Security Data: This data is processed for the purposes of delivering the product by informing you about site safety information and/or blocking unsafe websites, and tailoring ads to your interests. Service Data: This data is processed for the purpose of understanding product usage to further develop and improve the product performance as well as telemetry.
Data We Collect/Access from Third Parties:	Service Data may include: Reporting data based on telemetry collected by product (e.g., number of Users by browser types, general geolocations/regions, and operating systems).	Service Data: This data is processed for the purpose of understanding product usage to further develop and improve the product performance as well as telemetry.

Categories of Data and Personal Data Processed (How Long It is Stored)

Purpose of Processing Your Personal Data

Data You Provide:

Norton Home Page does not require Users to provide any User Data.

Norton Home Page does not require Users to provide any User Data, as such no User Data is processed.

Data We Collect/Access:

Location Data may include:

IP address (not stored).

Device Data may include:

Product version and preferred language.
Operating system (including version or platform).
Browser type and version and settings.

Security Data may include:

Search terms.

Service Data may include (if User has provided permission to access):

Feature usage telemetry.

Device Data: This data is processed for the purpose of delivering the product in accordance with your device(s).

Security Data: This data is processed for the purposes of delivering the product by informing you about site safety information and/or blocking unsafe websites, and tailoring ads to your interests.

Service Data: This data is processed for the purpose of understanding product usage to further develop and improve the product performance as well as telemetry.

Data We Collect/Access from Third Parties:

Service Data may include:

Reporting data based on telemetry collected by product (e.g., number of Users by browser types, general geolocations/regions, and operating systems).

Service Data: This data is processed for the purpose of understanding product usage to further develop and improve the product performance as well as telemetry.

Norton Password Generator

Norton Password Generator is a free service offered in select countries or as a feature to Norton Password Manager that generates a random strong password for any individual to use for their applications, devices, or any other accounts.

	Categories of Data and Personal Data Processed (How Long It is Stored)	Purpose of Processing Your Personal Data
Data You Provide:	Norton Password Generator does not require Users to provide any data outside of enrollment and billing processes.	Norton Password Generator does not require Users to provide any data outside of enrollment and billing processes.
Data We Collect/Access:	Location Data may include: IP address (not stored). Geolocation (26 months). Device Data may include: Web browser name (26 months). Version and preferred language (26 months). Operating system (including version or platform) (26 months).	Location Data: This data is processed for the purposes of delivering the product in accordance with your device(s), determining appropriate language settings for communicating with you, and reporting about product usage based on general location. Device Data: This data is processed for the purpose of delivering the product in accordance with your device(s).
Data We Collect/Access from Third Parties:	Norton Password Generator does not collect/access personal data from third parties as part of its services.	Norton Password Generator does not collect/access personal data from third parties as part of its services.

Categories of Data and Personal Data Processed (How Long It is Stored)

Purpose of Processing Your Personal Data

Data You Provide:

Norton Password Generator does not require Users to provide any data outside of enrollment and billing processes.

Data We Collect/Access:

Location Data may include:

IP address (not stored).
Geolocation (26 months).

Device Data may include:

Web browser name (26 months).
Version and preferred language (26 months).
Operating system (including version or platform) (26 months).

Device Data: This data is processed for the purpose of delivering the product in accordance with your device(s).

Data We Collect/Access from Third Parties:

Norton Password Generator does not collect/access personal data from third parties as part of its services.

Privacy Monitor and Privacy Monitor Assistant

The Privacy Monitor product searches a pre-defined list of data broker websites for member personal information, and then presents the member with the results. Members can then manually opt out of identified data broker websites individually. Privacy Monitor is currently embedded in some LifeLock and Norton products.

The Privacy Monitor Assistant provides an agent-assisted process to opt out members from the data broker websites. This may involve accessing content of your e-mail inbox for the purposes of clicking on verification links sent to you by the data broker websites. Privacy Monitor Assistant is offered as an add-on or stand-alone product.

The Online Account Cleanup feature is a cloud-based service which scans emails from supported providers and provides you with the opportunity to request removal of your data by companies who send you emails. This feature uses information about e-mail and its content for its functionality. To connect to Gmail accounts, we need to ask Google for permission to use its APIs. Google allows companies to use its APIs only if they undertake to limit its use of information accessed through the APIs. As a result, Product’s use and transfer to any other product of information received from these Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

	Categories of Data and Personal Data Processed (How Long It is Stored)	Purpose of Processing Your Personal Data
Data You Provide:	Account Data may include: First name (while active or 36 months). Middle name (while active or 36 months). Last name (while active or 36 months). City (while active or 36 months). State (while active or 36 months). Identity Data may include: Date of Birth (while active or 36 months). Driver’s license (optional) (while active or 90 days). Authorized Agent appointment (optional) (while active or 30 days). Date of birth Email Phone number Address First and last name Digital signature	Account Data: This data is processed to establish and authenticate your account and to communicate with you. Your data is also used to deliver the services and features that you have selected. Identity Data: This data is used to deliver the services and features that you have selected.
Data We Collect/Access:	Device Data may include: Member ID (while active or 36 months). LifeLock ID (while active or 36 months). Service Data may include: Usage data to assist with debugging a problem with the service (12 months). Service Data Collected from your email provider, if you enable this: In order to check your email, we download it whole, together with metadata. We keep it in our systems only during the processing, we don't store it. (seconds) Subject of emails. (28 days) When an email is detected to be a commercial email, the following data is collected: hash of the userID email subject sender email address domain address of sender Unsubscribe links within the email	Device Data: This data is used for the purpose of delivering services. Service Data: This data is processed to deliver product services and functionality, and to allow understanding of product usage and telemetry, to further develop and improve product performance.
Data We Collect/Access from Third Parties:	Identity Data may include: First name (12 months). Middle name (12 months). Last name (12 months). City (12 months). State (12 months). Date of birth (12 months). Driver’s license (optional) (90 days). Relatives’ names (12 months). Service Data Collected from your email provider, if you enable this: In order to check your email, we download it whole, together with metadata. We keep it in our systems only during the processing, we don't store it. (seconds) Subject of emails. (28 days) When an email is detected to be a commercial email, the following data is collected: hash of the userID email subject sender email address domain address of sender Unsubscribe links within the email When an email is detected to be a data broker website email with a verification link, the following data is collected: Verification link within the email	Identity Data: This data is collected for the purpose of determining and displaying what User Data is contained on certain third-party websites. Service Data Collected from your email provider: This data is processed for the purpose of delivering product services and functionality. This data is not shared with third-parties.

Categories of Data and Personal Data Processed (How Long It is Stored)

Purpose of Processing Your Personal Data

Data You Provide:

Account Data may include:

First name (while active or 36 months).
Middle name (while active or 36 months).
Last name (while active or 36 months).
City (while active or 36 months).
State (while active or 36 months).

Identity Data may include:

Date of Birth (while active or 36 months).
Driver’s license (optional) (while active or 90 days).
Authorized Agent appointment (optional) (while active or 30 days).
- Date of birth
- Email
- Phone number
- Address
- First and last name
- Digital signature

Account Data: This data is processed to establish and authenticate your account and to communicate with you. Your data is also used to deliver the services and features that you have selected.

Identity Data: This data is used to deliver the services and features that you have selected.

Data We Collect/Access:

Device Data may include:

Member ID (while active or 36 months).
LifeLock ID (while active or 36 months).

Service Data may include:

Usage data to assist with debugging a problem with the service (12 months).

Service Data Collected from your email provider, if you enable this:

In order to check your email, we download it whole, together with metadata. We keep it in our systems only during the processing, we don't store it. (seconds)
Subject of emails. (28 days)
When an email is detected to be a commercial email, the following data is collected:
- hash of the userID
- email subject
- sender email address
- domain address of sender
- Unsubscribe links within the email

Device Data: This data is used for the purpose of delivering services.

Service Data: This data is processed to deliver product services and functionality, and to allow understanding of product usage and telemetry, to further develop and improve product performance.

Data We Collect/Access from Third Parties:

Identity Data may include:

First name (12 months).
Middle name (12 months).
Last name (12 months).
City (12 months).
State (12 months).
Date of birth (12 months).
Driver’s license (optional) (90 days).
Relatives’ names (12 months).

Service Data Collected from your email provider, if you enable this:

In order to check your email, we download it whole, together with metadata. We keep it in our systems only during the processing, we don't store it. (seconds)
Subject of emails. (28 days)
When an email is detected to be a commercial email, the following data is collected:
- hash of the userID
- email subject
- sender email address
- domain address of sender
- Unsubscribe links within the email
When an email is detected to be a data broker website email with a verification link, the following data is collected:
- Verification link within the email

Identity Data: This data is collected for the purpose of determining and displaying what User Data is contained on certain third-party websites.

Service Data Collected from your email provider: This data is processed for the purpose of delivering product services and functionality. This data is not shared with third-parties.

LifeLock Identity Protection / Identity Advisor / Home Title Protect

The LifeLock Identity Protection Services may include identity monitoring, theft protection, dark web monitoring, financial, credit and social media monitoring, and identity restoration services to customers. The LifeLock Product is also offered as a bundled solution with the Norton Security Products. Identity Advisor is a related LifeLock product offered outside of the United States which offers a subset of the identity protection services that LifeLock offers and can be offered as a bundled solution with the Norton Security Products or as a separate product. Depending on the jurisdiction, it may also include services such as: ID Vault (monitoring and securely storing identity documents or other documents), Privacy Advisor and Scam Verification Specialist features. Home Title Monitoring is included as a feature of LifeLock and is also offered as a separate product called Home Title Protect with more functionality.

	Categories of Data and Personal Data Processed (How Long It is Stored)	Purpose of Processing Your Personal Data
Data You Provide:	Account Data may include: Name (while active or 36 months). Email (while active or 36 months). LifeLock account password (while active or 36 months). Phone number (while active or 36 months). Social Security Number or other National Personal Identifier (while active or 6 months). Physical address (while active or 36 months). Date of birth (while active or 6 months). Billing address (while active or 36 months). Payment information (depending on method can include Credit/Debit Card Information or PayPal account) (while active or 6 months). Power of attorney (if purchasing LifeLock Senior) (while active or 36 months). Identity Data may include: Name (while active or 36 months). Email (while active or 36 months). Phone Number (while active or 36 months). Social Security Number or other National Personal Identifier (while active or 6 months). Physical address (while active or 36 months). Date of birth (while active or 6 months). Alternate physical address (while active or 36 months). Alternate phone address (while active or 36 months). Bank account information (while active or 6 months). Driver’s license number (while active or 6 months). Alternate Credit/Debit Card information (while active or 6 months). Mother’s maiden name (while active or 6 months). Verbal passcode (while active or 6 months). Insurance number/information (while active or 6 months). Social account information (while active or 6 months). Child’s name (if purchasing LifeLock Junior) (while active or 36 months). Child’s Social Security Number (if purchasing LifeLock Junior) (while active or 6 months). Child’s date of birth (if purchasing LifeLock Junior) (while active or 6 months). Child’s address (if purchasing LifeLock Junior) (while active or 36 months). Child’s email address (if purchasing LifeLock Junior) (while active or 36 months). Childs phone number (if purchasing LifeLock Junior) (while active or 36 months). Service Data: Texts – for Scam Verification Specialist feature (screenshots of suspicious texts or emails) (while active plus 24 months)	Account Data: This data is processed for the purpose of establishing and authenticating your account, as well as communicating with us. Your data is also used to deliver the services and features that you have selected. Identity Data: Your data is also used to deliver the services and features that you have selected. Service Data: This data is used to deliver the services and features that you have selected.
Data We Collect/Access:	Location Data may include: IP address (not stored). Geolocation (26 months). Device Data may include: Member ID (while active or 36 months). Device ID (26 months). Operating system version and settings (26 months). Device manufacturer and model (26 months). Device names and/or assigned names (26 months). Web browser name and version (12 months). Preferred language (while active or 36 months). Security Data may include: Credit scores (while active or 36 months). Credit reports (while active or 36 months). Bank transactions (while active or 36 months). Alert information (limited to data elements selected for monitoring by the User) (36 months). Photos – for ID Vault features (documents such as photos of identity documents, credit cards, driver’s license and passports) (while active plus 180 days). Service Data may include: Restorations case number (for filed Restorations cases only) (while active or 36 months). Complaint case number (for lodged complaints only) (while active or 36 months). Parent case number (for disputed alerts only) (while active or 36 months). Applications error reports (12 months). Crash dumps logs (12 months). App-related usage data (while active or 36 months).	Location Data: This data is processed for the purpose of establishing and authenticating your account, as well as communicating with you. This data is also used to deliver the services and features that you have selected. Device Data: This data is processed for the purposes of delivering the product in accordance with your device(s) and determining appropriate language settings for communicating with you. It is also processed for the purposes of delivering product services as well as communications about potential solutions to detected threats. Security Data: This data is used to monitor your identity by providing the alerts you have set up on your account which can help protect you when potentially fraudulent activity is detected or for other services that you have selected. It is also processed for the purposes of delivering product services as well as communications about potential solutions to detected threats. Service Data: This data is processed for the purpose of understanding product usage to further develop and improve the product performance, communicating about potential solutions to detected threats as well as telemetry.
Data We Collect/Access from Third Parties:	Identity Data may include: Verified name (not stored). Verified Social Security Number (not stored). Verified physical address (not stored). Verified date of birth (not stored). Security Data may include: Credit scores (not stored). Credit reports (not stored). Bank transactions (not stored). Alert information (limited to data elements selected for monitoring by the User) (not stored). Service Data may include: Reporting metadata on product and application usage (not stored).	Identity Data: This data is processed by our third-party service providers to help us verify and authenticate you before we enroll you. Some third-party service providers may assist you in creating a new account with us or helping you to log into your account with us. Security Data: This data is processed by our third-party service providers to monitor your identity and provide monitoring and protective alerts based on the features you select within our products. It is also processed for the purposes of delivering product services as well as communications about potential solutions to detected threats. Service Data: This data is used for the purpose of helping us to further understand the usage and develop and improve the performance of our products.

Categories of Data and Personal Data Processed (How Long It is Stored)

Purpose of Processing Your Personal Data

Data You Provide:

Account Data may include:

Name (while active or 36 months).
Email (while active or 36 months).
LifeLock account password (while active or 36 months).
Phone number (while active or 36 months).
Social Security Number or other National Personal Identifier (while active or 6 months).
Physical address (while active or 36 months).
Date of birth (while active or 6 months).
Billing address (while active or 36 months).
Payment information (depending on method can include Credit/Debit Card Information or PayPal account) (while active or 6 months).
Power of attorney (if purchasing LifeLock Senior) (while active or 36 months).

Identity Data may include:

Name (while active or 36 months).
Email (while active or 36 months).
Phone Number (while active or 36 months).
Social Security Number or other National Personal Identifier (while active or 6 months).
Physical address (while active or 36 months).
Date of birth (while active or 6 months).
Alternate physical address (while active or 36 months).
Alternate phone address (while active or 36 months).
Bank account information (while active or 6 months).
Driver’s license number (while active or 6 months).
Alternate Credit/Debit Card information (while active or 6 months).
Mother’s maiden name (while active or 6 months).
Verbal passcode (while active or 6 months).
Insurance number/information (while active or 6 months).
Social account information (while active or 6 months).
Child’s name (if purchasing LifeLock Junior) (while active or 36 months).
Child’s Social Security Number (if purchasing LifeLock Junior) (while active or 6 months).
Child’s date of birth (if purchasing LifeLock Junior) (while active or 6 months).
Child’s address (if purchasing LifeLock Junior) (while active or 36 months).
Child’s email address (if purchasing LifeLock Junior) (while active or 36 months).
Childs phone number (if purchasing LifeLock Junior) (while active or 36 months).

Service Data:

Texts – for Scam Verification Specialist feature (screenshots of suspicious texts or emails) (while active plus 24 months)

Account Data: This data is processed for the purpose of establishing and authenticating your account, as well as communicating with us. Your data is also used to deliver the services and features that you have selected.

Identity Data: Your data is also used to deliver the services and features that you have selected.

Service Data: This data is used to deliver the services and features that you have selected.

Data We Collect/Access:

Location Data may include:

IP address (not stored).
Geolocation (26 months).

Device Data may include:

Member ID (while active or 36 months).
Device ID (26 months).
Operating system version and settings (26 months).
Device manufacturer and model (26 months).
Device names and/or assigned names (26 months).
Web browser name and version (12 months).
Preferred language (while active or 36 months).

Security Data may include:

Credit scores (while active or 36 months).
Credit reports (while active or 36 months).
Bank transactions (while active or 36 months).
Alert information (limited to data elements selected for monitoring by the User) (36 months).
Photos – for ID Vault features (documents such as photos of identity documents, credit cards, driver’s license and passports) (while active plus 180 days).

Service Data may include:

Restorations case number (for filed Restorations cases only) (while active or 36 months).
Complaint case number (for lodged complaints only) (while active or 36 months).
Parent case number (for disputed alerts only) (while active or 36 months).
Applications error reports (12 months).
Crash dumps logs (12 months).
App-related usage data (while active or 36 months).

Location Data: This data is processed for the purpose of establishing and authenticating your account, as well as communicating with you. This data is also used to deliver the services and features that you have selected.

Device Data: This data is processed for the purposes of delivering the product in accordance with your device(s) and determining appropriate language settings for communicating with you. It is also processed for the purposes of delivering product services as well as communications about potential solutions to detected threats.

Security Data: This data is used to monitor your identity by providing the alerts you have set up on your account which can help protect you when potentially fraudulent activity is detected or for other services that you have selected. It is also processed for the purposes of delivering product services as well as communications about potential solutions to detected threats.

Data We Collect/Access from Third Parties:

Identity Data may include:

Verified name (not stored).
Verified Social Security Number (not stored).
Verified physical address (not stored).
Verified date of birth (not stored).

Security Data may include:

Credit scores (not stored).
Credit reports (not stored).
Bank transactions (not stored).
Alert information (limited to data elements selected for monitoring by the User) (not stored).

Service Data may include:

Reporting metadata on product and application usage (not stored).

Identity Data: This data is processed by our third-party service providers to help us verify and authenticate you before we enroll you. Some third-party service providers may assist you in creating a new account with us or helping you to log into your account with us.

Security Data: This data is processed by our third-party service providers to monitor your identity and provide monitoring and protective alerts based on the features you select within our products. It is also processed for the purposes of delivering product services as well as communications about potential solutions to detected threats.

Service Data: This data is used for the purpose of helping us to further understand the usage and develop and improve the performance of our products.

Dark Web Monitoring

Dark Web Monitoring provides search services to Users to identify and detect personal information on the dark web and provide an alert back to the Users. Dark Web Monitoring is also offered as a feature of the LifeLock Products.

	Categories of Data and Personal Data Processed (How Long It is Stored)	Purpose of Processing Your Personal Data
Data You Provide:	Account Data may include: Name (only if previously purchased through a LifeLock product offering) (while active or 36 months). Email (while active or 36 months). Preferred language (while active or 36 months). Identity Data may include: Email (while active or 36 months). First phone number (while active or 36 months). First physical address (while active or 36 months). Alternative email address (while active or 36 months). Alternate phone number(s) (while active or 36 months). Alternate physical address(es) (while active or 36 months). Bank account information (while active or 6 months). Credit/debit card information (while active or 6 months). Mother’s maiden name (while active or 36 months). Insurance information (while active or 36 months). Loyalty Card information (while active or 36 months). Driver’s license number (while active or 6 months). Passport number (while active or 6 months). Social Security Number or other National Personal Identifie (only if previously purchased through a LifeLock product offering) (while active or 6 months). Date of birth (only if previously purchased through a LifeLock product offering) (while active or 6 months). Gamertag (while active or 36 months).	Account Data: This data is processed for the purpose of establishing and authenticating your account, as well as communicating with you. Your data is also used to deliver the services and features that you have selected, including the search criteria for the product within the dark web. Identity Data: This data is processed for the purpose of delivering the services and features that you have selected, including the search criteria for the product within the dark web.
Data We Collect/Access:	Location Data may include: IP address (not stored). Geolocation (26 months). Device Data may include: LifeLock member ID (if previously purchased through a LifeLock product) (while active or 36 months). Norton GUID (if previously purchased through a Norton product) (while active or 36 months). Member GUID (while active or 36 months). Web browser name and version (12 months). Device ID (26 months). Operating system version and settings (26 months). Service Data may include: Applications error report (12 months). Crash dumps logs (12 months). App-related usage data (12 months).	Location Data: This data is processed to determine the appropriate language setting to communicate with you. Device Data: This data is used for the purpose of delivering services. It is also processed for the purposes of delivering product services as well as communications about potential solutions to detected threats. Service Data: This data is used for the purpose of helping us to further understand the usage and develop and improve the performance of our products. It is also processed for the purposes of delivering product services as well as communications about potential solutions to detected threats.
Data We Collect/Access from Third Parties:	Security Data may include: Alert information (limited to dark web monitoring) (while active or 36 months). Analytics reports (while active or 36 months).	Security Data: This data is used to provide alerts to you about personal information that is found on the dark web. It is also processed for the purposes of delivering product services as well as communications about potential solutions to detected threats.

Categories of Data and Personal Data Processed (How Long It is Stored)

Purpose of Processing Your Personal Data

Data You Provide:

Account Data may include:

Name (only if previously purchased through a LifeLock product offering) (while active or 36 months).
Email (while active or 36 months).
Preferred language (while active or 36 months).

Identity Data may include:

Email (while active or 36 months).
First phone number (while active or 36 months).
First physical address (while active or 36 months).
Alternative email address (while active or 36 months).
Alternate phone number(s) (while active or 36 months).
Alternate physical address(es) (while active or 36 months).
Bank account information (while active or 6 months).
Credit/debit card information (while active or 6 months).
Mother’s maiden name (while active or 36 months).
Insurance information (while active or 36 months).
Loyalty Card information (while active or 36 months).
Driver’s license number (while active or 6 months).
Passport number (while active or 6 months).
Social Security Number or other National Personal Identifie (only if previously purchased through a LifeLock product offering) (while active or 6 months).
Date of birth (only if previously purchased through a LifeLock product offering) (while active or 6 months).
Gamertag (while active or 36 months).

Account Data: This data is processed for the purpose of establishing and authenticating your account, as well as communicating with you. Your data is also used to deliver the services and features that you have selected, including the search criteria for the product within the dark web.

Identity Data: This data is processed for the purpose of delivering the services and features that you have selected, including the search criteria for the product within the dark web.

Data We Collect/Access:

Location Data may include:

IP address (not stored).
Geolocation (26 months).

Device Data may include:

LifeLock member ID (if previously purchased through a LifeLock product) (while active or 36 months).
Norton GUID (if previously purchased through a Norton product) (while active or 36 months).
Member GUID (while active or 36 months).
Web browser name and version (12 months).
Device ID (26 months).
Operating system version and settings (26 months).

Service Data may include:

Applications error report (12 months).
Crash dumps logs (12 months).
App-related usage data (12 months).

Location Data: This data is processed to determine the appropriate language setting to communicate with you.

Device Data: This data is used for the purpose of delivering services. It is also processed for the purposes of delivering product services as well as communications about potential solutions to detected threats.

Service Data: This data is used for the purpose of helping us to further understand the usage and develop and improve the performance of our products. It is also processed for the purposes of delivering product services as well as communications about potential solutions to detected threats.

Data We Collect/Access from Third Parties:

Security Data may include:

Alert information (limited to dark web monitoring) (while active or 36 months).
Analytics reports (while active or 36 months).

Security Data: This data is used to provide alerts to you about personal information that is found on the dark web. It is also processed for the purposes of delivering product services as well as communications about potential solutions to detected threats.

SurfEasy

SurfEasy VPN protects the User’s devices and safeguards the User’s data by encrypting the User’s information on any internet connection and preserving the User’s privacy.

	Categories of Data and Personal Data Processed (How Long It is Stored)	Purpose of Processing Your Personal Data
Data You Provide:	User Data may include: SurfEasy VPN does not require Users to provide any data outside of the enrollment and billing processes.	User Data: SurfEasy VPN does not require Users to provide any data outside of the enrollment and billing processes, so no additional personal data is processed.
Data We Collect/Access:	User Data may include: IP address (not stored). Install identifier (while active or 36 months). License identifier (while active or 36 months). Administrative Data may include: Device name and type (while active or 36 months). OS version (for mobile devices only) (while active or 36 months). Language (while active or 36 months). Security Data may include: Aggregate bandwidth usage (limited to the number of bytes transferred using the service) (while active or 36 months). Diagnostic Data may include: Data to assist with debugging connectivity problems (device identifier from app) (7 days). VPN Service Data may include: Data to monitor compliance with the terms of use (if suspicious behavior is detected or blocked: device identifier from app, frequency of abuse of services) (7 days). Application Data may include: IP address (not stored).	User Data: This data is processed for the purposes of delivering the content in accordance with your device(s) and determining the appropriate language settings for communicating with you. Administrative Data: This data is processed for the purpose of delivering the product to your device(s). Security Data: This data is used for the purposes of billing the account of the product used as well as network operations and support. Diagnostic Data: This data is used for research and development to improve products and services and to better protect your network, devices, data, and identity. VPN Service Data: This data is used for the purpose of prevent abuse of services, to protect our network, and ensure compliance with the terms of use. Application Data: This data is used for the purpose of (a) delivering the product by selecting the most appropriate server to connect to, and (b) to prevent abuse of services to protect our network and ensure compliance with the terms of use.
Data We Collect/Access from Third Parties:	Diagnostic Data may include: Reporting metadata on product and application usage (while active or 36 months).	Diagnostic Data: This data is used for the purpose of understanding the product usage to further develop and improve the product performance as well as telemetry.

Categories of Data and Personal Data Processed (How Long It is Stored)

Purpose of Processing Your Personal Data

Data You Provide:

User Data may include:

SurfEasy VPN does not require Users to provide any data outside of the enrollment and billing processes.

User Data: SurfEasy VPN does not require Users to provide any data outside of the enrollment and billing processes, so no additional personal data is processed.

Data We Collect/Access:

User Data may include:

IP address (not stored).
Install identifier (while active or 36 months).
License identifier (while active or 36 months).

Administrative Data may include:

Device name and type (while active or 36 months).
OS version (for mobile devices only) (while active or 36 months).
Language (while active or 36 months).

Security Data may include:

Aggregate bandwidth usage (limited to the number of bytes transferred using the service) (while active or 36 months).

Diagnostic Data may include:

Data to assist with debugging connectivity problems (device identifier from app) (7 days).

VPN Service Data may include:

Data to monitor compliance with the terms of use (if suspicious behavior is detected or blocked: device identifier from app, frequency of abuse of services) (7 days).

Application Data may include:

IP address (not stored).

User Data: This data is processed for the purposes of delivering the content in accordance with your device(s) and determining the appropriate language settings for communicating with you.

Administrative Data: This data is processed for the purpose of delivering the product to your device(s).

Security Data: This data is used for the purposes of billing the account of the product used as well as network operations and support.

Diagnostic Data: This data is used for research and development to improve products and services and to better protect your network, devices, data, and identity.

VPN Service Data: This data is used for the purpose of prevent abuse of services, to protect our network, and ensure compliance with the terms of use.

Application Data: This data is used for the purpose of (a) delivering the product by selecting the most appropriate server to connect to, and (b) to prevent abuse of services to protect our network and ensure compliance with the terms of use.

Data We Collect/Access from Third Parties:

Diagnostic Data may include:

Reporting metadata on product and application usage (while active or 36 months).

Diagnostic Data: This data is used for the purpose of understanding the product usage to further develop and improve the product performance as well as telemetry.

Norton Safe Email

Norton Safe Email is a cloud-based service which monitors emails from supported providers for potential threats. By default, we don’t store the emails, but we create and store non-personal numeric representations of the text to detect potential scam and other unwanted messages. You can allow us to store the whole email message (EML file with message metadata) we identified as suspected malicious by consenting to it in the product. This helps us keep better detections and improve the protection against scams. Our human reviewers may check the email message in case it is needed to investigate the accuracy of our detections (esp. in case of false negatives or false positives). Suspicious messages in the raw form are stored for 30 days and then we remove personal identifiers and keep them in our malware database. To connect to Gmail accounts, we need to ask Google for permission to use its APIs. Google allows companies to use its APIs only if they undertake to limit its use of information accessed through the APIs. As a result, Product’s use and transfer to any other product of information received from these Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

	Categories of Data and Personal Data Processed (How Long It is Stored)	Purpose of Processing Your Personal Data
Data You Provide:	Connection to the email account you wish to monitor.	To allow the product to monitor emails for threats.
Data We Collect/Access:	Security Data may include: Malicious URLs and referrers (36 months). Malware samples, suspicious files (36 months). Service Data may include: IP Address of SMTP mail servers (36 months). In order to check your email, we download it whole, together with metadata and attachments. By default, we keep it in our systems only during the processing, and we don't store it, but we create and store non-personal numeric representations of the text to detect potential scam and other unwanted messages. If you consent, we can store suspicious email messages for in-depth analysis and to keep our detection models up to date (30 days in raw form, thereafter personal identifiers removed). Subject of emails (28 days). Malicious identifiers (URL, phone, email, crypto, or other identifier types that may be identified as significant for threat detection) (60 months). When an email is detected to be malicious, the following data is collected (36 months): hash of the userID email subject hash of sender email address domain address of sender detection type and name name of the attachments and their hashes country of the user	Security Data: This data is processed for the purposes of delivering the product by informing you about the safety of an email, improving the detection of malware and cyber-threats (e.g., through file sample analysis), and pursuing general cybersecurity research. Service Data: This data is processed for the purposes of the functionality of malware scanning and evaluation of sender reputation. This data is also used to ensure proper functionality and fix bugs. This data is also used to collect threat statistics and perform internal analysis and research.

Categories of Data and Personal Data Processed (How Long It is Stored)

Purpose of Processing Your Personal Data

Data You Provide:

Connection to the email account you wish to monitor.

To allow the product to monitor emails for threats.

Data We Collect/Access:

Security Data may include:

Malicious URLs and referrers (36 months).
Malware samples, suspicious files (36 months).

Service Data may include:

IP Address of SMTP mail servers (36 months).
In order to check your email, we download it whole, together with metadata and attachments. By default, we keep it in our systems only during the processing, and we don't store it, but we create and store non-personal numeric representations of the text to detect potential scam and other unwanted messages. If you consent, we can store suspicious email messages for in-depth analysis and to keep our detection models up to date (30 days in raw form, thereafter personal identifiers removed).
Subject of emails (28 days).
Malicious identifiers (URL, phone, email, crypto, or other identifier types that may be identified as significant for threat detection) (60 months).
When an email is detected to be malicious, the following data is collected (36 months):
- hash of the userID
- email subject
- hash of sender email address
- domain address of sender
- detection type and name
- name of the attachments and their hashes
- country of the user

Security Data: This data is processed for the purposes of delivering the product by informing you about the safety of an email, improving the detection of malware and cyber-threats (e.g., through file sample analysis), and pursuing general cybersecurity research.

Service Data: This data is processed for the purposes of the functionality of malware scanning and evaluation of sender reputation. This data is also used to ensure proper functionality and fix bugs. This data is also used to collect threat statistics and perform internal analysis and research.

Norton Money

Norton Money is a centralized platform for managing your finances. It allows you to connect all your accounts—checking, savings, credit cards, 401k, and investments—into one secure app.

Financial account information is provided through Plaid, a financial technology company that enables Norton Money to connect with your bank accounts and other financial institutions securely.

	Categories of Data and Personal Data Processed (How Long It is Stored)	Purpose of Processing Your Personal Data
Data You Provide:	Account Data may include: Name (while active or 36 months). Email (while active or 36 months). Phone number (while active or 36 months). Social Security Number or other National Personal Identifier (while active or 6 months). Physical address (while active or 36 months). Date of birth (while active or 6 months). Billing address (while active or 36 months).	Account Data: This data is processed for the purpose of establishing and authenticating your account, as well as communicating with us. Your data is also used to deliver the services and features that you have selected.
Data We Collect/Access:	Location Data may include: IP address (not stored). Geolocation (26 months). Device Data may include: Member ID (while active or 36 months). Device ID (26 months). Service Data may include: Reporting data based on metadata collected by product (36 months). Applications error reports (12 months). Crash dumps logs (12 months). App-related usage data (while active or 36 months).	Location Data: This data is processed for the purpose of establishing and authenticating your account, as well as communicating with you. This data is also used to deliver the services and features that you have selected. Device Data: This data is processed for the purposes of delivering product services. Service Data: This data is processed for the purpose of understanding product usage and to further develop and improve the product performance.
Data We Collect/Access from Third Parties:	Service Data may include: Bank account information and other financial account information (while active or 6 months). Credit scores (18 months). Financial transactions (while active or 6 months).	Service Data: This data is used to deliver the services and features that you have selected, track your spending, compare it to financial benchmarks, and get personalized recommendations. We also use this data for the purpose of helping us to further understand the usage, create aggregated reports and develop and improve the performance of our products.

Categories of Data and Personal Data Processed (How Long It is Stored)

Purpose of Processing Your Personal Data

Data You Provide:

Account Data may include:

Name (while active or 36 months).
Email (while active or 36 months).
Phone number (while active or 36 months).
Social Security Number or other National Personal Identifier (while active or 6 months).
Physical address (while active or 36 months).
Date of birth (while active or 6 months).
Billing address (while active or 36 months).

Data We Collect/Access:

Location Data may include:

IP address (not stored).
Geolocation (26 months).

Device Data may include:

Member ID (while active or 36 months).
Device ID (26 months).

Service Data may include:

Reporting data based on metadata collected by product (36 months).
Applications error reports (12 months).
Crash dumps logs (12 months).
App-related usage data (while active or 36 months).

Device Data: This data is processed for the purposes of delivering product services.

Service Data: This data is processed for the purpose of understanding product usage and to further develop and improve the product performance.

Data We Collect/Access from Third Parties:

Service Data may include:

Bank account information and other financial account information (while active or 6 months).
Credit scores (18 months).
Financial transactions (while active or 6 months).

Service Data: This data is used to deliver the services and features that you have selected, track your spending, compare it to financial benchmarks, and get personalized recommendations.

We also use this data for the purpose of helping us to further understand the usage, create aggregated reports and develop and improve the performance of our products.

HomeShield Pro

HomeShield Pro provides network security for TP-Link routers.

	Categories of Data and Personal Data Processed (How Long It is Stored)	Purpose of Processing Your Personal Data
Data We Collect/Access:	Device Data may include: IP address (36 months). Device and router manufacturer and model (50 months). Device names and/or assigned names (50 months). Device and router identifiers including MAC address (while active or 50 months). Security Data may include: Domain names (DNS), the target IP address (hostname) and associated traffic information and metadata (7 days). Service Data may include: Network data and connection activity (36 months). Events and product usage (50 months).	Device Data: This data is used and generated internally at Gen for the purpose of displaying this information to the user and to deliver the product. Security Data: This data is used to deliver the product by analyzing the traffic to detect threats such as port scanning, DDoS and network penetration. Service Data: This data is used to understand product usage and to further develop and improve the product performance as well as telemetry.

Categories of Data and Personal Data Processed (How Long It is Stored)

Purpose of Processing Your Personal Data

Data We Collect/Access:

Device Data may include:

IP address (36 months).
Device and router manufacturer and model (50 months).
Device names and/or assigned names (50 months).
Device and router identifiers including MAC address (while active or 50 months).

Security Data may include:

Domain names (DNS), the target IP address (hostname) and associated traffic information and metadata (7 days).

Service Data may include:

Network data and connection activity (36 months).
Events and product usage (50 months).

Device Data: This data is used and generated internally at Gen for the purpose of displaying this information to the user and to deliver the product.

Security Data: This data is used to deliver the product by analyzing the traffic to detect threats such as port scanning, DDoS and network penetration.

Service Data: This data is used to understand product usage and to further develop and improve the product performance as well as telemetry.

Products

Services & Support

About

Norton is part of Gen – a global company with a family of trusted brands.

Copyright © 2025 Gen Digital Inc. All rights reserved. Gen trademarks or registered trademarks are property of Gen Digital Inc. or its affiliates. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play, and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple, and the Apple logo are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc. Alexa and all related logos are trademarks of Amazon.com, Inc. or its affiliates. Microsoft and the Windows logo are trademarks of Microsoft Corporation in the U.S. and other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.

About Gen Newsroom Careers Legal Privacy Security Terms of Use Accessibility System Status