WE PUT YOUR PRIVACY AND DATA SECURITY FIRST

At a time when information is shared so freely, the details you choose to keep private matter more than ever. Our commitment to your privacy and data security is a fundamental part of who we are. Scroll down to see how this helps us secure the data that defines your digital world. Then ask your other cybersecurity choices if they can even come close.

PRIVACY THAT CHANGES EVERYTHING

Our Global Transparency Initiative reimagines industry openness and reaffirms our commitment to your privacy and data security. See how we’re protecting important customer data right now:

User Data

Our Swiss Shift

We’ve relocated processing of our cyberthreat-related data to Switzerland, which boasts a well-earned reputation for neutrality and strict data security legislation. It is among the few countries recognized by the European Commission for adequate protection of personal data . What does this cyberthreat-related data include? Suspicious or previously unknown malicious files that the company’s products send to the Kaspersky Security Network (KSN) for automated malware analysis.

Software Assembler

Our Practices of Data Processing

Malicious and suspicious files, which are anonymized and voluntarily shared by Kaspersky users—including in North America—are processed in two Zurich data centers for the highest levels of security.

Transparency Center

Our Global Transparency Centers

We’ve built facilities for the review of our source code, software updates, threat detection rules and other technical and business processes. We currently serve North America via our Zurich Global Transparency Center—including remote access—and we’ll soon open limited, secure remote access to our new center in New Brunswick, Canada .
Get the full details on our groundbreaking Global Transparency Initiative

How it works

MORE ABOUT OUR TRANSPARENCY CENTERS

Want to learn more or request access to a Transparency Center?
Contact TransparencyCenter@kaspersky.com or visit our Transparency Center website.


SECURITY PRACTICES CONFIRMED BY THIRD-PARTY PROFESSIONALS

“Big Four” independent SOC 2 assessment

A Big Four accounting firm has audited the security and integrity of our solutions through the Service Organization Controls for Service Organizations (SOC 2) Type 1.

The final report confirms that the development and release of Kaspersky’s threat detection rules (AV) databases are protected from unauthorized changes through strong security controls.

Learn more.

aicpa soc


ISO/IEC 27001:2013 by TÜV AUSTRIA

The certification shows our commitment to strong data security, and that Kaspersky’s Data Service is in full compliance with industry-leading privacy best practices.

The third-party accredited certification body confirms that our data security systems, including Kaspersky Security Network, meet industry data privacy standards.

Learn more.

tuv austria



PRIVACY BEYOND EXPECTATIONS

We go a step further to keep your data private through strong encryption, digital certificates, segregated storage and strict data access policies. We also adhere to the following data processing principles:

  • ⚬ All data sent to Kaspersky by users is not attributed to a specific individual and is anonymized wherever possible. Actions to achieve this include deleting account details from transmitted URLs, obtaining hash sums of threats instead of the exact files, obscuring user IP addresses etc.
  • ⚬ All data processed by Kaspersky serves three key purposes: (a) supporting key product functionality, (b) increasing the effectiveness and performance of the protection components, and (c) offering improved and more suitable solutions to customers and providing them with the appropriate content.
  • ⚬ Customers voluntarily agree to send this data to Kaspersky, by accepting different agreements, which vary depending on the product or service used.
  • ⚬ The data provided is protected, even during transit, in accordance with stringent industry standards, including encryption, digital certificates, segregated storage and strict data access policies.
  • ⚬ Kaspersky constantly reviews the type of data processed by its solutions to protect our customers’ privacy and comply with the very latest legal requirements, such as the GDPR regulations in Europe.


Latest news on the Global Transparency Initiative

To keep you up-to-date with news on the relocation to Switzerland and the other activities that form part of our Global Transparency Initiative, we’ll be posting regular updates and progress reports in this section.


Our answers to your questions

  • Why is it important?

    Supply chain issues and ‘balkanization’ are major challenges for the security of today’s ultra-connected global landscape. To overcome them, the world needs trust and transparency in cybersecurity. We believe that companies will need to increase transparency in their products and business operations in order to earn and maintain trust. Our new measures demonstrate our approach for achieving that: through tangible, practical steps implemented within the overall framework of our Global Transparency Initiative

  • What is Kaspersky’s Global Transparency Initiative?

    Kaspersky’s Global Transparency Initiative (GTI) is a reaffirmation of the company’s commitment to earning and maintaining the trust of its most important stakeholders: its customers. It includes a number of actionable and concrete measures to involve external independent cyber security experts and others in validating and verifying the trustworthiness of the company’s products, its internal processes and business operations, and to introduce additional accountability mechanisms by which the company can further demonstrate that it addresses any security issues promptly and thoroughly.

    In the context of GTI, the storage and processing of user data, shared voluntarily with the Kaspersky Security Network, has been relocated from Russia to Switzerland.

    We have also opened Transparency Centers across the globe which serve as facilities for trusted partners and government stakeholders to review the company’s code, software updates, and threat detection rules; as well as a briefing center to learn more about Kaspersky’s engineering and data processing practices. Our Transparency Centers are open in Zurich, Switzerland, Madrid, Spain, Kuala Lumpur, Malaysia, and São Paulo, Brazil. In 2021, a new Transparency Center will open in New Brunswick, Canada.

  • Why did you decide to relocate infrastructure?

    The relocation reflects our willingness to address customer concerns by, firstly, moving some of our data storage and processing to a neutral region while maintaining our high global standards of data security and integrity.

    This move further demonstrates our enduring commitment to assuring the integrity and trustworthiness of Kaspersky solutions in the service of our customers, and to addressing any concerns outlined by regulators.

  • Why is data from some countries not moved to Switzerland, but will be processed in Russia? Based on what principle did you divide the countries for the relocation of data processing?

    A decision about the relocation of data processing for each country is based on market specifics, customer demands and local regulation. The company has moved data processing and storage for our customers in Europe, the United States, Canada, and several countries in the Asia-Pacific region.

  • How will the relocation affect the data of other users?

    There is no difference between Switzerland and Russia in terms of data processing. In both regions we adhere to our fundamental principle of respecting and protecting people’s privacy, and we will use a uniform approach to processing users’ data, with strict policies applied.

  • What will be available for independent review and assessment in the Transparency Center?

    Trusted partners will have access to the company’s code, software updates and threat detection rules, among other things.

    The Transparency Center’s functions include:

    - Access to secure software development documentation
    - Access to the source code of any publically released product
    - Access to threat detection rule databases
    - Access to the source code of cloud services responsible for receiving and storing the data of Kaspersky customers
    - Access to software tools used for the creation of a product (the build scripts), threat detection rule databases and cloud services

    We provide three options to government stakeholders and enterprise customers for independent assessment of Kaspersky products. Given the challenging travel and visitor restrictions, customers and partners now also have an opportunity to review the source code remotely. Learn more here.

  • Who is able to review?

    Transparency Centers in Zurich and Madrid are open for inspections by trusted partners and government stakeholders. Please refer to our Access policy for more information.

  • What is a SOC 2 Type 1 report?

    A SOC 2 Type 1 report is designed to meet the needs of existing or potential customers who need assurance about the design and implementation of controls at a service organization. It covers controls that are relevant to the security, availability, or processing integrity of the system used by the service organization to process customers’ information, or the confidentiality or privacy of that information.

  • What are further steps to be taken in the framework of Global Transparency Initiative?

    We will continue to work with the community to prioritize transparency and accountability, and to enhance the security of modern software products, to further build consumer trust. Our core belief is that through collaborative multi-stakeholder efforts we are able to enhance confidence and trust in technology. More information about our transparency principles is available here.