Sophos Home and Sophos Home Premium are consumer products that provide antivirus, web filtering, and an advanced next-generation endpoint protection platform offering signatureless exploit prevention, predictive machine learning for malware detection, and advanced protection to help stop malicious threats including zero-day, credential theft, and ransomware.
Purchase process
All purchases of Sophos Home and Sophos Home Premium subscriptions are via an independent reseller, Cleverbridge. Cleverbridge is responsible for any data that it collects from you during the purchase process, and you should refer to the Cleverbridge privacy policy for further information about its privacy practices.
Sophos and Cleverbridge (as applicable) may collect and use your name, email address, password, user ID, IP address, and device, for purposes of account creation and billing for the products.
Some devices may include a pre-installed option for you to participate in a free trial and/or to purchase the products, in which case a prompt may appear on your device with instructions on installation. The prompt may allow Sophos and Cleverbridge to collect and use telemetry data relating to such installation and purchase. Sophos may utilize such telemetry data for analytics, and may share analytics based on such telemetry data with the relevant device manufacturers.
Storage and processing on your devices
In order to use the Sophos Home and Sophos Home Premium products, you will need to install our software onto the devices that you wish to protect and agree to the terms and conditions of use. Installation will require ongoing storage space and processing capacity for product operation. For example, we will need to scan files and web page requests in order to ascertain if they are malicious or not.
As cyber threats are constantly evolving, it is necessary for us to send automatic updates to our software installed on your devices from time to time, in order to maintain the effectiveness of the product. We may also send automatic updates in order to add, remove, or change product features.
Our products will also store a log of the actions they have taken on your device. This log is not accessible to us, but we may request that you download and send this to us where needed for troubleshooting purposes, as described in the ‘Support’ section below.
Your use of the product may require your data to be transferred from the country in which you are located to the United States and Canada. Such data transfers will occur in accordance with the privacy policy of the applicable entity or entities performing the data transfer. For more details on international data transfers, please see this page.
Data stored in product portals
We store information in our product administration portals in order to provide you with visibility of product performance, including products installed, subscription term, update status, alerts received, threats detected, applications blocked, and websites blocked. These portals are currently hosted in the USA using third party subcontractors, Amazon Web Services and Google Cloud. We will post any future changes or additions to the subcontractors or location of hosting to this page.
Sophos Home Management App
If you use our Sophos Home Management App, we may collect and use your name, email address, password, user ID, IP address and device name. We use this information for the purpose of validating your credentials, ensuring you have a current Sophos Home account, to allow you to manage your account configuration, to provide support upon your request and to ensure the app is working as expected.
The Sophos Home Management App uses limited services provided by Google for the purposes of ensuring the app works as designed. Firebase Crashlytics and Google Analytics for Firebase involve the processing of limited data, however, these services operate under their own privacy notices and we encourage you to review them, here.
Data sent to our engineers
Telemetry – our software sends information to us on installation, uninstallation, and at regular intervals in between that enables us to monitor and improve the product performance. This may include personal data such as IP address, email address, username, locally configured endpoint ID, domain name, MAC address, URL, device ID, file path, file name, and customer ID.
Look-ups - our software automatically sends data including the URL, file name, file path, size of executable, customer ID, machine ID, and file hash for assessment against our database in order to make better-informed decisions about whether such file is clean or malicious when faced with unknown files (for example files that have not been seen by the software before).
Reporting incorrect categorization (optional) - you may alert us via the dashboard to applications that you believe have been incorrectly identified as malicious or exhibiting malicious behavior. This will send a report to us for analysis including the file path, file name, type of detection, customer ID, thumbprint, and application name.
How do we use the data?
We may store and use data we recieve for the purposes of providing the products, trend analysis, statistics, reporting, ongoing spam and threat detection, troubleshooting, quality control, new product development, and the enhancement of existing products.
Support
Sophos Home and Sophos Home Premium may include access to our technical support helpdesk via a link within the product administration portal. We record details of support requests and our responses in our support management system. Sophos Home support is currently provided by third-party subcontractors, Zendesk (USA), SendSafely (USA) and BlueOcean (Canada), and accordingly they may process any data that you share with us for support purposes. We will post any future changes or additions to the subcontractors used for this purpose to this page.
As part of the support process, we may suggest that you download product logs from your device and submit them to us for review. This procedure is optional and only occurs with your consent. If you participate, we will only use the data accessed or shared for the purposes of resolving your reported issue. If you send product logs to us, we recommend that you encrypt them in transit.
Ending your use of Sophos Home or Sophos Home Premium
If you no longer wish to use this product, you can contact Cleverbridge directly to cease your subscription and payments. You can uninstall our product from your devices directly.
Third parties
|
Third party |
Location |
What they do |
|
Cleverbridge |
USA |
Provide payment and subscription services to enable to you purchase and manage your subscriptions to this product. |
|
Zendesk |
USA |
Provides a customer service platform to enable interaction between Sophos and our customers. |
|
SendSafely |
USA |
Provides a tool to enable you to upload samples and logs to Sophos for support. |
|
BlueOcean |
Canada |
Provides engineering support led by Sophos to resolve customer issues. |
|
Amazon Web Services |
USA |
Provides cloud hosting services for our products. |
|
Firebase |
USA |
Provides app development, delivery and function services for our products. |
|
Google Cloud |
USA |
Provides cloud hosting services for our products. |
Last updated September 2022