Surfshark Privacy Report

Encryption
In Transit | Yes |
At rest? | Yes |
All network communications and capabilities? | Yes |
Security Updates
Automatic, regular software/ firmware updates? | Yes |
Product available to use during updates? | No |
Passwords
Mandatory password? | Yes |
Two-Factor authentication? | Yes, must opt in |
Multi-Factor authentication? | No |
Vulnerability Management
Point of contact for reporting vulnerabilities? | support@surfshark.com |
Bug bounty program? | No |
Privacy Policy
Link | https://surfshark.com/privacy-policy |
Specific to device? | No |
Readable? | Yes |
What data they log | Email address, billing info, diagnostic reports, google analytics/advertising Ids in apps |
What data they don’t log | Traffic or use of its Virtual Private Network service on any platform. We do not track user activities outside of our Site, nor do we track the website browsing or connection activities of users who are using our Services. |
Can you delete your data? | Yes, if you are a resident of California |
Third-party sharing policies | Can opt out of third-party pixels that use cookies. Third parties leveraged for customer feedback, fraud detection, email, ETL, payment, cart abandonment, blog hosting, app crash info, and support tickets. |
Surveillance
Log camera device/ app footage | n/a |
Log microphone device/ app | n/a |
Location tracking device/ app | No |
Parental Controls
Are there parental controls? | No |
Company History
Any security breaches/ surveillance issues in past? | Yes |
Did they do anything to fix it? | No |
Additional Security Features
Anything like privacy shutters, privacy zones, etc.? | n/a |