At VirusTotal, we are keenly aware of the trust users place in us and our responsibility to protect the privacy of user information. As part of this responsibility, we make public what information we collect when someone uses our products and services, why we collect it and how we use it to improve user experience and cybersecurity.
Collection and use of submitted files, URLs and personal information
Information we collect to provide you with the services includes:
- Information you submit in connection with using our services. This includes the files, URLs, and other information you submit for scanning, information you provide when you join and participate in the VirusTotal community (such as profile information, comments, mentions, and votes), and any information you provide when contacting VirusTotal.
- Device information: We may collect device-specific information (such as your hardware model, operating system version, unique device identifiers, and mobile network information including phone number).
- Log information: When you use our services or view content provided by VirusTotal, we may automatically collect and store certain information in server logs. This may include: details of how you used our service; Internet protocol address; device event information such as crashes, system activity, hardware settings, browser type, standard HTTP request headers, including but not limited to user agent, referral URL, language preference, date and time; and cookies that may uniquely identify your browser or your VirusTotal Account.
- Payment information: To the extent you purchase any premium services offered by VirusTotal, we may collect or receive your credit card and other payment information.
How we use information we collect
We use the information we collect from all of our services to provide, maintain, protect and improve them, to develop new services, and to protect VirusTotal and our users.
This includes using the information to:
- analyse and scan the files and other content you submit;
- develop new services and service features;
- create, publish and update the scan reports available on VirusTotal, including comments, mentions and trusted ratings;
- develop and provide information to the VirusTotal Community;
- create and administer your account;
- understand and improve how our users use and interact with VirusTotal services;
- protect and secure the VirusTotal site and services, including the networks and systems through which we provide the services; and
- process payments for premium services offered by VirusTotal.
When you contact VirusTotal, we may keep a record of your communication to help solve any issues you might be facing. We may use your email address to inform you about our services where you have agreed to this. We may also send you administrative messages.
Information we share
When you submit content to VirusTotal for scanning, we may store it and share it with the anti-malware and security industry (normally the companies that participate in VirusTotal receive content that their engines do not detect as potentially harmful and are catalogued as harmful by at least one other engine). The samples can be analysed by automatic tools and security analysts to detect malicious code and to improve antivirus engines. Our service terms require participating anti-malware and security companies to adhere to VirusTotal's Best Practices when using the samples.
Files, URLs, comments and any other content submitted to or shared within VirusTotal may also be included in premium services offered by VirusTotal to the anti-malware and ICT security industry, with the sole aim of improving research and development activities, expecting it to lead to an overall safer internet and greater end-user protection. Participants include a broad range of cybersecurity professionals focused on product, service, and system security and security products and services.
In addition, we may also share your information in the following circumstances:
- When you sign up to VirusTotal. Your profile, including name, nickname and any information you choose to add to your profile, such as profile picture, will be publicly available on the VirusTotal community. Your activity within the VirusTotal Community, such as comments on files uploaded to VirusTotal, users who mention you in a post to VirusTotal, and users you have “trusted” or who have “trusted” you, will also be included as part of your public profile.
- For legal reasons. We will share personal information with affiliates and companies, organisations or individuals outside of VirusTotal if we believe that access, use, preservation or disclosure of the information is reasonably necessary to:
- meet any applicable law, regulation, legal process or enforceable governmental request.
- enforce applicable Terms of Service, including investigation of potential violations.
- detect, prevent, or otherwise address fraud, security or technical issues.
- protect against harm to the rights, property or safety of VirusTotal, our affiliates or users or the public as required or permitted by law.
We may share aggregated, anonymised information publicly and with our partners – like the anti-malware and security industry. For example, we may share information publicly to show statistical trends about the general use of our services.
In the event that VirusTotal is involved in a merger, acquisition or asset sale, we may disclose your personal data to the prospective seller or buyer of such business or assets.
You should not share files, URLs, comments or any other content with VirusTotal unless you have authority to share it.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
We will let you know if we plan to process your personal data for marketing purposes when we collect it. You can change your mind at any time by contacting us through our contact page.
You have the right to request access to personal information we hold about you. Your right of access can be exercised in accordance with the Data Protection Acts 1988 and 2003 and any successor laws. Any access request may be subject to a statutory fee to meet our costs in providing you with details of the information we hold about you. To submit a request for access to your information, please visit our contact page and provide details so that we can identify your information.
You also have the right to request, in accordance with law, the amendment or deletion of your personal information held by VirusTotal, including the deletion of your account. If you have a VirusTotal account, you may be able to make these changes by logging into your VirusTotal account. If you require further assistance or you do not have a VirusTotal account, please visit our contact page and submit your request.
Please note that we may retain your personal information where necessary for accountability, traceability or for legal reasons disclosed above. We may also reject requests that are unreasonably repetitive, require disproportionate technical effort (for example, developing a new system or fundamentally changing an existing practice), risk the privacy of others, or would be extremely impractical (for instance, requests concerning information residing on backup systems).
Our website may, from time to time, contain links to and from the websites of our partners and members of the VirusTotal Community. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.