MetaDefender Cloud Privacy Policy

Last Update: 25 May 2018

Version: 2.0


This privacy policy explains what information OPSWAT, Inc. and all of its subsidiaries worldwide (referred to as “OPSWAT,” “we,” “us,” and “our”) gather about individuals who provide us with personal information. It outlines what we use that information for and who we give that information to. It also sets out your privacy rights in relation to your own personal information, and it tells you who to contact for more information about this policy.

In this privacy policy, your personal information is sometimes called “personal data.” We collectively refer to collecting, handling, using, protecting, or storing your personal information as “processing.”

Although you do not have to provide any of your personal information to us, if we ask you to do so and you refuse, we may be unable to provide you with the information, goods, or services you want from us.


Please do not provide us with your personal information unless we ask you for it.


We take data protection very seriously, and we are fully committed to protecting your personal information. This privacy policy describes how we handle the personal information we collect and process through MetaDefender Cloud.

It is our policy to collect only the minimum information required from you. If you believe that we have gone beyond that, please contact us to raise any concerns you may have. A list of contact methods is provided at the bottom of this privacy policy.

OPSWAT complies with the EU-U.S and Swiss-U.S. Privacy Shield Frameworks which were designed by the US Department of Commerce and the European Commission and Swiss Administration to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States in support of transatlantic commerce and with REGULATION (EU) 2016/679 of the European parliament and of the council (GDPR).

OPSWAT has certified that it adheres to the Privacy Shield. To learn more about Privacy Shield please visit and to view our certification, please visit

Personal information (personal data) is anything that enables you to be identified or identifiable including but not limited to:

  • First and last name

  • Email address, postal and IP addresses

  • Telephone numbers

  • National identification/social security and national insurance numbers

  • Job titles and occupation

  • Bank accounts

  • Any contact information


We only collect personal information through MetaDefender Cloud that we believe to be relevant and required to provide you with requested information and services and to conduct our business.

As you use MetaDefender Cloud, you may link to third-party sites not controlled by us and which do not operate under our privacy practices. When you link to third-party sites, our privacy practices no longer apply. We encourage you to review each third-party site's privacy policy before disclosing any personally identifiable information.

We do not intend to collect special category (also known as sensitive) personal information through our website(s) (unless we are legally required to do so). Examples of special category information are: race or ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; physical or mental health; genetic data; biometric data; sexual life or sexual orientation; and criminal records.

We ask that you do not provide us with special category personal information when using MetaDefender Cloud.

Cookies and similar technologies

With respect to your use of an Internet browser to interact with MetaDefender Cloud you should be aware that like many businesses with websites and cloud services, we may also use “cookies” to collect information. A cookie is a small data file that we transfer to your computer’s hard disk for record-keeping purposes. You can control our use of cookies with respect to your device by changing options in the Internet browser you use. We will display notices to you about cookies and prompt you to accept or reject a cookie from us. If you do not accept cookies, however, you may not be able to use all portions or features of MetaDefender Cloud. For more information about our use of cookies, please visit OPSWAT Cookies Policy.

Rights in relation to your information

You have the following rights regarding your Personal Data:

1 Right of Access.

You have the right to access your Personal Data that we hold about you, i.e. the right to require free of charge:

  • information whether your Personal Data is retained,

  • access to duplicates of the Personal Data retained,

Upon your request, along with a duplicate of the data we retained, will provide you information related to – purpose of the processing, personal data we collect, entities to which we transferred them, time we keep your Personal Data, if possible and the criteria we used to decide the period, your rights as European Union Citizen, unless the data was collected directly from you, the source of the data, whether there is an automated decisional process,

You can use the right to access to your Personal Data through your account. You may also request what other information we may hold. One request is free of charge, for the other we may charge a reasonable fee. If the effort of identifying data may be too much, or it may infringe with other people rights, we have the right to refuse it.

2 Right to Rectification.

When we process your Personal Data, we shall try to ensure that your Personal Data is accurate and up-to-date for the purposes for which it was collected. If your Personal Data is inaccurate or incomplete, you can change the information you provided by going to and following the steps as described.

  1. Right to suspend the processing

You have the right to request the termination of the processing with or without deletion of the data we have collected where one of the following applies:

  • the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;

  • the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;

  • the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;

  • the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.

  1. Right to data portability

You have the right to receive the Personal Data concerning you, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance us.

  1. Right to delete.

You have the right to obtain deletion by us of Personal Data concerning you by deleting your User Account or by by going to and following the steps as described.

Because of deleting your User Account, you will lose access to services provided to you by MetaDefender Cloud

We allow you to restore your User Account during a grace period of 30 (thirty) days from the moment you request deletion of your User Account. This functionality allows you not to lose your account by mistake, because of your loss of your account credentials or due to hacking. During the suspension period, we will be able to finalize financial and other activities that you may have initiated before sending the User Account deletion request. After the grace period, Personal Data associated with your account will be deleted.

In some cases, deletion of your User Account, and therefore Personal Data deletion, is complicated. Namely, if your account has a business relationship with US, you will only be able to delete your User Account after you have dissolved the business relationship. In some cases, considering the complexity and number of the requests, the period for Personal Data erasure may be extended, but for no longer than two further months.

5 Right to Object.

When our processing of your Personal Data is based on legitimate interests according to Article 6(1)(f) of the GDPR, you have the right to object to this processing. If you object we will no longer process your Personal Data unless there are compelling and prevailing legitimate grounds for the processing as described in Article 21 of the GDPR; in particular if the data is necessary for the establishment, exercise or defence of legal requirements.

You also have the right to lodge a complaint at a supervisory authority.

Contact Information:

Our lead supervisory authority is the Romanian Data Protection Agency which may be contacted at:

Autorității Naționale de Supraveghere a Datelor cu Caracter Personal

B-dul G-ral. Gheorghe Magheru 28-30, sector 1, 010336, București,,

Phones: +40.318.059.211, +40.318.059.212

You can also contact our data protection officer at the address below. Our European representative for data protection questions is:

Opswat Romania SRL

Timișoara, România

If you would like to exercise these rights or determine what, if any, personal information we have about you, please go to and follow the steps as described.

Automated decision making

We will not use your personal information for automated decision making or profiling.


We understand the importance of protecting children's privacy and we never knowingly collect personal information about individuals under the age of 16. We adhere to laws regarding marketing to children.


If you are under 16 years of age, we ask that you do not use MetaDefender Cloud.

Data We Collect / How We Use Your Data / Sharing of Your Data With Service Providers / Your Choices / Data Retention Policies With Respect To MetaDefender Cloud

When you upload a file from your browser:

Data We Collect

How We Use Your Data

Your Choices

Service Providers With Which We Share Data

Data Retention Policy

  • Browser name

  • IP address

  • Browser unique identifier

  • To uniquely identify the device you are using to access MetaDefender Cloud

  • To identify the location of your device when using MetaDefender Cloud

If this data is collected as a result of your running the OPSWAT MetaAccess agent on your device, you (or your administrator) can uninstall the MetaAccess agent or your administrator can unregister it from the MetaAccess account created. Please note that your uninstalling of the MetaAccess agent may violate your company's security policy and limit access from this device to company assets for which MetaAccess is performing pre-access endpoint security checks. We therefore recommend you contact your company's MetaAccess administrator to implement your choices.

  • Other users of MetaDefender Cloud: Unless a file you upload is analyzed using the private scanning API, the file analysis result is available to other MetaDefender Cloud users. However, no information about you as the individual uploading the file will be shared.

  • Anti-malware vendors providing an engine to MetaDefender Cloud and other security researchers approved by us: Unless a file is analyzed using the private scanning API, the uploaded file is shared with these service providers for research purposes.

  • Amazon AWS: Provides us with the systems to power malware analysis and data sanitization of uploaded files. Also allows us to store files and analyze results.

30 days

File submitted for scanning

  • Contents of the file

  • File metadata

  • To analyze an uploaded file with multiple anti-malware engines and display results of each engine's analysis (i.e., is the file infected with a computer virus or not)

  • To sanitize the uploaded file, if the file type is supported for this function, in order to provide the sanitized file to you only

You can upgrade from free usage and implement our private scanning API, which causes uploaded files to be deleted upon completion of analysis.

10 years

If you create an account:

Data We Collect

How We Use Your Data

Your Choices

Service Providers With Which We Share Data

Retention Policy

  • First name

  • Last name

  • Password

  • Email address

  • Company name

  • Files you upload unless you use the private scanning API

  • Validate that you are human and not a robot when you create an account

  • Authenticate your secure access to your account when you log-in

  • Associate your requests for support with your account

Refer to User Rights section for your choices with respect to:

  • Deleting your account

  • Restricting our use of your data

  • Correcting or updating data in your account

  • Accessing your data

  • Restricting access to your account (or later restoring access)

  • Obtaining a new password if you forget your current password

  • Amazon AWS, which powers MetaAccess and the file upload, analysis, and storage functions of MetaDefender Cloud

  • Zendesk, which provides the platform through which you submit requests for support and we respond to your support requests

  • Contractors to troubleshoot issues with MetaAccess and MetaDefender Cloud uptime, performance, and stability

If your account remains inactive for 6 months, we will deactivate it. Unless you ask us to reactive it, after another 6 months following deactivation, we will delete your account.

Web analytics

Data We Collect

How We Use Your Data

Your Choices

Service Providers With Which We Share Data

Retention Policy

  • Page visiting history

  • IP address

  • Browser type and operating system

  • Data and time of visit to the website

  • Better understanding user behavior and browser agent performance.

  • Improve website performance.

  • Improve website content quality.

You can disable cookies and see more details at OPSWAT Cookies Policy

  • Google Analytics: Provides the system we use to track and analyst user browsing history.

Data is retained for 26 months.

The third-party service providers identified above may use their own third-party subcontractors who have access to personal data (sub-processors). It is our policy to use only third-party providers that are bound to maintain appropriate levels of security and confidentiality, to process personal information only as instructed by us, and to flow those same obligations down to their sub-processors.


We do not collect personally identifying information for sale to third parties.

Other disclosures

OPSWAT may disclose personal information to third parties under the following circumstances:

  • When explicitly requested by you

  • As otherwise set out in this MetaDefender Cloud Privacy Policy

We may also disclose your personal information to law enforcement, regulatory and other government agencies, and to professional bodies and other third parties as required by and/or in accordance with applicable laws or regulations. This includes disclosures outside the country where you are located.

Finally, we will disclose personal information if required in urgent circumstances, to protect the personal safety of individuals or the general public, or to maintain the uptime or stability of MetaDefender Cloud.

Security of personal information

Taking into account the state of the art, the costs of implementation, and the nature, scope, context, and purposes of processing your personal information, we have implemented technical and organizational measures to ensure a level of security appropriate to the risk of unauthorized or unlawful processing of personal data. These measures also help us guard against accidental loss, destruction of, or damage to personal data.

Only authorized persons are provided access to the personally identifiable information we have collected, and such individuals have agreed to maintain the confidentiality of this information.

We safeguard the security of the personal information provided to us with physical, electronic, and managerial procedures. Inside OPSWAT, data is stored in secure and controlled servers with limited access.

Where we share your personal information with third-party providers, they may use subcontractors that have access to your personal data (sub-processors). It is our policy to use only third-party providers that are bound to maintain appropriate levels of security and confidentiality, to process personal information only as instructed by us, and to flow those same obligations down to their sub-processors.

Note that your information may be stored and processed in the United States or any other country where OPSWAT, its subsidiaries, or service providers are located.


While we strive to protect personal data, we cannot guarantee the security of the personal information provided to us. Although we use appropriate security measures, once we have received your personal information, the transmission of data over the Internet (including via email) is never completely secure. We urge you to protect your personal information when using the Internet by, for example, changing passwords often, using a combination of letters, numbers, and special characters (for example, % and $ and +) , and making sure to use a secure browser.

Data retention

If you create an account to use services associated with MetaDefender Cloud, we will retain your personal information while the account you’ve created remains active. We will also retain your information for as long as we have a legitimate business purpose to do so, and thereafter, for no longer than is required or permitted by law. This includes data you or others have provided to us, as well as data generated or inferred from your use of MetaDefender Cloud .

MetaDefender Cloud privacy policy updates

Our privacy policy may be updated from time to time, and we will notify you of any material changes by posting the new policy at MetaDefender Cloud privacy policy and revising the “Effective starting” date at the top of the policy.

Contacting OPSWAT and Privacy Shield dispute resolution

In compliance with the Privacy Shield Principles, OPSWAT, Inc. commits to resolve complaints about our collection, use, or sharing of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact OPSWAT, Inc. by either going to or sending postal mail to: OPSWAT, P.O. Box 77878, San Francisco, CA, 94103.

OPSWAT, Inc. has further committed to refer unresolved Privacy Shield complaints to JAMs, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit or for more information or to file a complaint. The services of JAMs are provided at no cost to you.

Further, OPSWAT, Inc. is subject to the investigatory and enforcement powers of the United States Federal Trade Commission (FTC).

And importantly, OPSWAT remains responsible for any onward transfer of your personal information to third parties including, for example, third parties performing external processing your personal information on our behalf, as identified in the “Sharing of Your Data with Service Providers” section.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily by any of the above described methods, please contact:

In UK: The Information Commissioner Office (ICO). The ICO can be contacted by the following means:

  • Form:

  • Telephone: 0303 123 1113 (local rate – calls to this number cost the same as calls to 01 or 02 numbers).

  • Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire
    SK9 5AF

In Romania: The National Supervisory Authority for Personal Data Processing of Romania (

In Switzerland: The Swiss Federal Data Protection and Information Commissioner (


Under certain conditions, more fully described on the Privacy Shield website,, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.