As Piriform (CCleaner) is part of the Gen Group, we are joined with companies providing leading technology solutions in cybersecurity, privacy and identity protection. To enhance the functioning of your devices and improve your experience online, we collect your data to provide you with the best tools. We do not take your trust for granted so we’ve developed a Privacy Policy that covers how we collect, use, disclose, transfer, and store your personal data.
This Privacy Policy was last updated in January 2023.
Piriform Software Ltd (CCleaner) is a multinational company based in the United Kingdom, which belongs to the Gen Group.
The Controller of your personal data is Piriform Software Ltd, which has its principal place of business at 100 New Bridge Street, London, EC4V 6JA, United Kingdom.
If you live in the European Economic Area, Piriform’s representative established in the EU is Avast Software s.r.o., residing at Pikrtova 1737/1a, 140 00 Prague 4, Czech Republic.
This Privacy Policy describes how we handle and protect your personal data and the choices available to you. Additional information on our personal data practices may be provided in product settings, contractual terms, or notices provided prior to or at the time of data collection.
Please refer to our Products Policy describing specifics of personal data processing within our products and services.
This Privacy Policy is intended for you if you are a user of our products and services. If you are a business partner, the privacy notice that applies to you is located here: Business partner policy.
Personal data refers to any information relating to an identified or identifiable natural person (“Personal Data”).
We may collect data or ask you to provide certain data when you visit and use our websites, products and services. The sources from which we collect Personal Data include:
We do not process special categories of personal data, such as health, race, ethnicity or polical opinions, or deduce in any way this type of information from data we collect within our products.
We organize the Personal Data we process into these basic categories: Billing Data and Product Data.
Billing Data includes your name, email address, masked credit card number, license information and in certain circumstances, your billing address and your phone number. In most circumstances, you purchase our products and services from a trusted third-party service provider, reseller, or app store. In those circumstances, your Billing Data is processed by the relevant third party and we only receive a subset of this data to keep proper business records. In these instances, see below an example of Billing Data and what we use it for:
For some features of our Forum it is necessary to create an account. In the Forum profile, you have the option to provide additional information within your account such as personal texts, disclose your birth date, identify your gender, instant messaging number, messenger username, or website name and address, disclose your physical location, and select an avatar or personalized picture. You can contact our support in case you would like to delete your account.
These sub-categories differ for each product and service. If you want more detail about Device and Service Data we process on a product basis, please refer to our Products Policy available on our brand’s website.
We use your Personal Data for the following purposes and on the following grounds:
On the basis of fulfilling our contract with you or entering into a contract with you on your request, in order to:
On the basis of your consent, in order to:
We will always ask for your consent before any processing that requires it and provide you with necessary information through our Consent Policy or otherwise as applicable.
On the basis of legal obligations, we process your Personal Data when it is necessary for compliance with a legal tax, accounting, anti-money laundering, legal order, sanction checks or other obligation to which we are subject.
On the basis of our legitimate interest we will use your Personal Data to:
Your interests are a key part of our decision-making process and have been considered in all of the above mentioned processing operations. We believe we have balanced your interests against our interests. In any case, you have the right to object, on grounds relating to our particular situation, to those processing operations. For more details please see section . Your Privacy Rights.
Before relying on our legitimate interests, we balanced them against your interests and made sure they are compelling enough and will not cause any unwarranted harm. With respect to the purposes below we consider necessary to explain what our interests are in detail.
We process Personal Data for network and information security purposes. In line with EU data protection law, organizations have a recognized legitimate interest in collecting and processing Personal Data to the extent strictly necessary and proportionate for the purposes of ensuring network and information security. This primarily covers the ability of a network or of an information system to resist events, attacks or unlawful or malicious actions that could compromise the availability, authenticity, integrity and confidentiality of stored or transmitted data, or the security of the related services offered by, or accessible via those networks and systems.
Both as an organization in our own right, and communication technologies and services, it is necessary for the functionality of our systems, products and services and in our legitimate interests as well as in our users’, to collect and process Personal Data to the extent strictly necessary and proportionate for the purposes of ensuring the security of our own, and of our users’ networks, devices, and information systems.
The Personal Data we process for said purposes includes:
Depending on the context in which such data is collected, it may contain Personal Data concerning you. However, in such cases, we will process the data concerned only to the extent strictly necessary and proportionate to the purposes of securing your network, device and systems.
We have a legitimate interest for messaging our users about possible security, privacy and performance improvements and products that supplement or improve purchased products. We can also message our customers with information and offers relating to already purchased products (e.g. time-limited offers).
If you are our customer, we feel a responsibility to inform you about security and utility improvements and possible problems to your device and software that go beyond our product that is installed and provide you with effective solutions relevant to these problems. We thus have legitimate interest to optimize the content and delivery of this type of communication to you so that you will be most likely to find them relevant and non-intrusive at the same time. We use certain limited subsets of Billing Data and Product Data to deliver this communication.
We have a legitimate interest to use necessary Personal Data to understand user conversions, acquisitions and campaign performance through various distribution channels, and users’ download, activation and interactions with our products. For example, we want to know how many users clicked on our offers, or purchased our product after seeing one of our ads. These analytics help us improve functionality, effectiveness, security and reliability of our products and business activities and develop new products. This processing includes using third-party tools. Please refer to our Products Policy for the list of third-party tools used for the specific products and services.
We do our best to disconnect or remove all direct identifiers from the Personal Data that we use:
Our third-party payment partner will collect your IP address for its billing process; we do not store the IP address from this process.
For free and paid products, your IP address is also processed for the purpose of downloading certain products, product authorization, and preventing fraud.
Please refer to our Products Policy for specific use of IP address by our products and services.
We do not take any decisions solely based on algorithms, including profiling, that would significantly affect you.
We only disclose your Personal Data as described below, within our group, with our partners, with service providers that process data on our behalf and with public authorities, as required by applicable law. Processing is only undertaken for the purposes described in this Privacy Policy and the relevant Products Policy sections. If we disclose your Personal Data, we require its recipients to comply with adequate privacy and confidentiality requirements, and security standards.
If you opt to pay for use of our services, we will use a third party payment processor to take payment from you. These third parties are properly regulated and authorized to handle your payment information and are prohibited from using your Personal Data for any other purposes other than arranging these services for us. However, they are independent controllers of your data with their own responsibility.
These are our long-term payment processors:
Your Billing Data is processed by the payment processor from whom you purchased the product. Your data is processed according to the relevant payment processor’s privacy policy.
We may use contractors and service providers to process your Personal Data for the purposes described in this Privacy Policy and Products Policy. We contractually require service providers to keep data secure and confidential.
Such service providers may include in particular contact centers, professional consultants (including for defence or exercise of our rights), and marketing/survey/analytics/software suppliers.
Sometimes these service providers, for example, our distributors, resellers, and app store partners, will be independent controllers of your data and their terms and conditions, end user license agreements (“EULA”) and privacy statements will apply to such relationships.
To be able to offer our products and services for free, we serve third-party ads of advertising companies in our products for mobile devices. To enable the ad, we embed a software development kit (“SDK”) provided by an advertising company into the product, which then collects Personal Data in order to personalize ads for you.
Please note that only a few of our free products serve third-party ads. You will be asked for consent during the installation process of such a product. For further information, including the exact scope of processed Personal Data and names of relevant products, please refer to our Consent Policy which includes the list of our advertising partners and their privacy policy.
We may provide your Personal Data to our partners for the purpose of distribution, sale or management of our products. Our partners may use your Personal Data to communicate with you and others about Avast products or services. In addition, you purchase our products directly from our distributor, a reseller, or an app store. Because your relationship in these cases is with that distributor, reseller or an app store, such third party will also process your Personal Data.
Our websites use cookies to personalize your experience on our sites, tell us which parts of our websites people have visited, help us measure the effectiveness of campaigns, and give us insights into user interactions and user base as a whole so we can improve our communications and products. While using our websites, you will be asked to authorize the collection and use of data by cookies according to the terms of the Cookie Policy.
We use analytical tools, including third-party analytical tools, which allow us to, among other things, identify potential performance or security issues with our products, improve their stability and function, understand how you use our products, and websites, so that we can optimize and improve your user experience, as well as evaluate and improve our campaigns. We use Service and Device data for analytics.
While we generally prefer using our own analytical tools, we sometimes need to partner with other parties, which have developed and provide us with their own tools and expertise. Below, we list these partners and tools and their privacy policies.
Please note that not all of our products use all of these third-party analytics tools. Analytics tools that we use for diagnosing your product are necessary for service provision. You will find relevant tools listed under each product in our Products Policy.
Tool (provider) |
Type of Analytics |
Link to Privacy Policy |
Location |
Google Analytics (Google) |
user behaviour |
https://support.google.com/analytics/answer/6004245 https://policies.google.com/privacy https://support.google.com/analytics/answer/6366371?hl=en&ref_topic=2919631 |
US, Ireland |
Firebase Analytics (Google) |
user behaviour (advanced features like A/B testing, predictions) |
US, Ireland |
|
Firebase Crashlytics (Google) |
crash reporting |
US, Ireland |
|
AppsFlyer (AppsFlyer) |
user acquisition |
Germany |
|
Logentries |
user behaviour |
US |
|
Loggly |
crash reporting |
US |
In certain instances, it may be necessary for us to disclose your Personal Data to public authorities or as otherwise required by applicable law. No Personal Data will be disclosed to any public authority except in response to:
Like any other company, we too go through its own cycle of growth, expansion, streamlining and optimization. Its business decisions and market developments therefore affect its structure. As a result of such transactions, and for maintaining a continued relationship with you, we may transfer your Personal Data to a related affiliate.
If we are involved in a reorganization, merger, acquisition or sale of our assets, your Personal Data may be transferred as part of that transaction. We will notify you of any such deal and outline your choices in that event, when applicable. Information including personal data relating to our business may be shared with other parties in order to evaluate and conclude the transaction. This would also be the case if we were required by law to make such changes.
We are a global business that provides its products and services all around the world. In order to reach all of our users and provide all of them with our software, we operate on an infrastructure that spans the globe. The servers that are part of this infrastructure may therefore be located in a country different than the one where you live. In some instances, these may be countries outside of the European Economic Area (“EEA”). Regardless, we provide the same GDPR-level of protection to all Personal Data it processes.
At the same time, when we transfer Personal Data originating from the EEA outside of the EEA or cooperate with a third-party vendor located outside the EEA, we always make sure to put in place appropriate safeguards, such as Standard Contractual Clauses or adequacy decisions adopted by the European Commission, to ensure that your data remains safe and secure at all times and that your rights are protected.
Situations where we transfer Personal Data outside of the EEA include allowing access to Personal Data stored in the Google Cloud Platform to Google personnel located outside the EEA, the provisioning of our products and services and third-party services related to it, the processing of transactions and your payment details, and the delivery of support services. Further, an outside-EEA transfer may also occur in case of a merger, acquisition or a restructuring, where the acquirer is located outside of the EEA (see the Mergers, Acquisitions and Restructurings section).
We maintain administrative, technical, and physical safeguards for the protection of your Personal Data.
Access to the Personal Data of our users is limited to authorized personnel who have a legitimate need to know based on their job descriptions, for example, employees who provide technical support to end users, or who service user accounts. In the case of third-party contractors who process personal information on our behalf, similar requirements are imposed. These third parties are contractually bound by confidentiality clauses, even when they leave the company. Where an individual employee no longer requires access, that individual's credentials are revoked.
We store your personal information in our database using the protections described above. In addition, we utilize up-to-date firewall protection for an additional layer of security, high-quality antivirus and anti-malware software, and regularly update our virus definitions. Third parties who we hire to provide services and who have access to our users' data are required to adopt appropriate measures we deem them necessary.
Access to user information in our database by Internet requires using an encrypted VPN, except for email and drive which requires user authentication. Otherwise, access is limited to our physical premises. Physical removal of Personal Data from our location is forbidden. Third-party contractors who process Personal Data on our behalf agree to provide reasonable physical safeguards.
We strive to collect no more Personal Data from you than is required by the purpose for which we collect it. This, in turn, helps reduce the total risk of harm should data loss or a breach in security occur: the less data we collect, the smaller the overall risk.
We will hold your Personal Data on our systems for the following periods:
The data we collect from you may be stored, with risk-appropriate technical and organizational security measures applied to it, on in-house as well as third-party servers in the Czech Republic, in the United States, as well as anywhere we or our trusted service providers and partners operate. In particular, we store some of the data in the Google Cloud Platform operated by Google Cloud EMEA Ltd. Personal Data originating from the EEA are stored on Google’s servers in the EEA, however, such data may be also accessed by Google personnel located outside the EEA. We put in place appropriate safeguards, including Standard Contractual Clauses, to address these cross-border transfers of Personal Data.
In all cases, we follow generally accepted standards and security measures to protect the personal data submitted to us, both during transmission and once we receive it.
You have the following rights regarding the processing of your Personal Data:
You can submit your requests relating to your privacy rights and access to documentation relating to appropriate safeguards for cross-border transfers through our online form.
The fulfillment of data subject rights listed above will depend on the category of Personal Data and the processing activity. In all cases, we strive to fulfill your request.
We will action your request within one month of receiving a request from you concerning any one of your rights as a Data Subject. Should we be inundated with requests or particularly complicated requests, the time limit may be extended to a maximum of another two months. If we fail to meet these deadlines, we would, of course, prefer that you contact us to resolve the situation informally.
Where requests we receive are manifestly unfounded or excessive, in particular because of their repetitive character, we may either: (a) charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested; or (b) refuse to act on the request.
For the free versions, we do not and will not maintain, acquire or process additional information solely in order to identify the users of our free products and services. Indentification of an individual is not a requirement for our free versions products to be delivered to you and function.
Consistent with our privacy by design, privacy by default and minimization practices, we may not be able to identify you in connection with Product Data related to specific free products and services. If such a situation occurs, please go to your product settings and explore the available privacy options.You can make certain choices about how your data is used by us by adjusting the privacy settings of the relevant product. Please check your product settings to set your privacy preferences there.
We collect and process Personal Data relating to those within the territory of the Russian Federation in strict compliance with the applicable laws of the Russian Federation.
We collect and process Personal Data (including sharing it with third parties) only upon the consent of the respective individuals, unless otherwise is permitted by the laws of the Russian Federation. You will be asked to grant your consent by ticking the respective box / or clicking “I accept” button or through similar mechanism prior to having access to the site, and/or when submitting or sharing the Personal Data we may request. We collect and use your Personal Data only in the context of the purposes indicated in the consent to processing of Personal Data.
We (directly or through third-party contractors specifically authorized by us) collect, record, systematize, accumulate, store, actualize (update and amend), extract Personal Data of the Russian Federation citizens with the use of databases located on the territory of the Russian Federation, except as otherwise permitted by Russian data protection legislation. We may process Personal Data of Russian citizens using databases located outside of the Russian Federation subject to compliance with Russian data protection legislation.
We undertake all the actions necessary to ensure security of your Personal Data.
You are legally entitled to receive information related to processing your Personal Data. To exercise this right, you have to submit a request to contacts indicated below in the Contact Us section.
You have the right to revoke the consent at any time by sending us an e-mail at contacts indicated below in the Contact Us section. Once we receive the revocation notice from you we will stop processing and destroy your Personal Data, except as necessary to provision the contract or service to you and ensure compliance with the data protection laws. However, please note once you have revoked your consent, we may not be able to provide to you the products and services you request, and may not be able to ensure proper work of our products.
We do not transfer your Personal Data to the countries that under Russian law are not deemed to provide adequate protection to the individuals’ rights in the area of data privacy.
We do not offer, sell or otherwise make available our products or services that have access to, collect and process (or allow us to do the same) Personal Data of third parties in the Russian Federation without the consent of such third parties.
If any provisions of this Policy contradict the provisions of this section, the provisions of this section shall prevail.
This section applies to California, USA residents:
Categories of collected personal information
You can see all categories of collected personal information listed in the section Personal Data We Process.
Sources from which the personal information is collected
You can find information about the sources of data in the section Personal Data We Process.
Business or commercial purpose for collecting or selling personal information
You can find all purposes of processing your personal information listed in the section Why We Process Your Personal Data.
Categories of third parties with whom the business shares personal information
You can find all categories of recipients of personal information listed in the section How We Disclose Your Personal Data. We do not sell (as such term is defined in the California Consumer Privacy Act) your personal information we collect without providing a right to opt out or your direct permission. See more about your right to opt out of sale below.
Our products are not targeted at minors under 16 years of age. We therefore have no knowledge of any sale of data concerning them.
You can find more information on our retention practices in the section How Long We Store Your Personal Data above.
You have the right to:
Under California law, we are required to disclose to consumers the following information upon written request: (1) the categories of personal information that we have disclosed to third parties within the prior year, if that information was subsequently used for marketing purposes; and (2) the names and addresses of all such third parties to whom such personal information was disclosed.
We hereby disclose that we have not disclosed any such personal information regarding any California resident during the one-year period prior to the effective date of this Privacy Policy with the exception of:
If your personal information is subject to a sale or sharing you have the right to opt out from that sale or sharing. We will respect your decision to opt out for at least 12 months before asking you again to authorize the sale of your personal information.
For more information on how you can opt out of the sale or sharing of your personal information, please consult our “Do Not Sell or Share My Personal Information” page.
You can submit your requests using contacts indicated below in the Contact Us section. If you are a California resident under the age of 18, you may be permitted to request the removal of certain content that you have posted on our websites. We will verify your request by matching your email address and, if necessary, other information you provide in your request against the email address and other information we have in our system. You can also designate an authorized agent to exercise these rights on your behalf. We may require that you provide the authorized agent with written permission to act on your behalf and that the authorized agent verify their identity directly with us.
To exercise any of your rights, or if you have any other questions or complaints about our use of your Personal Data and its privacy, write our Privacy Team through the most convenient channel below:
You can submit your privacy requests through our online form. :
You can always reach us by email at [email protected]. Please type “PRIVACY REQUEST” in the message line of your email so we can have the appropriate member of the team respond.
If you prefer, you can send paper mail to AVAST Software s.r.o., Pikrtova 1737/1a, 140 00 Prague 4, Czech Republic. Be sure to write "Attention: PRIVACY" in the address so we know where to direct your correspondence.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
As required under the GDPR, we have a data protection officer (DPO) to monitor our compliance with the GDPR, provide advice where requested and cooperate with supervisory authorities. You can contact our data protection officer via [email protected].
We reserve the right to revise or modify this Privacy Policy. In addition, we may update this Privacy Policy to reflect changes to our data practices. If we make any material changes we will notify you by email (sent to the e-mail address specified in your account), product notification or by means of a notice on this website prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.