Protection - Malware/ Firmware etc.
Protection - Malware/ Firmware etc.
Data Privacy and Confidentiality
Are there any independent audits of how Bitdefender handles data privacy? I am not asking for the data privacy policy but the real world actions of the company?
They have full access to your laptops etc. If you provide them access to your Outlook and Gmaill accounts, they can read ALL your private and business information.
Avast has a data privacy policy too and is based in EU but has systematically misused data, solld them to other parties etc. And Bitdefender uses also third-party providers as well.
Proton for instance has Zero-Log policy on their VPN, Bitdefender does not guarantee this which I find quite concerning. I do not think they are as strict as they should be.
They also can send user data to US servers as well WITHOUT our consent which I would strictly prohibit. Frankly, if Proton would have a top anti-virus solution, they would be my top choice.
Any views on that?
Answers
-
Hello.
I believe that only @Alexandru_BD, who works for Bitdefender, can answer your question.
Regards.
1 -
Hello @ThTallis and thanks for joining us here.
I'll share my personal thoughts on this. Having worked in the field for some time, I can tell you that usually security programs and tools today (not just Bitdefender) collect a range of telemetry and marketing‐related data, to some extent, but they always show full transparency of the data collected and how it's being handled. To get a better understanding of this, I always recommend reading the Privacy Policy, because this document clearly explains the type of personal data they process, how and where they may use it, how they protect it, who has access to it, with whom they share it, and how to exercise your privacy rights.
First, let's be clear on this: Bitdefender only collects that personal data absolutely necessary for the specified purposes, on a best efforts basis, and they do not sell your data.
Elaborating more on this topic, from a security vendor's perspective, I think there are usually two main drivers for this, the first being security and telemetry. Naturally, an antivirus software often gathers detailed information from your system, such as file hashes, URLs visited or domain references, and of course suspicious activity logs, with the sole purpose to identify and respond to emerging threats. Analyzing datasets from endpoints also helps the security researchers keep up with new malware strains and stay ahead of malicious actors, but again, this implies that only the relevant data which helps achieve that specific purpose is collected, and nothing else.
The second reason for this would be marketing and product analytics. Like other software companies, antivirus vendors also want to understand how users find their products (e.g., which web page referred you), and measure user engagement, promote upgrades or complementary services. A business needs to know where its customers are and what they actually want and need, this has been in the books since marketing was invented. An excellent product is also the result of the customers' input and feedback, which at Bitdefender, is always taken into account.Like the Privacy Policy states, Bitdefender offers data security solutions and services, and their goal is to ensure information and network security by providing quality solutions and services in these areas while also respecting privacy and personal data of customers, Internet users and business partners. And they have been on the market for decades, so they know what they're doing in this field, they are a trusted cybersecurity partner for many known enterprises and protect millions of consumers worldwide, so obviously they are compliant with the applicable data protection legislation such as the EU General Data Protection Regulation (GDPR – Regulation 2016/679), as well as other data protection requirements in any of the jurisdictions where Bitdefender operates.
When it comes to independent audits and compliance, there's a comprehensive list of Certifications that Bitdefender has received over time, including SOC2 Type 2, HIPAA, ISO 27001, ISO 27017, ISO 27018, ISO 9001, and you can consult the full list here:
Bitdefender was officially founded in 2001 as a small company located in Eastern Europe - Romania, with its main headquarters based in Bucharest, but its roots can be traced back as far as 1990. That's how long they've been operating in the cybersecurity field. It has since matured into a successful international company. In 2004 the first offices opened outside of Romania in the United States, Germany and United Kingdom. You can check the company milestones here:
Then, there are so many awards this company received in time, too many to count, really.
As for the VPN, Bitdefender enforces a true Zero-Log policy. This has been confirmed back in 2023 when Pango, with whom Bitdefender partnered at the time to integrate their VPN technology and infrastructure, has undergone a third-party security audit with outstanding results. Since then, the Bitdefender VPN capabilties have been further developed, the infrastructure expanded and the Zero-Log policy was kept in effect.
Furthermore, back in 2022 Bitdefender stood by its strict no-logs policy when they pulled out their VPN services from India, when (CERT-In) proposed a set of cybersecurity regulations obliging VPN and cloud service providers to keep track of customers’ names and IP addresses. They basically said "no thank you, we made a promise to our customers which we intend to keep, so goodbye."The VPN still offers a virtual server for India, but this is not based in the actual country.
So, there you have your real world actions, and I hope this brings peace of mind. Your devices are in good hands, there's no doubt about that.
Regards,
Alex
Premium Security & Bitdefender Endpoint Security Tools user
1
