Privacy Policy
Last Updated: May 30, 2025
Thank you for your interest in the Sangfor Community! The Sangfor Community (“Platform”),
developed by Sangfor, is provided to enable Users (or “you”) to share knowledge, exchange
comments and suggestions on Sangfor products.
Sangfor takes your privacy concern seriously and fully respects your privacy. Sangfor is
committed to strictly complying with applicable laws and regulations to take appropriate
security measures to ensure your privacy in a secure and controllable status. To achieve this
objective, the service provider of this Platform (hereinafter referred to as “Sangfor” or "we")
has prepared and published this Privacy Policy (hereinafter referred to as the "Policy").
To protect your rights, this Policy will explain to you how Sangfor collects, uses, shares,
discloses and stores your privacy and which security measures have been taken to protect the End
User Data (including but not limited to personal information) and the rights to which you are
entitled. In addition to this privacy, we may inform you of the processing details of other End
User Data which are not described in this Policy by way of a separate privacy notice or
statement in advance and seek your consent as necessary, for example when you choose to activate
or use a new service.
This Policy is closely related to your use of the Platform and relevant services. Therefore,
please carefully read and understand all terms of this Policy, and confirm that you have fully
understood and agreed to them before using the Platform. Your clicking of the “I accept” or
similar button or check box online or using the services of the Platform by any other means,
constitutes your understanding and acceptance of this Policy, which shall have legal effect
between you and Sangfor.
This Policy will help you understand the following:
1. Application scope of this Policy
2. How we collect and use your personal information
3. How we share, transfer, and disclose your personal information
4. How we store your personal information
5. How we protect your personal information
6. How you access and manage your personal information
7. How we use cookies and similar technologies
8. Protection of minors
9. Updates to this Policy
10. Contact us
1. Application scope of this Policy
Unless specifically stated or otherwise exclusively agreed, this Policy only applies to the
Platform and other services you access through the Platform. This Policy does not apply to any
products or services provided to you by third parties through this Platform. Before choosing any
third-party products or services, you should fully understand the features and privacy policies
of the third-party products or services and agree with third parties on the specific rights and
obligations related to the use of products or services.
2. How we collect and use your personal information
In the course of your use of the Platform and the relevant services, the information we collect
is as follows:
2.1 In order to help you complete the Platform account registration, we require you to provide
mandatory including your username, email address, country/region of residence, and company
affiliation.
Additionally, you may voluntarily provide optional information including your city of residence,
profile avatar, personalized signature, occupation, and gender designation to further enhance
your profile and platform interactions. You could also add submit your mobile number for
convenient login authentication and password recovery, as well as residential or office address
details when required for reward redemption.
2.2 When engaging in the Platform discussions by publishing posts or comments, we will process
and retain the textual and multimedia content you submit.
2.3 In order to assist Users in participating in the relevant learning and examination
activities, and to provide you with the necessary information and feedback, we will collect
detailed engagement records during your participation in online learning modules and
certification exams, which include accessed courses, exam timestamps, and submitted academic
content (e.g., assignments or examination responses).
When User’s questions, interactions, comments or other published content during your engagement
of these activities are selected for the Platform recommended topic, they may be viewed or
accessed by other Users of the Platform.
2.4 In order to administer technical certification programs, we mandate the submission of
personally identifiable information, including your full name, mobile number, identity document,
email address, and scheduled examination details. This data is essential to verify your
identity, coordinate examinations, and issue credentials. After you pass the relevant technical
certification, we will retain your certification records indefinitely to support statistical
analysis, program management, and user-initiated verification requests.
2.5 In order to deliver service notifications and informational updates, we may disseminate
communications via SMS (linked to your registered mobile number), email, or in-platform
messaging systems. You can stop receiving our service information through SMS unsubscribe, email
unsubscribe, customer feedback and other ways.
2.6 To enhance use efficiency and improve user experience, the Platform provides User with an
AI-powered Intelligent Customer Service, which is designed to accurately understand and resolve
product-related inquiries, including but not limited to questions about product features, usage
instructions, troubleshooting guidance, etc. To enable your interaction with the AI-powered
Intelligent Customer Service, we will use your account information, including your username and
email address.
2.7 In order to fulfill cybersecurity obligations under applicable laws and regulations,
maintain the stable operation of the Platform, and to optimize your use experience, during your
use of the Platform, we may collect information about your device and how you and your device
interact with the Platform, including device identifiers (device name, device model, mobile
phone model, IMEI, MAC address, serial number), IP address, operating system version,and usage
patterns (session duration, interaction logs, system event reports such as errors or crashes).
This information is analyzed to verify your identity, strengthen account security protocols,
diagnose technical anomalies, and mitigate operational risks.
2.7 Exceptions
You are fully aware that, in accordance with applicable laws, we may collect and use relevant
personal information without your authorization or consent under the following circumstances:
2.7.1 It is related to the performance of our obligations specified by laws and regulations.
2.7.2 It is directly related to national security and national defense security.
2.7.3 It is directly related to public safety, public health, or major public interests.
2.7.4 It is directly related to criminal investigation, prosecution, trial, or judgment
execution.
2.7.5 It is for the purpose of safeguarding the life, property, or other significant legitimate
rights and interests of you or other individuals while it is difficult to obtain your consent.
2.7.6 The personal information involved is disclosed to the public by you.
2.7.7 It is necessary to execute and perform the contracts or agreements between you and us.
2.7.8 The personal information is collected from the information disclosed to public legally,
such as through legal news reports, government information disclosures, or other channels.
2.7.9 It is necessary to maintain the operational security and stability of our products or
services, such as discovering and handling the failure of our products or services.
3. How we share, transfer, and disclose your personal information
3.1 Sharing
We will not share the personal information that we process or are authorized to process with any
third party, except in the following circumstances:
3.1.1 Business Partner with Sangfor. To the extent necessary for the operation and relevant
service provision of the Platform, we may share your personal information with our business
partners. Under such circumstances, we will only share your personal information for lawful,
legitimate, necessary, specific, and explicit purposes, strictly limit such sharing to the
minimum necessary scope, and take appropriate technical and management measures to safeguard End
User Data. Our business partners include:
Distributor and Reseller: As Sangfor has conducted global business based on our Distributor and
Reseller network, we may need to share your name, contact details, and other personal
information stated in Section 2 with our Distributor or Reseller to deliver relevant support
services.
To operate the Platform, Sangfor may engage some service providers, technical supporters, and
other third parties for order inquiries, payment and invoicing, logistics and delivery,
after-sales services and customer support, reward redemption, etc.
3.1.2 We have obtained your explicit consent. After
informing you of the name, the contact details of the third parties, the purpose and manner of
the processing, as well as the type of personal information involved, and obtaining your
explicit consent, we will share the information with the third parties within the authorization
scope.
3.1.3 Sharing for the performance of the legal obligation. We may share your personal
information in accordance with applicable laws and regulations, legal proceedings,
litigation/arbitration, compulsory governmental orders or regulatory requirements; for example,
in order to meet the requirements for identification authentication of relevant laws and
regulations, it is necessary to share your personal information with the relevant governmental
authorities or authorized third parties.
3.1.4 To the extent required or permitted by law, it is necessary to provide your personal
information to a third party in order to protect the interests, property or safety of you or the
public from damage.
3.1.5 It is necessary to share your personal information in order to protect national security,
public safety and the significant legitimate rights and interests of you and other subjects.
3.1.6 Personal information that you disclose to the public or that we can obtain from other
legitimate public sources.
3.1.7 We may share your personal information with our affiliates to provide you with transaction
support, service support or security support. For example, to avoid duplicate account
registrations, we need to verify the uniqueness of the accounts to be registered; we will only
share your information with our affiliates for specific, explicit and lawful purposes, and only
to the extent necessary to provide the Services.
3.1.8 Sharing with business partners as necessary to provide services. We may provide your
personal information to business partners with your consent for the purpose of providing you
with the required Service or entering into a cooperation with you. Before introducing the
partners, we will carry out information security related investigation or confirmation, and
require the partners to take strict measures to protect your personal information through
contractual instruments.
3.2 Transfer
We will not transfer the personal information that we process or are authorized to process to
any companies, organizations, or individuals, except in the following circumstances:
3.2.1 We have obtained your explicit consent.
3.2.2 In the event of merger, acquisition, or bankruptcy liquidation where personal information
transfer is involved, we will require that the new company or organization holding your personal
information be bound by this Policy. Otherwise, we will require the company or organization to
obtain your authorization or consent again. If such event does not involve the transfer of
personal information, we will fully inform you of the relevant situation and delete or anonymize
the personal information we hold.
3.3 Disclosure
We will not disclose relevant personal information, except in the following circumstances:
3.3.1 The disclosure is made with your express consent or at your request.
3.3.2 Disclosure in accordance with legal requirements: The disclosure is necessary to comply
with compulsory requirements of laws, legal proceedings, litigation, or competent government
authorities.
3.3.3 The disclosure is reasonable and necessary for the purpose of maintaining the public
interests.
3.4 We may share, transfer, or disclose relevant personal information without your authorization
or consent under the following circumstances:
3.4.1 It is for purposes related to national security and national defense security.
3.4.2 It is for purposes related to public safety, public health, or major public interests.
3.4.3 It is for purposes related to criminal investigation, prosecution, trial, or judgment
execution.
3.4.4 It is for the purpose of safeguarding the life, property, or other significant legitimate
rights and interests of you or other individuals while it is difficult to obtain your consent.
3.4.5 The personal information disclosed is from the information collected from legally publicly
disclosed information, such as through legal news reports, government information disclosures,
or other channels.
3.4.6 It is necessary to maintain the operational security and stability of our products or
services, such as discovering and handling the vulnerability or failure of our products or
services.
4. How we store your personal information
4.1 The Platform is deployed on Sangfor servers located in the Federation of Malaysia (hereafter
referred to as Malaysia) and can be used by the User located outside of Malaysia. As the data
processed by the Platform is triggered by the User’s independent login or use of the
corresponding functions, before using the Platform, the User located outside of Malaysia shall
be aware that their login and use data will be transferred to Malaysia. The User shall
independently assess whether the cross-border transfer and processing of data involved in the
use of the Platform meet the legal requirements applicable to you, and you shall be solely
responsible for complying with the applicable legal requirements independently. As the service
provider of the Platform, Sangfor will store data and take relevant management and technical
measures to safeguard data security in accordance with the applicable laws and regulations.
4.2 If we need to transfer relevant personal information we process within one country or region
to an overseas entity for the purpose of conducting cross-border business, we will obtain your
separate consent and transfer the personal information in accordance with the applicable laws,
regulations, and the provisions of the competent regulatory authorities. We will ensure to
provide sufficient protection for related personal information, such as anonymizing the personal
information or taking encryption or other security measures for the storage and transmission of
personal information.
4.3 You understand and agree that, in order to better guarantee sufficient resources for the
operation of the Platform servers so as to provide the User with more stable and high-quality
services, or based on the demand for disaster recovery and backup, Sangfor may temporarily store
some of the data uploaded by the User on servers other than the data center providing services,
and such data will be strictly encrypted and compressed and will not be processed in any other
way except for storage. And Sangfor will safeguard the data security in accordance with this
Policy or other relevant agreements.
4.4 Audit log data for the Platform (which may contain the information listed in Articles 2.1
and 2.4) will be retained for not less than six months in accordance with legal requirements,
and for other data uploaded by the User that contains no personal information, Sangfor will
decide the retention period independently according to the business requirements of threat
intelligence. In addition to the above, under the following circumstances and for the
corresponding purposes, we may need to retain all or part of your information in accordance with
the retention period specified in the relevant laws and regulations:
4.4.1 Comply with applicable laws and regulations and other relevant provisions.
4.4.2 Comply with a court judgment, decision or other legal process.
4.4.3 Comply with the requirements of the relevant administrative, judicial or other competent
authorities.
4.4.4 Implement of this Policy or other relevant agreements, or handle any complaints/disputes,
or protect the personal, property safety or legitimate rights and interests of you or other
relevant subjects within the reasonable and necessary scope.
5. How we protect your personal information
5.1 Sangfor attaches great importance to your information security. We use various technical
security measures to protect the information against unauthorized access, use, disclosure,
abuse, alteration, destruction, or loss, for example, we provide secure browsing on the Platform
using the HTTPS protocol; we use encryption technology to increase the security of End User
Data; and we use trusted protection mechanisms to prevent malicious attacks on End User Data. In
addition, we establish End User Data security management systems and work processes to strictly
control access to End User Data; restrict the permissions of the staff having access to personal
information and provide them with training relating to security and confidentiality; and
regularly conduct personal information security risk assessments and promptly handle related
risks, to continuously improve our ability to protect the security of personal information.
5.2 In addition to our obligation to protect your personal information, you are also responsible
for the appropriate use and safekeeping of information relating to your account, so please set a
password with a high level of complexity in order to maximize account security. If you identify
that anyone is using your account without your authorization, you shall immediately report this
to the personnel who has assigned the account access to you or contact us to assist you in
stopping the unauthorized use.
5.3 In the event of a personal information security incident (information leakage or loss), we
will, in accordance with applicable laws and regulations, promptly inform you of the basic
information and possible impact of the security incident, the measures we have taken or will
take, suggestions for you to independently prevent and reduce risks, and the remedies for you in
a reasonable manner. We will promptly inform you of the incident-related situation by email,
letter, phone call, online push and notification, etc. If it is difficult to inform the data
subject separately, we will take a reasonable and effective way to make a public announcement.
In addition, we will report our handling of the personal information security incident in
accordance with the requirements of regulatory authorities.
5.4 THOUGH WE WILL USE OUR BEST EFFORTS TO TAKE REASONABLE MEASURES TO PROTECT THE SECURITY OF
END USER INFORMATION, THERE ARE NEITHER COMPLETELY PERFECT SECURITY MEASURES NOR UNBREAKABLE
SERVICES, PRODUCTS, WEBSITE, DATA TRANSFER, INFORMATION SYSTEM OR NETWORK CONNECTION IN THE
EVENT OF ANY UNAUTHORIZED ACCESS TO, PUBLIC DISCLOSURE OF, UNINTENTIONAL ALTERATION OF, OR
DESTRUCTION OF INFORMATION DUE TO A BREACH OF OUR PHYSICAL, TECHNICAL, OR MANAGERIAL SAFEGUARDS,
WHICH RESULTS IN DAMAGE TO YOUR LEGAL RIGHTS AND INTERESTS, WE WILL ASSUME THE RESPONSIBILITIES
AND LIABILITIES ARISING THEREFROM. IN THE EVENT OF ANY END USER DATA LEAKAGE, LOSS, OR OTHER
SECURITY INCIDENT ARISING OUT OF YOUR DISCLOSURE OF THE PRODUCT OR SERVICE ACCOUNT AND PASSWORD
TO A THIRD PARTY, YOUR BREACH OF THE RELEVANT PRODUCT OR SERVICE USE AGREEMENT, OR OTHER REASONS
ATTRIBUTABLE TO YOU, OR HACKING, INTRUSION OF COMPUTER VIRUSES, OR OTHER REASONS ATTRIBUTABLE TO
THIRD PARTIES, OR FORCE MAJEURE, YOU UNDERSTAND THAT SANGFOR SHALL NOT BEAR ANY DIRECT OR
INDIRECT LOSS OR LIABILITY ARISING THEREFROM.
6. How you access and manage your personal information
Under applicable data protection laws, you may have the following data protection rights:
6.1 You have the right to access and manage your personal information processed by Sangfor.
6.2 You have the right to demand the rectification of any incorrect or inaccurate personal data
we hold with respect to you.
6.3 You have the right to object to processing of your personal data, or ask us to restrict
processing of your personal data..
6.4 You may also request us to delete your relevant personal information under the following
circumstances:
6.4.1 Our processing or authorized processing of relevant personal information violates
applicable laws and regulations.
6.4.2 We collect and use your personal information without your express consent.
6.4.3 Our processing or authorized processing of relevant personal information seriously
breaches the relevant agreement.
6.5 You have the right to withdraw your consent previously made and relating to the processing
of your personal data with future effect. However, such withdrawal of consent does not affect
the legitimacy of any processing operations previously executed. To exercise any of the above
rights, please contact us by following the instructions available in the Section 9 "Contact Us"
in this Privacy Policy.
6.6 Response to your request
6.6.1 When you claim the said rights, we may require you to submit a written request and may
verify your identity. In principle, we do not charge a fee for your reasonable requests, but we
will charge a certain cost for repeated requests that exceed reasonable limits, as appropriate.
We may reject requests that are repeated for no reason, require excessive technical means (for
example, requiring the development of new systems or fundamental changes to current practices),
pose a risk to the legitimate rights and interests of others, or are highly impractical (for
example, involving the backup of information stored on tapes).
6.6.2 To ensure security, you may need to submit a written request or otherwise prove your
identity. We may ask you to verify your identity before processing your request.
6.6.3 Under the following circumstances, we will not be able to respond to your request:
6.6.3.1 It is related to the performance of your obligations specified by laws and regulations.
6.6.3.2 It is directly related to national security and national defense security.
6.6.3.3 It is directly related to public safety, public health, or major public interests.
6.6.3.4 It is directly related to criminal investigation, prosecution, trial, or judgment
execution.
6.6.3.5 We have sufficient evidence that you have subjective malice or abuse of rights.
6.6.3.6 It is for the purpose of safeguarding the life, property, or other significant
legitimate rights and interests of you or other individuals.
6.6.3.7 Response to your request will cause serious damage to the other legitimate rights and
interests of related individuals or organizations.
6.6.3.8 It involves trade secrets.
7. How we use cookies and similar technologies
7.1 Cookies are small data files that are installed on your computer or mobile endpoint device
when you visit a website. The content of a cookie can only be retrieved or read by the server
that created it. We may record and use information about you through cookies, but the
information recorded through cookies is only stored on your local device and only processed when
you are using the relevant features/services of the Platform. The specific purposes for which we
use cookies include:
7.1.1 To remember your identity for the purposes of logging in and completing authentication,
e.g. cookies help us to recognize you as a registered User of Sangfor;
7.1.2 To store your operational settings or preferences so that you can have a more efficient
experience.
7.1.3 To count and analyze your use of the Platform in order to provide you with a more
thoughtful and personalized service, which may include, but is not limited to, customized pages,
content recommendations, etc.
7.2 Other similar technologies
In addition to cookies, we may use other similar technologies to collect information
automatically. For example, we may use browser web storage (including through HTML5), also known
as local storage objects, for purposes similar to cookies.
7.3 Most web browsers have settings to block cookies and clear the browser’s web local storage,
which you can manage or clear according to your preferences. Please note that if you set to
block the operation of cookies or other similar technologies, you may not be able to enjoy an
optimal experience of the Services and the usability of certain features may be affected.
8. Protection of minors
8.1 Our Products and Services are provided mainly to adults. We attach great importance to the
protection of personal information of minors. If you are a minor, you must ask your parent or
other guardians to carefully read this Policy and you may use our products or services or
provide information to us after obtaining the consent of your parent or other guardians.
8.2 In the case of the collection of personal information of minors who use the Platform with
the consent of their parents or other guardians, we will only process the relevant information
as permitted by law, with the express consent of the parents or other guardians, or as necessary
for the protection of the minors.
8.3 In the event that Sangfor identifies any collections of personal information of minors
without obtaining verifiable consent of their parents or other guardians, we will seek to obtain
valid consent from their parents or other guardians or delete the relevant personal information
as soon as possible.
9. Updates to this Policy
We may revise and update this Policy from time to time according to changes in the management
and operation of the Platform or the processing of personal information. If the update of this
Policy may result in any material reductions of your rights under this Policy, or involves any
changes of important regulation such as expanding the scope of our processing activities, we
will notify you to check the updated Policy by posting a notice in a prominent position on the
page of this Platform, popping up, or sending an email or other reasonable means. Your continued
use of the Platform under the above circumstances constitutes your understanding and acceptance
of the updated Policy.
10. Contact us
If you have any questions about this Policy or other matters related to the use of the Platform,
or have any comments or suggestions, you may contact Sangfor by sending an email to
privacy@sangfor.com We will review the information you submit as soon as possible upon receipt
and will provide you with timely feedback after your demand is clarified.