Who are we?
If you’d like to talk to us about your personal information, please contact us at firstname.lastname@example.org.
- Visitors — If you’re visiting our public websites, such as www.netcraft.com, trends.netcraft.com, news.netcraft.com, sitereport.netcraft.com and searchdns.netcraft.com
- Blog Subscribers — If you’re signing up for email notifications when we publish a new blog article
- Inquirers – If you’re making an inquiry about one of our services, or raising a support request
- Public Reporters — If you’re reporting a malicious website or other cyberattack as a member of the public such as via report.netcraft.com, or by emailing us at email@example.com
- Netcraft App Users, Netcraft Mail Extension Users and Netcraft Browser Extension Users — If you use the Netcraft App, Netcraft Mail Extension or Netcraft Browser Extension as seen on https://www.netcraft.com/apps/
Client Organization Users — If you’re a member of an organization which is a commercial Netcraft client or potential client (“Client Organization”) for our organization-level services (such as our Countermeasures and Fraud Detection services)
- (“Client Organization Applications” are the web applications and APIs made available for the aforementioned services.)
- Job Applicants — for example, if you submit your CV and/or cover email to us at firstname.lastname@example.org in order to be considered for a job at Netcraft.
To learn about the information we collect, how we use it and why we need it, please consult the section(s) relevant to you under “What information do we collect and how do we use it?”.
What information do we collect, and how do we use it?
Our sites use various analytics platforms to monitor the activity of users, so that we can make improvements to provide a better user experience. This information is not personally identifiable: it cannot be used to identify you and your browsing habits.
You can opt out of these analytics at any time by clicking the buttons below:
Our sites use Facebook and Google Analytics to generate audience lists for re-marketing adverts. This means that after visiting our site you might see our adverts on other sites in Facebook’s audience network or Google’s content network.
You may still occasionally see our adverts around the web, but they won’t have been personally targeted.
|Cloudflare||__cf_bm||This cookie is used by Cloudflare for bot management||After 30 minutes of continuous inactivity by the end user|
|Cookie Preference||cookiesConsented||This cookie remembers your preference as to whether you’d like to store cookies in your browser||1 Year|
|Analytics opt-out||analyticsOptOut||This cookie is set when you choose to opt out of optional analytics cookies||1 Year|
|App Notification||app_notification_seen||This cookie is used by report.netcraft.com to record whether you have seen the Netcraft Apps notification||1 Month|
|Facebook Pixel||_fbp||These cookies are used by Facebook to store and track visits across websites||3 Months|
|Google Tag Manager||_dc_gtm_…||This cookie is used by Google to throttle request rate||1 Minute|
|Google Analytics||_ga||These cookies are used by Google Analytics to collect site usage information and generate audience lists for advertising. This information is anonymised so cannot be used to personally identify you||2 Years|
|Google Ads||_gcl_au||This cookie is used by Google Adsense to store and track conversions||3 Months|
|Bing Ads||_uetsid||This cookie is used by Bing Ads to store and track conversions||1 Day|
|HubSpot||_hstc||These cookies are used by HubSpot to collect site usage information.||6 Months|
|_hsrc||End of session|
|Google Optimize||_gaexp||Used to determine a user’s inclusion in an experiment and the expiry of experiments a user has been included in.||Depends on the length of the experiment, but typically 90 days.|
|_opt_awcid||Used for campaigns mapped to Google Ads Customer IDs.||24 hours|
|_opt_awmid||Used for campaigns mapped to Google Ads Campaign IDs.||24 hours|
|_opt_awgid||Used for campaigns mapped to Google Ads Ad Group IDs||24 hours|
|_opt_awkid||Used for campaigns mapped to Google Ads Criterion IDs||24 hours|
|_opt_utmc||Stores the last utm_campaign query parameter.||24 hours|
|_opt_expid||This cookie is created when running a redirect experiment. It stores the experiment ID, the variant ID and the referrer to the page that’s being redirected.||10 seconds|
|Leadfeeder||_lfa||Used to store a unique visitor ID. Detailed description in this article.||1 Year|
|_lfa_consent||Used to store Dealfront consent status.||2 Years|
|_lfa_test_cookie_stored||Used to temporarily check if the browser supports cookies or not.||Immediately|
|_lfa_expiry||A local storage variable used store the duration for the Dealfront clientID stored in browser LocalStorage.||2 Years|
Web server logs
When you browse our sites or use our APIs (such as a contact form), information will be received in our web server logs containing:
- Your IP address
- Information about your device (such as operating system and browser)
- The URL you requested
- The referring page from which the request was made
Site Report and Search DNS
When you look up a hostname on sitereport.netcraft.com or domain on searchdns.netcraft.com, in order to collect the information you requested, check for malicious content and collect data for our Web Server Survey, we may take the URL/hostname/domain queried and visit it either immediately or with a delay.
When you sign up to our blog mailing list, we use your email address to send you emails. You can unsubscribe at any time using the unsubscribe link in the email.
Support Requests and Sales Inquiries
When you raise a support ticket or make an inquiry about one of our products either by submitting a form on our sites or by emailing us, we keep a record of the information you provide such as your email address, name and other information provided as part of the discussion.
Malicious Email Reports
When you report a malicious email by forwarding it to email@example.com, we get:
- Your email address
- Message headers and body
- Email address(es) of the original recipient(s)
Malicious Site reports
When you report a malicious URL on report.netcraft.com, or via our extensions or apps, we get:
- The URL (e.g.,
https://www.example.com/phish/) of the site
- These URLs are often visited by an automated process to check for malicious content and in some scenarios sites might be visited which contain personal information. For instance, the URL might contain your email address.
- Your email address if you provide it
Netcraft App Users, Netcraft Browser Extension Users and Netcraft Mail Extension Users
We don’t use the Netcraft App, Netcraft Browser Extension or Netcraft Mail Extension to collect personal information which we could use to identify your personal browsing habits. Depending on the service you’re using, we do however collect certain data relating to your internet use in order to detect and disrupt cybercrime:
Blocked Sites Analytics
Netcraft Browser Extension Users: Analytics information is provided to us when an attempt to visit a URL is blocked by the Netcraft Browser Extension. This is collected to improve the quality of the Netcraft Cybercrime Feed and aid in the identification of false positives. The following information is sent to us:
- The URL that was blocked
- The reason the URL was blocked
- The version of the extension that you are using
- The country the URL was visited from
- Information about your device, such as operating system and browser
To opt out, go to the options page of the Extension (usually located in your browser’s Extensions Manager) and disable the ‘Allow analytics’ option.
- Firefox Extensions Manager can be found at Firefox Menu > ‘Add-ons’ > ‘Extensions’.
- Chrome Extensions Manager can be found at Google Chrome Menu > ‘More tools’ > ‘Extensions’.
- Opera Extensions Manager can be found at Opera Menu > ‘Extensions’ > ‘Manage Extensions’.
- Edge Extensions Manager can be found at Options Menu > ‘Extensions’ > ‘Netcraft Extension’ > ‘Remove’.
To opt out, go to the options page of the extension (usually located in your browser’s Extensions Manager) and disable blocking for shopping site skimmers, web miners, other malicious scripts and credential leaks. Note that this also disables your protection against these scripts and credential leaks.
- The Firefox Extensions Manager can be found at Firefox Menu > ‘Add-ons’ > ‘Extensions’.
- The Chrome Extensions Manager can be found at Google Chrome Menu > ‘More tools’ > ‘Extensions’.
- The Opera Extensions Manager can be found at Opera Menu > ‘Extensions’ > ‘Manage Extensions’.
- The Edge Extensions Manager can be found at Options Menu > ‘Extensions’ > ‘Netcraft Extension’ > ‘Remove’.
Netcraft App (Android) and Netcraft Browser Extension Users: When you use the Netcraft App (Android version) and the Netcraft Browser Extension we collect the website hostnames (not full URLs) visited by your IP address whilst browsing the web with Netcraft protection enabled (in the URL
www.example.com is the hostname).
These hostnames are used to help us identify malicious URLs (e.g.
On the Netcraft App (Android), this happens only when accessing sites through a supported app on your device: a list of supported apps installed on your device can be found under “Your supported apps” in the App’s settings.
Netcraft App (iOS) Users: Hostnames are not collected.
Netcraft App Users: Some versions of the Netcraft App provide an SMS protection feature. These versions can be identified by a “SMS Protection” checklist item in the Netcraft App’s home screen. These versions of the Netcraft App collect hostnames (e.g. www.netcraft.com) contained within incoming SMS messages that you receive while the “Scan SMS messages” option is enabled. The hostnames are used to identify malicious URLs (e.g.
/fake-bank-login.html) within the SMS message. We do not collect details of the full URLs in the SMS message, as the full URL is only checked locally on the device. If we detect a malicious URL within an SMS, then we will also collect the timestamp, caller-id of the sender, cryptographic hash of the message body (the message itself is not readable), and a list of the phishing URLs found.
Reporting a Malicious Site
Netcraft App and Netcraft Browser Extension Users: When reporting a malicious site through the Netcraft App or the Netcraft Browser Extension, we ask you for the following information:
- The URL of the site you’re reporting as malicious
- These URLs may be visited by an automated process to check for malicious content and in some scenarios may visit sites that contain personal information. For instance, the URL might contain your email address.
- An email address (if you provide one)
- If you opt to provide an email address, we will store it on your device. Whenever you submit a malicious URL via the Netcraft App, this email address will be included in the report so that you can track your submissions.
Reporting a Malicious Email
Netcraft Mail Extension Users: when reporting a malicious email through the Netcraft Mail Extension, we collect:
- Your email address
- Message content
- Email address(es) of the original recipient(s)
Client Organization Users
In addition to Support Requests and Sales Inquiries above, the following applies:
Netcraft’s Single Sign-On (SSO) Service
If you are using Netcraft’s services on behalf of a Client Organization that currently has a contract with us, in order to fulfil that contract we may issue you as a member of that organization a single sign-on (SSO) account.
For this, we normally receive the following information about you (unless your Client Organization has arranged anonymous SSO accounts):
- Your name
- Your business email address (we can’t see your SSO password)
Your information will be used by us for the creation of your SSO account. The SSO account is then used to verify your identity to access certain Netcraft services so we can fulfil our contract with your Client Organization.
Client Organization Applications
The SSO service protects our Client Organization Applications (e.g. the portals for our countermeasures and fraud detection services). We may collect data about how you have interacted with our Client Organization Applications. This may include the pages or features accessed and links clicked, the date and time of the interaction, content inserted, error logs, and similar information. Some of this information may be made available to your Client Organization via audit logs for the service.
We may make use of your name and business email address to provide you with relevant updates on our products and services. If you’re receiving unwanted emails from us which you don’t think are relevant to your role in your Client Organization, please contact firstname.lastname@example.org.
We collect and process some or all of the following types of information from you:
- Your correspondence and information that you provide to us and/or that may be acquired or produced by us when you apply for a role. This includes information provided through an online job site, via email, at interviews and/or by any other method.
- Information that you provide to us or we acquire as part of our wider recruitment efforts. This may include information acquired and/or produced as a result of participation in careers fairs and recruitment events (including those run in collaboration with third parties such as universities); and information shared with us by recruitment platforms to which you have uploaded information and Netcraft may have access as an employer.
- In particular, we process personal details such as name, email address, address, telephone number, date of birth, qualifications, and information relating to your employment history, skills and experience.
- A record of your progress through any hiring process that we may conduct.
Why do we collect personal information?
(For all users)
We process some data for particular legitimate business purposes, such as:
- Monitoring how our services are used through logs, in order to determine their effectiveness and make improvements where necessary
- Troubleshooting issues with and maintaining security of our services by using web server logs
- Aggregating hostname data from users of our apps in order to determine the busiest websites and other statistics, as well as using them as candidates for inclusion in our monthly Web Server Survey
- Notifying you via email when the status of a malicious site submission has been updated. If you do not want to receive these updates, we provide an unsubscribe link in every email sent to you concerning your reports, which can be used to stop any further email updates regarding any and all of your reports
- For recruitment, our legitimate business interests in evaluating your application to ensure that we recruit appropriate employees, verify your information, to contact you in respect of your application, and to improve our processes and recruitment strategy.
(For Netcraft App/Extension Users, Netcraft Client Organization Users, Blog Subscribers)
Some data collected is required by us to provide the service which you have requested, or which your Client Organization has subscribed to, for reasons such as:
- Using a website hostname to detect whether malicious content is being hosted there
- Responding to a query/request which you have submitted
- Notifying you via email when new articles are posted on the mailing list
- Providing you with information about a site
- Access to the services your Client Organization has purchased
We might have to process your personal data where it’s necessary for compliance with a legal obligation.
When will we hold onto your personal information?
We only hold on to the personal information that we get from you as long as we need to for the particular purpose we collected it for, or where we have a legitimate business reason for holding onto that data (for example, to provide you with a product or service you’ve requested, to sort out transactions and to identify fraud, for our own audit purposes), or where we have to comply with certain legal, regulatory or tax requirements. Even when you stop using our services, we may have to retain some information to meet our obligations.
Where there’s no longer a legitimate business need for processing your personal information, we’ll either securely destroy, erase, delete it or make it anonymous: if we can’t do that (for example if your personal information has been stored in a backup archive), we’ll store that information securely and keep it isolated from further processing until it can be deleted.
When will we share your personal information with third parties?
We may share your personal information with third parties, but do not grant permission to those third parties to use the information for their own business interests. In particular, we may share your personal information with third parties in the following cases:
To combat cybercrime – data pertaining to threat indicators may be shared (this may entail us disclosing information to the relevant hosting company, registrar, platform, internet or telecoms service provider, any relevant law enforcement authority and any other relevant party capable of helping us stop a particular cyberattack).
If legally required to by government bodies and law enforcement agencies.
If you perform unlawful acts or attempts to conduct such acts or in any dispute, claim, action, demand or legal proceedings concerning you and Netcraft.
How secure is your data with us?
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. These people will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
We have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
What are your rights?
Under data protection law you have the right to:
- Access – You have the right to ask us for copies of your personal information.
- Rectification – You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
- Erasure – You have the right to ask us to erase your personal information in certain circumstances. We will honour this request unless deleting that information prevents us from fulfilling our legal obligations; or carrying out necessary business functions, like billing for our services, calculating taxes, or conducting required audits. Please note that if you ask us to remove your SSO account you will no longer be able to access certain Netcraft services.
- Restrict processing – You have the right to ask us to restrict the processing of your information in certain circumstances.
- Object to processing – You have the right to object to the processing of your personal data in certain circumstances.
- Data portability – You have the right to ask that we transfer the information you gave us to another organization, or to you, in certain circumstances.
We don’t charge you for exercising your rights. If you make a request, we have one month to respond to you.
To talk to us about your personal information, please contact us at: