Services Data Collection Disclosure
This Services Data Collection Disclosure applies to Synology-provided services offered on Synology websites, Synology-branded applications, services provided from physical Synology products ("Synology Devices"), and digital or physical services directly offered by Synology unless stated otherwise. A list below details the data collection of Services provided.
- Synology Account
- Package Center
- Package Activation
- Payment
- C2
- Device Analytics
- Device Network Mapping
- Marketing Events and Promotional Events
- QuickConnect and Synology DDNS
- Technical Support
- Synology Application Service
- Push Notifications
- Mobile Applications
- Alexa Services
- DSM Configuration Backup
- Active Insight
Synology Account
A Synology Account is the personal account you use to access Synology services, such as QuickConnect, Synology DDNS, Technical Support, Package Activation, Active Insight, and DSM configuration. You will need to associate your Synology Account with your NAS device to enable those Synology services. Data collected by corresponding Synology services can also be found on this Service Data Processing Policy. Please read the relevant sections for more information.
By creating a Synology Account, you will automatically receive our eNews from time to time. You may choose to opt-out from our eNews Service by changing the settings on your Synology Account newsletter page or by clicking on the "unsubscribe" link in the corresponding newsletters. However, if you are an EU resident other than a business user, you will only receive our eNews when your consent is validly provided and you may withdraw your consent at any time by using the methods described above.
When you create a Synology Account, we may collect a variety of information, including your name, mailing address, phone number, email address, device identifiers, IP address, and location information to help facilitate communications and provide services to you. If you purchase our package license, we will collect your payment information, and you can find your purchase history on your Synology Account payment page. For more information, please read our payment section.
Please note that if you reside in the Chinese Mainland, your phone number will be used to verify your identity. We will use a third-party to send you a verification code when you create your Synology Account.
Synology Account websites may use "cookies" to help us better understand user behavior and to improve user experiences when you revisit our websites. For more information, please read our Cookie Policy.
Synology does not use your information for any other purpose.
Synology does not share your information unless otherwise specified for the particular service.
You may delete your Synology Account at any time. However, we may be unable to provide you certain services afterward. Account deletions, including all the associated data with the specified account, are irreversible. Synology may retain payment data for financial purposes, including but not limited to tax reporting, auditing, and inventory purposes.
Package Center
Synology collects package download information from your Synology device in order to help us understand how we can better improve our devices and software. When a Synology device issues a download request to Package Center, Synology's database will record the action with a unique ID. This ID is used only to identify download activity in Package Center. None of this information contains any of your personal information or metadata pertaining to your files. Package Center does not track or record your device's serial number, MAC address, or IP addresses for uses that do not require additional licenses.
Licensing
Purchasing package licenses, whether a single, subscription-based, or in-app purchase, requires a Synology Account*. We will collect certain information from your Synology device for licensing purposes, including product serial number, IP address, MAC address, and registered Synology Account. We store this information to verify your license when it is applied to a Synology device.
Activating and updating packages will usually require an Internet connection to our servers. We identify your Synology device with a unique device ID.
For record-keeping and future troubleshooting, we may keep track of information such as whether the update was successful or not. We may use the information collected through activation or updates to validate your license status.
Synology only shares aggregated statistics that do not contain personal information to our partners, licensors, and licensees.
Applicable to:
Synology-published
- exFAT Access
- McAfee Antivirus
- MailPlus Server
- Presto File Server
- Virtual DSM
- Virtual Machine Manager Pro
- VPN Plus
* Surveillance Station licensing does not require a Synology Account
Third-party
- sMedio DTCP Move
- DiXiM Media Server
Third-Party Packages
Synology Package Center is a platform that enables other developers to publish their applications for use on Synology devices. Packages distributed or published by third-party developers may collect additional information regarding you or your device. Synology requires third-party developers to be transparent about all practices. However, Synology does not control or have the capability to completely verify claims, nor is Synology responsible for any practices performed by third-party packages. When you install third-party packages, you should read and understand the end-user license agreements (EULA), privacy statements/policies/notices, and terms of use/service that may be presented to you.
Users should contact the third party directly for any questions or problems you have in using third-party packages.
Certain third-party packages may utilize Synology's Package Center for payment services. Synology will collect the same information as listed in the "Payment" section. Synology does not disclose your personal information to third parties and only presents the information as an aggregated figure.
Third-party packages may include their own subscription or payment services that are not controlled by Synology.
Synology only shares aggregated statistics that do not contain personal information to third-party developers.
Package Activation
Data we collect
To activate certain Synology-published packages, your Synology Account is required to complete the activation. Synology collects device-specific information and information from your Synology Account such as hardware model name, user's type (business or home), data storage location, and company name.
Applicable to:
Synology-published
- Active Backup Series
- Active Backup for Business
- Active Backup for G Suite
- Active Backup for Microsoft 365
How we use your data
Synology encrypts the raw data received and then analyzes it to produce human-readable results, to help us provide better service/software for you in the future. The raw data is never shared with any third parties. Package activation does not track your device's serial number, MAC, or IP addresses.
How we store your data
Synology employs industry-standard encryption practices to safely protect your raw data. Even in the event of a breach, the data collected cannot be used to identify you. Synology restricts access to both the raw and aggregated data by specific employee roles. Data collected is deleted when the relevant Synology Account is deleted.
Payment
Data we collect
To make a purchase, Synology will collect the information you provide, including your name, billing address, phone number, IP address, client user-agent, VAT, and payment method to process the transaction. Synology does not directly handle your payment methods, such as your credit card number and CVC.
How we use your data
Synology uses a third-party processor, Stripe, Inc., to securely handle your payment method and to calculate and report taxes. Stripe uses and processes your complete payment information in accordance with Stripe's privacy policy. All data shared with Stripe is protected in the manner described in the "Data Controllers, Contracting Parties, Transfer of Data" section of this Statement.
Synology only uses the information we collect from the payment process to complete transactions, generate receipts, report taxes, and for financial and legal auditing purposes. We do not share or use this information for any other purpose.
How we store your data
Your purchase history, even if refunded or canceled, will be stored for a minimum of four years per legal requirements imposed on Synology and its subsidiaries. Synology will retain this history, including your billing information, for an indefinite period in the following situations; If the order contains a perpetual license, a license renewal, a physical item, extended support, or is needed for financial or legal purposes. Our payment processors and tax reporting providers may additionally be subjected to other legal obligations.
Synology generates a receipt that is made available on your Synology Account for each transaction.
By deleting your Synology Account, you will be forfeiting all purchased licenses. Synology will remove your transaction history after the minimum storage period based on our legal obligations.
C2
Data we collect
Synology C2 service is an online backup destination designed exclusively for Synology devices. C2 service requires a Synology Account. We collect payment information from you to clear the transaction and provide the service to you. You should refer to the "Payment" section for more information.
Synology C2 stores data that you upload from your Synology device. You may choose to encrypt this data prior to uploading it.
How we use your data
Synology only uses data you provide to us to offer you the service. We do not analyze or access the data you upload.
How we store your data
Synology C2 service supports full encryption of your files. Your files will never be accessed by our engineers unless a specific technical support request is made by you and requires us to do so. Your data is stored until the end of your subscription. A "grace period" is defined by the Synology C2 GTC. If you choose to delete your Synology Account, your data and subscription status for Synology C2 will be forfeited and removed.
Device Analytics
Device analytics, or usage information sharing, is an opt-in* option that you may enable in Synology's DSM or SRM operating system. In DSM, we develop our own tool to understand the usage trends of DSM. In SRM, we use Google Analytics, a web analytics service provided by Google, Inc. ("Google"), to understand the usage trends of SRM. You can opt-out any time by disabling the device analytic function in the control panel both in DSM or SRM.
* As of May 22, 2018, Synology no longer collects data from DSM 6.1.6 and earlier versions, 6.2 Beta, and Preview versions, or any SRM 1.1.x versions even if the option is enabled.
Data we collect
Synology collects usage information from your Synology device in order to help us understand how we can better improve our devices and software. The data we collect does not contain information that can directly identify you, the user. Your Synology device will send to us, for example, information on the settings of the Internet environment, the operating system, and packages. Additionally, we may collect information on how you interact with certain functionality or user interface elements. Synology device analytics does not track your device's serial number, MAC, or IP addresses.
How we use your data
The raw data will be encrypted and then analyzed to produce human-readable results. The raw data is never shared with any third parties. Synology engineers and product management teams may utilize aggregated information to analyze usage trends to make informed decisions on our future products, applications, and services. In very select cases, Synology may elect to share a very small subset of these aggregated statistics with select partners. The information we share with partners is strictly aggregated results and anonymous.
How we store your data
Your raw data is protected with industry-standard encryption practices. Even in the event of a breach, the data collected cannot be used to identify you or your device. Synology retains device analytics data for up to three years in order to generate statistics. Synology restricts access to both the raw and aggregated data by specific employee roles.
Device Network Mapping
Data we collect
By enabling this service, you can easily find Synology devices on your network in order to connect to them. Synology will use devices that enabled this option to scan your local network when you access "find.synology.com" or "router.synology.com" to list devices on your network. If you disable this option, you will be unable to find devices that have already been set up unless you remember their IP addresses or have already set up your own domain and/or QuickConnect or Synology DDNS service. Synology stores your devices' public and private IP addresses and your devices' Serial Number.
How we use your data
Synology only stores information to help you easily identify devices on your network when you access "find.synology.com" and "router.synology.com". Synology does not use this information for any other purpose. We do not share this information.
How we store your data
Unless there is a technical issue with the system or a technical support request, Synology employees do not have access to the database. Data collected by this method are automatically deleted after six months of inactivity.
Marketing Events and Promotional Events
Data we collect
Synology hosts events such as webinars, workshops, and product launches. You can sign up to join one of these from Synology's website. Registration may require a Synology Account, as well as may require additional survey information depending on the event. Synology collects, and stores information related to you that is available from your registration and from the survey.
Some events may be hosted by a third party. With your consent, event hosts may share event attendees' information to their sponsors. In events where Synology is a co-host or sponsor, we may receive participants' information from event hosts.
Some events may have registration fees, payment methods and personal information processed by Synology will be handled by the Payment section.
How we use your data
Synology may contact you through email or other communication protocols with information regarding the registered event and/or about service-related issues.
How we store your data
Your information is securely stored and only available to event organizers. Synology retains event participation information for at least four years due to legal obligations that are imposed on Synology and our subsidiaries. The actual storage period may differ depending on the host(s), venue, location, and type of event.
If you would like to remove your information after the event, you may choose to delete your Synology Account. As some information is required for certain events, this may limit our ability to provide services or allow you attendance. You may also elect to unregister from the event if you no longer wish to attend.
For events hosted that do not require a Synology Account, please contact Synology. Synology may request additional information to confirm your identity.
QuickConnect and Synology DDNS
Data we collect
QuickConnect and Synology DDNS are free connection services provided by Synology. Users who wish to utilize these services must have a Synology Account. Synology collects certain information from your Synology device, including product serial number, IP address, and routing ports in order to provide the services to you.
How we use your data
Synology uses the collected data to identify, authenticate, and provide Synology devices with QuickConnect and Synology DDNS services. In addition, to secure the connection to your DSM with HTTPS, your QuickConnect and/or Synology DDNS domain will be passed to Let's Encrypt, a third-party certificate authority, to generate an SSL certificate. For details on how Let's Encrypt uses your data, please refer to Let's Encrypt Privacy Policy.
Synology may be required to share your information to the extent necessary to comply with ICANN or any ccTLD rules, regulations, and policies when you register a domain name with us.
How we store your data
Unless there is a technical issue with the system or per a technical support request, Synology employees do not have access to the database. Users who signed up for the services may end the service at any time. Data collected is deleted when the relevant Synology Account is deleted.
Technical Support
Data we collect
You may request Synology Technical Support assistance through our website, live chat, or by phone. Submitting a Technical Support form requires a Synology Account. Synology collects and stores information that is needed to investigate, respond to, and resolve your technical support request.
When you make a phone request to Synology's Technical Support hotline, our technical support agent will ask for your consent on phone recording at the beginning of the conversation. Your personal information, including name, email, telephone number, and detail on your Synology product will be recorded in our systems. You may view, track, respond to your Technical Support ticket via your Synology Account. If you don't have a Synology Account, Synology's technical representative will create a temporary account. You must enable it to track ticket status and to receive follow up information.
In some cases, you may be requested to provide remote access information. Synology technical support agents together in some cases with Synology software engineers may utilize the credentials provided to directly access your device.
When a device replacement or spare part is requested, you will be required to provide a valid shipping address. In certain cases, you may be asked to provide payment for support services, shipping charges, or spare parts.
How we use your data
When you submit a Technical Support form in your Synology Account, you are required to provide the essential product information that is needed to investigate, respond to, and resolve your technical support request. During the investigation, Synology may request additional information that is required to resolve the matter. Depending on the complexity and the severity of the request, the support ticket may be escalated to parties within Synology to investigate, respond to, and resolve your request. The information revealed to involved parties is strictly limited. Synology restricts access to both the raw and aggregated data by specific employee roles.
Synology only uses the information we obtain from technical support requests to resolve your issue. After removing your personal information, we may use some of the technical details to generate bug reports if the problem was previously unknown to implement a solution for our products.
If shipping is required, your shipping address and contact information may be passed to third-party logistics partners.
How we store your data
Synology restricts access to both the raw and aggregated data by specific employee roles.
When you upload files for your support ticket, Synology will retain them for up to 90 days after the ticket has been resolved.
When you provide remote access information, Synology will retain it until the ticket has been resolved.
Synology keeps communication and survey records for a minimum of three years for internal auditing and statistical purposes. If you wish to remove your personal information from our systems, you may choose to delete your Synology Account. We may choose to retain technical details of the problem, such as steps to reproduce it, the technical details of the environment, and what steps were taken to resolve it.
Synology will keep all shipping records for internal auditing and inventory control purposes indefinitely.
Synology Application Service
Data we collect
Synology Application Service collects the message contents you create in MailPlus, Synology Chat, and other supported applications and transmits them to Synology SNS server and push services of Apple, Google, or Mozilla, in order to notify the recipients about new messages on browsers or mobile apps. Additionally, the browser and device information of client devices will be collected and transmitted to the Synology SNS server and third-party push servers. This is done to pair the message content with the correct device. None of this data contains any of your personal information, and Synology does not track your device's serial number, MAC addresses, or IP addresses.
How we use your data
All the message contents transmitted to Synology SNS server and third parties are encrypted by Synology Application Service, ensuring your personal data is not accessible to others. The browser and device information of client devices is only used for pairing.
How we store your data
All the data collected by Synology Application Service will be removed immediately on Synology SNS server after they are transmitted to the third-party push services, so no data will be stored by Synology.
Push Notifications
Data we collect
Synology collects device-specific information (such as your hardware model, serial number, unique device identifiers, DiskStation ID, and notification destination device ID, token for push notification, and email).
How we use your data
Synology uses the information collected from your devices in order to complete the push notification process from source to destination. The notification from DSM/SRM/Surveillance Station will be kept for seven days, for recalling previous notifications.
How we store your data
The record used to identify the NAS is stored permanently. The NAS cannot be identified from the transmitted information. Notifications are discarded after being sent, excluding the seven-day retention period on the NAS.
Mobile Applications
Data we collect
Synology collects operating system information from your mobile device in order to help us customize content for particular Synology devices if you enable usage data sharing or device analytics on your Synology device. The data we collect does not contain information that may identify you, the user.
Synology uses Google Analytics for Firebase to collect Synology mobile applications ("Apps") usage data and generates a usage statistics report. For example, the Apps usage data includes, but is not limited to, the type of mobile device you use, and the way you use the Apps. The statistics report is generated by aggregating App usage data. The statistics report does not contain information that may identify you, the user.
If the Apps crash when you are using, Firebase also generates a crash report for us including system information, software versions, and crash logs. The crash report does not contain information that may identify you, the user.
Synology collects device information from the Apps supporting push notifications (app name, app version, and the push notification message). Please refer to the Push Notification and/or Synology Application Service sections for more information.
How we use your data
Synology leverages aggregated application statistics from Firebase tool, Apple, or Android store platforms to better understand our user distribution. You can opt-out any time by updating your preferences in the settings of iOS or Android devices.
Synology collects crash reports from Firebase to only improve quality and to further develop our products and services. Crash information helps us to investigate problems and better understand what triggers them. You can opt-out any time by disabling the analytic feature in the setting of the iOS or Android devices.
How we store your data
Synology retains statistics reports and crash reports for up to 14 months in order to generate useful information. Synology restricts access to both statistics reports and crash reports by specific employee roles.
Alexa Services
Data we collect
Synology collects the address and OAuth information of your Synology device, in order to authorize your NAS to complete the account linking process required for the Amazon Alexa service.
How we use your data
Synology only stores information to authorize the Amazon Alexa service to access your NAS content, such as by enabling the Audio Station Skill to allow Amazon Alexa to access your music in Audio Station. Synology does not use this information for any other purpose. We do not share this information.
How we store your data
Data collected by this method are automatically deleted after six months of inactivity.
DSM Configuration Backup
Data we collect
DSM configuration backup is a service that backs up the configuration settings of your NAS device, ensuring that the settings can be imported in events of restoration or upgrade. You can opt-in DSM configuration backup in the initial installation process of DSM or later on in DSM Control Panel. The configuration data we collect may include your shared folder settings, user and admin group settings, security settings, network settings, login portal settings, regional options settings, application privileges settings, email addresses, and notification settings.
How we use your data
Synology periodically collects configuration data of your NAS devices in order to provide the DSM configuration backup and recovery services. You can opt-out anytime in the Control Panel.
How we store your data
Synology employs industry-standard encryption practices to safely protect your configuration data. Even in the event of a breach, the data collected cannot be used to identify you or your device.
Your data is stored as long as you enable the DSM configuration backup service. If you choose to disable your DSM configuration backup service, we will keep your configuration data for up to 180 days.
Active Insight
Data we collect
Synology collects operation data of your NAS devices in order to offer resource analytic, issue-tracking, Technical Support, and also to improve our devices and software (collectively "Active Insight Service"). The operation data we collect includes device analytic data, NAS serial number, IP addresses, and QuickConnect ID. We also collect email addresses to send you notifications and event reports. After you enable Active Insight, you can access the Active Insight web portal to review the performance of NAS devices in real-time. The Active Insight web portal will retain your login activities for up to one year for security purposes. The login activities include user names, hostnames, and IP addresses.
Please note that Active Insight Service works by only collecting device operation data. The files you stored in your NAS devices will not be collected or accessed by Synology.
Active Insight web portal may use "cookies" to help us better understand user behavior and to improve user experiences when you revisit our websites. For more information, please read our Cookie Policy.
How we use your data
Synology uses the data collected from your devices to offer Active Insight Service. We will periodically remove the correlations between the device analytic data and other identifiable data such as NAS serial number, IP address, e-mail address, and QuickConnect ID. The device analytic data cannot be traced back to you without the correlations with other identifiable data and will be integrated with peers' device analytic data to generate an aggregated report to provide device abnormality notification and improve our services.
You can opt-out anytime by disabling the Active Insight feature in your DSM control panel or in the Active Insight web portal. If you choose to disable your Active Insight feature from the DSM Control Panel, we will keep your identifiable data for up to 30 days. If you choose to disable your Active Insight feature from the Active Insight web portal, your identifiable data will be deleted immediately. After the removal of your identifiable data, the remaining device analytic data will be used to generate the aggregated report to help us to improve our services.
How we store your data
Synology periodically deletes the identifiable data in order that the device analytic data collected cannot be used to identify you or your device. Synology restricts access to raw and aggregated data to only specific employee roles. Identifiable data collected are deleted along with the deletion of the relevant Synology Account.