Effective Date: 28th November 2025

1. Introduction

Total Security is committed to protecting your privacy. We want you to be confident that your personal information will be properly protected whilst in our possession. This Privacy Policy ("Privacy Policy" or “Policy”) explains how we, and carefully selected third parties we work with, will collect, process, and use the personal information of visitors to our website at https://www.totalsecurity.com (and any other websites that link to this Privacy Policy) and users of Total Security products and services, including through our hosted services, desktop software, or mobile apps (collectively, the “Services”, or each a “Product” or “Service”), and certain rights and options that you have in this respect. If this describes you, please read the Privacy Policy carefully and make sure you’re comfortable with the content. When you use our Services, you are acknowledging that you have read and understood our rules and policies regarding your personal information, including as set forth in this Privacy Policy.

As used herein, “Total Security”, “we”, “us”, or “our” shall mean Total Security Limited, Total Security US LLC, and our affiliates, with offices at 16-18 Barnes Wallis Road, Segensworth, Fareham, Hampshire, PO15 5TT in the United Kingdom and 250 Northern Ave, Floor 3, Boston, Massachusetts in the United States. We are a part of Point Wild (formerly known as Pango). More information about us and our contact details are set forth below at the end of the document in the Contact Us section. For the purpose of relevant laws in certain jurisdictions, we are responsible as a “Controller” as defined by those laws.

Use of our Services and the website to which this Privacy Policy is posted or linked are governed by our applicable terms of service that apply to the particular Service or website.

We may modify this Privacy Policy from time to time. We will post the updates on this page and encourage you to visit this page periodically to learn of any updates. We will notify you if such change materially affects your rights under this Privacy Policy. Changes will not apply retroactively and, unless the change is required immediately for legal reasons, notice of the modified terms will be provided a reasonable period prior to the changes taking effect. If you do not accept and agree to this Privacy Policy, then you must not access or use the Services.

2. Legal Basis of Use.

If you are a resident of the United Kingdom (“UK”) or European Economic Area (“EEA”), we use your “personal data” subject to the following legal bases:

• Where we need to perform the contract we are about to enter into or have entered into with you.
• Where it is necessary for our legitimate business interests (or those of a third party) and your interests and fundamental rights do not override those interests.
• Where we need to comply with a legal or regulatory obligation.
• We may also rely on consent as a legal basis for processing your personal data in certain circumstances, for example, when sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to these activities at any time by contacting us at privacy@totalav.com.

For more information about rights that may be available to you, please refer to the “EEA and UK Data Protection Rights” section of this Privacy Policy.

Residents of certain U.S. states may have rights under relevant U.S. state privacy laws. Please refer to the “U.S. Privacy Rights Addendum” for additional disclosures and rights that may be available to you.

If you have any questions about our use of your information, please contact us at privacy@totalav.com or dataprotection@totalav.com.

3. What Personal Information Do We Collect.

• Information Collected From You. When you sign up for an account for our Services or with us, we collect basic account information you give us, like your name, email address, telephone number, account password, postal address, and payment information.

  We also collect and store personal information you otherwise choose to provide as you use the Services and each time you interact with us, for example, when you:

  • update information in your control panel,
  • communicate with us,
  • order or download new Services,
  • register a licence or change your device, and/or
  • complete forms on our website.

  In addition, we collect and store information about the Services you purchase, such as the activation code, date of purchase, and information relating to any support issue.

• Information Collected Automatically. We (and other entities) may automatically collect information relating to your interactions with us and the Services, including, but not limited to, browser type, IP address, pages visited and other activities on the Services, device type, time and date of visit, and other information we collect through the use of cookies, pixels, web beacons and other similar technologies (collectively, the “Technologies”). If you access the Services from a mobile device, that mobile device may also provide us with details of your location. Most mobile devices allow you to disable this functionality.

4. Personal Information About Minors.

The Services are not intended for use by individuals who cannot enter a legally binding contract. Accordingly, Total Security does not intentionally gather any personal information about individuals who are under the age of eighteen (18) or “minors” (as such term is defined by applicable law in each applicable country or jurisdiction). If Total Security becomes aware that it has collected personal information from someone under the age of majority, such personal information will be promptly deleted without notice.

5. How We Use Your Personal Information.

We may use your personal information for any lawful purpose, including the following:

• To provide you with the Services,
• To administer your account,
• To communicate with you, including to respond to your inquiries and to send you information about the Services (including updates and modifications),
• To process payments,
• To generate and review reports and data about our user base and Service usage patterns,
• To analyze the accuracy, effectiveness, usability, or popularity of the Services,
• To improve the content and features of the Services,
• For advertising and marketing our Services, including to personalize the content and advertising that you see on the Services and to send promotions and marketing materials from us or our partners that may be of interest to you,
• To comply with the law and our applicable legal obligations,
• To maintain the security of our website and Services, and prevent abuse; and
• With your consent or as otherwise disclosed at the time of collection or use.

We may also use your personal information to contact you through desktop alerts and live chat, email and (where you have consented) SMS/Text messaging as further described in the “How We Communicate with You” section of this Privacy Policy. We may offer chat services on our website provided by us and third-party partners. By accessing or using any of these features, you agree that we may record and retain a transcript of all communications with you via these interactive tools in order to provide services, enhance your website experience, and for quality and verification purposes. We may work with providers to analyze, store, and/or use this data on our behalf.

When you subscribe to receive SMS messages, you agree that Total Security will, from time to time, communicate with you via SMS text messaging with information about your account, billing, and special offers. We facilitate the removal from all SMS communications through an opt-out process. Reply STOP to opt-out from all further SMS communications.

Depending on your jurisdiction, you may have certain rights and choices with respect to the personal information we have collected from or about you. Please refer to the “Your Options,” “EEA and UK Data Protection Rights,” and the “U.S. Privacy Rights Addendum” sections of the Privacy Policy below. Please be aware that if you choose not to provide us with certain personal information, we may not be able to make the Services available to you.

6. How We Disclose Your Personal Information.

We may share or disclose the personal information we collect, with other parties, including in the following ways:

• With our customer and technical support service providers or agents that perform activities for us, such as: processing our mail, communicating with customers and prospective customers on our behalf (including via social media), running promotions, providing IT systems and administrative services and facilitating the development and improvement of internal systems and processes;
• With Advertising Providers (as defined below) who provide advertising and marketing services on our behalf;
• With competent authorities (statutory bodies, regulatory authorities, and authorized bodies who have a role laid out by law);
• With other organizations where we are legally obligated to disclose your information (such as requests made in the prevention and detection of crime) or where disclosure is necessary to protect the property, rights and safety of us and our staff or to comply with any law, regulation, or governmental or judicial warrant, rule, order or subpoena;
• If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, receivership, purchase or sale of assets, transition of service to another provider, or other similar corporate transaction, your personal information may be shared, sold, or transferred as part of such a transaction; and
• With your consent or as otherwise disclosed at the time of data collection or sharing.

7. How We Communicate With You.

We may, from time to time, send you emails, SMS, desktop alerts or other communications, including but not limited to the following:

• notifications of detected problems with your Service;
• notifications concerning the expiration of your account;
• activity status reports;
• service and software upgrade notices;
• notices concerning new or related Services from Total Security or an applicable service providers as discussed in this Privacy Policy);
• notices concerning enhancements to the Services;
• price change notices for the Services;
• notifications regarding suspected unlawful or inappropriate use; and
• requests for feedback on the Services.

If you wish to change the types of communications you receive from us or opt out of receiving any future communications, you can do so. See "Your Options" below.

8. How We Protect Your Personal Information.

Total Security has implemented security measures in place designed to protect against the loss, misuse, and alteration of your personal information.

9. Use of Cookies and Other Technologies.

• Use of Cookies. Total Security uses "cookies" and other Technologies to collect data that enables us to better understand and improve the usability, performance and effectiveness of our website. Cookies are files sent to your browser and stored on your computer. We use cookies to gather information about your visits to our website, the files you have designated for backup, the configuration of your computer and your computer’s interaction with the Services, and this information is stored in log files. We use this information to understand traffic and downloads on our website, enabling us to improve the website and our Services, to strive to provide the best online experience possible, and to improve our customer service.

  • Strictly necessary cookies - These cookies are essential in order to enable you to move around the website and use its features, such as accessing secure areas of the website and remembering which files you have marked for backup. Without these cookies, Services you have asked for, like security or e-billing, cannot be provided.
  • Performance cookies - These cookies collect information about how you use the website. These cookies don't collect information that identifies you and are only used to improve how the website works.
  • Functionality cookies - These cookies allow the website to remember choices you make, such as the configuration of your computer, to provide enhanced, more personal features.
  • Advertising cookies, pixel tags and other Technologies - These cookies, and other Technologies are used to deliver adverts more relevant to you and your interests. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaign. They are placed on the website by advertisers and advertising networks, with our permission. They remember that you have visited the site and this information is shared with other organisations such as advertisers. We may use analytics data and the DoubleClick cookies for advertising purposes. From time to time, we may also use the Meta Pixel. For more information about Meta’s use of your personal information, please visit Meta's Privacy Policy.

  You may opt out of the DoubleClick cookie by visiting the Google advertising opt-out page or you may opt out of Google Analytics by visiting the Google Analytics opt-out page. The Google website has additional information available about its its policies for Advertising based on Interests and Location.

  For more information on our digital advertising and analytics activities and your choices, please see the “Digital Advertising & Analytics” section below.

  You may disable cookies by changing the settings on your browser. Check the help menu in your browser for further information. Remember that if you disable cookies it is likely to affect how our website works and you may not be able to access or use certain areas of our website or functionality. Unless you have adjusted your browser setting so that it will refuse cookies, our system will place cookies when you log on to our website.

• Use of Other Technologies. We may also use other Technologies, such as web beacons or pixel tags, to deliver or communicate with cookies and analyze your use of the Services. We also may include web beacons in e-mail messages so that we know when you have opened an email message received from Total Security.

Please see our Cookie Policy for additional details about the cookies and use of other similar technology on our website.

10. Digital Advertising and Analytics.

We may partner with ad networks and other ad serving providers (“Advertising Providers”) that serve ads on behalf of us and others on non-affiliated platforms. These third-party Advertising Providers may set Technologies on our Services to collect personal information regarding your activities and your device (e.g., IP address, cookie identifiers, page(s) visited, location, time of day). Some of those ads may be personalized, meaning that they are intended to be relevant to you based on information Advertising Providers collect about your use of the Services and other websites or apps over time, including information about relationships among different browsers and devices. This type of advertising is known as interest-based advertising, personalized advertising or targeted advertising.

You may visit the DAA Webchoices tool at www.aboutads.info to learn more about this type of advertising and how to opt out of this advertising on websites by companies participating in the DAA self-regulatory program. You can also exercise choices regarding interest-based advertising on your mobile device by downloading the appropriate version of the DAA’s AppChoices tool at https://youradchoices.com/appchoices.

If you delete your cookies or use a different browser or mobile device, you may need to renew your opt-out choices exercised through the DAA Webchoices tool. Note that electing to opt out will not stop advertising from appearing in your browser or applications. It may make the ads you see less relevant to your interests.

We may also work with third parties that collect data about your use of the Services and other websites or apps over time for non-advertising purposes. We use Google Analytics and other third-party services on some of our sites to improve the performance of the Services and for analytics and marketing purposes. For more information about how Google Analytics collects and uses data when you use our Services, visit http://www.google.com/policies/privacy/partners, and to opt out of Google Analytics, visit https://tools.google.com/dlpage/gaoptout/.

Additionally, your browser may offer tools to limit the use of cookies or to delete cookies; however, if you use these tools, the Services may not function as intended. To learn more about our use of cookies, please see the “Use of Cookies” section of this Privacy Policy.

11. Your Privacy Choices.

• Email Communications. If you wish to change the types of communications you receive from us or opt out of receiving certain future communications, you may do so by modifying your profile on your control panel or by clicking on the appropriate link in any Total Security email communication that you receive. Residents of the EEA and UK may also exercise such choices through the Data Privacy Form.
• SMS Communications. If you wish to opt out of receiving future SMS communications, you may do so by following the opt-out instructions in any Total Security SMS communication that you receive or, if you are an EEA or UK resident, by visiting our Data Privacy Form.
• Correcting Your Personal Information. You can access certain personal information that we collect about you via your control panel. You can correct factual errors in your personal information on your control panel or, depending on your jurisdiction, by visiting our Data Privacy Form. Please provide sufficient details regarding the error. To protect your privacy and security, we take commercially reasonable steps to verify your identity before granting access or making any corrections to your personal information.

12. EEA and UK Data Protection Right.

This section applies ONLY to residents of the EEA and UK and our collection and use of “personal data” about them, as that term is defined by the General Data Protection Regulation (Regulation (EU) 2016/679) and other applicable law.

• Location of Personal Data and Transfers.

  • Many of our external third parties as well as our corporate affiliates are based outside the EEA and the UK so their processing of your personal data will involve a transfer of data outside the EEA and the UK.
  • Whenever we transfer your personal data out of the EEA or the UK to another country deemed not to have an adequate level of protection by the EU data protection authorities, such as the U.S., we do so on the basis of an approved adequacy regulation, such as the Data Privacy Framework (as described below under the “Data Privacy Framework” section) or (where this is not available) legally-approved Standard Contractual Clauses available here or the UK Addendum available here.
  • For users of our VPN products, if you are a UK or EEA resident and you choose to use our software to route your Internet traffic through servers in countries not deemed ‘adequate’ by the UK or EEA, then you acknowledge that such transfers are executed at your direction and with your unambiguous consent.

• Data Privacy Framework.

  Following the adequacy decision by the European Commission, we currently rely on the EU-U.S. Data Privacy Framework and the UK Extension to the EU-U.S. Data Privacy Framework and the Swiss-U.S. Data Privacy Framework as a legal basis for transfers of personal information from the EU, the UK and Switzerland to the United States. For more information about our compliance with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) (collectively, the “DPF”), as set forth by the U.S. Department of Commerce, please see our Data Privacy Framework Privacy Policy linked here.

• Rights of Access, Correction, Erasure, Objection or Restriction, and Transfer.

  Under certain circumstances with respect to your rights pertaining to your personal data, by law you have the right to:

  • Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
  • Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
  • Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes.
  • Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example, if you want us to establish its accuracy or the reason for processing it.
  • Request the transfer of your personal data to another party.

  If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal data to another party, please contact us by visiting our Data Privacy Hub.

• Exercising Your Applicable Rights.

  • No fee usually required. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
  • What we may need from you. We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
  • Time to respond. We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

13. Third-Party Links and Services.

We may provide links to third-party websites or apps as a convenience to you (collectively, the “Third-Party Properties”). Please exercise care when visiting any Third-Party Properties, as we do not control the privacy practices of those websites or apps, and they are not covered by this Privacy Policy. The Third-Party Properties have separate and independent privacy policies, notices and terms of use which govern your use of such properties and any personal information they collect about you. We recommend you read these policies carefully to learn about their data practices. Total Security expressly disclaims all liability for personal information you provide to any Third-Party Properties.

Our website also includes integrated social media tools or “plug-ins,” such as social networking tools offered by third parties. If you use these tools to share personal information about yourself or otherwise interact with these features on the website, those companies may collect personal information about you and may use and share such personal information in accordance with your account settings, including by sharing such personal information with the general public.

Your interactions with third-party companies and your use of their features are governed by the privacy policies of the companies that provide those features. We encourage you to carefully read the privacy policies of any accounts you create and use.

14. Dispute Resolution.

Any questions or concerns regarding the use or disclosure of your personal information should be directed to us at the address given below. We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of your personal information in accordance with applicable laws and the principles contained in this Privacy Policy.

If you are based in the UK, you may have the right to make a complaint at any time to the Information Commissioner’s Office, the UK supervisory authority for data protection issues, or, if you are based in the EEA, your local supervisory authority.

15. Contact Us.

If you have any questions or comments, please contact us by visiting our Help Center, emailing us at support@totalav.com, or using the address listed below:

Total Security

16-18 Barnes Wallis Road,
Segensworth,
Fareham,
PO15 5TT, United Kingdom

OR

250 Northern Ave
Floor 3
Boston, MA 02210
United States

For visitors from the UK or EEA, the GDPR gives you additional rights to contact our Data Protection Officer (DPO). We have appointed Bird & Bird DPO Services SRL as a DPO for us and our Services. Our DPO may be reached by email to DPO.Pointwild@twobirds.com, or by mail to Bird & Bird DPO Services SRL, Avenue Louise 235 b 1, 1050 Brussels, Belgium.

U.S. Privacy Rights Addendum

Residents of certain U.S. states may have rights under relevant state privacy laws with respect to the “personal information” we collect, as that term (or its equivalent) is defined by applicable laws. If you are a resident of such states, this section of the Privacy Policy contains disclosures required by law and information regarding rights that may be available to you.

Personal Information We Collect and Disclose. Total Security collects and discloses the following categories of personal information:

• Personal and online identifiers (such as name, email address, or unique online identifiers);
• Recordkeeping information (such as bank account number, credit card number, debit card number, or any other financial information);
• Commercial or transactions information (such as records of products or services purchased, obtained, or considered);
• Internet or other electronic network activity information (such as browsing history, search history, or interactions with a website or email);
• Geolocation information (such as IP address);
• Audio, electronic, visual, thermal, olfactory, or similar information (such as voice recordings or photos);
• Sensitive account information (such as log-in credentials); and
• Other information about you that is linked to the Personal Information above.

We share personal information for cross-context behavioral advertising or targeted advertising purposes as described in the Privacy Policy but do not otherwise engage in “sales” of personal information as defined by state laws. Additionally, we do not knowingly sell or share personal information of individuals under 16.

Your log-in credentials may be considered “sensitive personal information” under certain state privacy laws. We do not use such sensitive personal information for any purposes that require an opt out under California law.

Categories of Sources. We collect personal information from the following categories of sources:

• You;
• Others (e.g. an employer), when they provide you a license for a Product or the Services;
• Our affiliates and joint venture partners;
• Our business partners;
• Our service providers, including analytics providers; and
• Social networking companies.

Our Purposes for Processing Personal Information. We use and disclose the personal information we collect for our commercial and business purposes, as further described above in the “How We Use Your Information” and “How We Communicate with You” sections of this Privacy Policy.

We may use and share aggregated and deidentified information to the extent permitted by applicable law. When we use deidentified information, we maintain and use the information in deidentified form and do not attempt to reidentify it, except to check whether our deidentification processes satisfy the requirements of applicable law.

Recipients of Personal Information. We disclose the categories of personal information designated above to the categories of third parties listed above in the “How We Disclose Your Information” section of this Privacy Policy for business purposes. We also disclose personal information (including certain personal and online identifiers, online activity and browsing data, and inferences) to advertising companies and networks and social media companies for commercial purposes such as cross-context behavioral advertising or targeted advertising.

Information Retention. We retain personal information that we collect for as long as we need to use it in connection with our business and in accordance with our standard practices or in compliance with applicable laws. When we no longer need the personal information, we will deidentify, aggregate, or delete this information where required by law.

Your Rights. Residents of certain states have rights with respect to the personal information collected by us. Depending on your state of residence, you may be able exercise the following rights regarding personal information, subject to certain exceptions and limitations:

• The right to confirm whether we are processing personal information about you.
• The right to access/know the categories and specific pieces of personal information we collect, use, disclose, and sell about you; the categories of sources from which we collected personal information about you; our purposes for collecting or selling personal information about you; the categories of personal information about you that we have sold or disclosed for a business purpose; and the categories of third parties to whom we have sold or disclosed personal information.
• The right to receive a portable and readily usable copy of the personal information we have collected about you, to the extent feasible.
• The right to correct inaccuracies in the personal information we have collected about you.
• The right to request that we delete the personal information we have collected about you.
• The right to opt out of (i) the sharing of personal information for cross-context behavioral advertising or targeted advertising; or (ii) the sale of personal information. Please note that if you opt out of certain practices, we may be unable to provide you with some services.
• Depending on your state, you can withdraw consent for our processing of certain “sensitive” personal information.
• The right not to receive discriminatory treatment for the exercise of the above privacy rights.

How to Exercise Your Rights.

• Exercising Your Rights. To exercise any of the above rights, please contact us using the following information and submit the required verifying information, as further described below:

  • Online at our “Your Privacy & Data” page here, or our “Do Not Sell or Share My Personal Information” page.
  • By phone at 0800 357 602.
  • By emailing us at privacy@totalav.com.

  Additionally, depending on your state of residence, if you have submitted a request that you believe we have not fulfilled, you may contact us to appeal our decision by submitting a request online at https://legal.totalav.com/data-privacy.

• Verification Process and Required Information. Note that we may need to request additional information from you to verify your identity or understand the scope of your request. You will not be required to create an account with us to submit a request or have it fulfilled. We will require you to provide, at a minimum, your name and email address.
• Authorized Agent. Depending on your state of residence, you may also designate an authorized agent to make requests on your behalf by designating such an agent in writing or through a power of attorney. We will require the agent to provide us with proof that you have authorized the agent to make requests on your behalf prior to accepting requests from the agent.
• Opt-out Preference Technology. Certain mechanisms or technologies (such as opt-out preference signals, global privacy controls, or universal opt-out mechanisms) may be used to indicate your opt-out preferences to entities that process personal information. To the extent that we are able to recognize these signals and are legally required to honor them, we will treat these signals as requests to opt out of processing or sharing for the purposes of cross-context behavioral advertising, targeted advertising, or the sale of personal information. Depending on the signal you select, the opt-out may apply only to certain interactions, such as a specific browser or device.

Notice of Financial Incentive. This Notice of Financial Incentives aims to inform you about any programs, benefits, and other financial incentive offerings, including price or service differences (collectively, “Incentive Offerings”), that we may provide in connection with the collection of your personal information so that you may make an informed decision on whether to participate in our Incentive Offerings. Such Incentive Offerings may be deemed “financial incentives” under the California Consumer Privacy Act of 2018 (“CCPA”).

The material aspects of any Incentive Offering (if any), along with the personal information collected in connection with an applicable Incentive Offering, will be described at the time you are presented with such Incentive Offering.

If an Incentive Offering is made available to you, you can opt in to an Incentive Offering by following the instructions that accompany the presentation of the Incentive Offering. If you subsequently wish to withdraw from the applicable Incentive Offering, you may request such withdrawal by contacting us as set forth in the “Contact Us” section in the Privacy Policy.

Each Incentive Offering may be based upon our reasonable and good-faith determination of the estimated value of such offer to our business, taking into consideration the value of the offer itself and the anticipated revenue generation that may be realized.