FFRI AMC Information Collection Policy
The FFRI AMC Information Collection Policy ("Policy") explains how information collected by FFRI Security, Inc. ("FFRI") via "FFRI AMC" ("Product") from a user of this Product and "FFRI yarai" (including FFRI yarai monthly edition) ("user") is handled.
The contents of this policy are subject to revision without an agreement from an individual user. Please refer to the web page, https://www.ffri.jp/information/privacy/amc_eng_privacy_policy.htm, for the latest policy contents.
It is deemed that a user agrees to the latest version of this Policy.
I. Detection Review Setting
A user may submit a scanned file or a file detected by FFRI yarai as malware or vulnerability attack ("Target File") using "Detection Review setting" ("Setting") of the Product based on this Policy to determine if it is a legitimate software (over-detection) or malware and receive the result on the Product.
1. Information Transmitted When Using This Setting
Following information ("Transmitted Information") shall be transmitted to FFRI server from a user ("Target User") who submits the inquiry based on the preceding paragraph. FFRI shall perform the review set forth in the preceding paragraph using Transmitted Information and transmit the review result to Target User when it becomes available. Other purposes of usage of the Transmitted Information shall be as described in Article VI. FFRI will not provide Transmitted Information to third parties in any format that could be identified by other third parties, unless otherwise specified by laws and regulations.
(1) Target File
This includes information pertaining to the Target File that is required for the review process.
(2) Information To Identify Target User
This includes user attributable information registered upon initial usage of FFRI yarai, the Product and the Setting which shall be used for the aforesaid review process and sending back the review result.
(3) Target User's User Environment For FFRI yarai
This includes information pertaining to FFRI yarai managed by this Product (software version information, the hardware environment in which FFRI yarai is installed, Operating System, applications concurrently running, etc.) that is required for the review of Target File.
(4) Target User's FFRI yarai Operation Logs Managed By This Product
This information is used for Target File review.
II. Cloud Collaboration Feature
In addition to Setting, a user may submit a Target File using "Cloud Collaboration Feature" ("Feature") through or not through the Product based on this Policy to determine if it is a legitimate software (over-detection) or malware and receive the result on the Product.
1. Information Transmitted When Using This Feature
Hash values relating to a Target File ("Hash Values") shall be transmitted from a User who submits a Target File based on the preceding paragraph ("Target User of this Feature") to the FFRI server. FFRI shall perform the review set forth in the preceding paragraph using the Hash Values and transmit the result to a Target User of this Feature when it becomes available. Other purposes of usage of Hash Values shall be as described in Article VI.
III. FFRI yarai Cloud
FFRI yarai Cloud refers to the usage of this Product in the cloud provided by FFRI. A user may use this Product in the cloud.
1. Information Collected When Using FFRI yarai Cloud
FFRI shall be able to view various information and files that a user manages with this Product, including but not limited to a user's client management information, incident management information, event management information, malware, files used to exploit vulnerabilities, as FFRI yarai Cloud is provided in FFRI's cloud. Other purposes of usage of such information will be as described in VI hereafter.
IV. Log Collection Feature
FFRI uses the "Log Collection Feature", which is used to manually distribute log collection commands via this Product to collect user information, in order to collect the information required to provide the Support Service, etc.
1. Information collected when using the Log Collection Feature
FFRI may collect information regarding the user's system information (information about the system, services, tasks, network, drivers, installed software, etc.), FFRI yarai log information and setting information managed by the system and the Product, Microsoft Defender information, special folder information, information stored in the browser, registry information, and other information. Other purposes of usage of this information shall be as described in Article VI.
V. Support Service
FFRI shall provide a Support Service to a user who has purchased the Product, for the objectives of ensuring the proper and suitable use of the Product and assisting in the resolution of any issues that occur and are confirmed in use of the Product.
1. Information collected in the Support Service
In conducting the Support Service, FFRI may collect user system information for the environment where this Product is installed (information about the system, services, tasks, network, drivers, installed software, etc.), log information regarding the system and the Product, information on the Product settings, and other information in addition to the information described in I-IV above. Other purposes of usage of such information will be as described in VI hereafter.
VI. Purpose of Usage of the Information Collected
FFRI shall be able to view and use the information collected through I-V above at any time for the following purposes:
(1) For user support such as updates and maintenance of FFRI products
(2) For improvement, development, etc. of FFRI product functions and quality
(3) For improvement in quality of FFRI services
(4) For external disclosure including research pertaining to detected malware or vulnerability attacks and commercial usage such as statistical data and malware analysis information
However, FFRI shall never provide user attributable information to third parties in any format that could be identified by other third parties.
Moreover, FFRI shall take the necessary and appropriate safety control measures to manage the information that is collected in I-V above.
Malware and vulnerability attacks continuously become more sophisticated and complicated on a daily basis and in no case shall FFRI guarantee to Target User, etc., that this Setting and this Feature work perfectly. Target User, etc., hereby agrees that FFRI shall not be liable for any damages incurred by Target User, etc., with respect to usage of the Setting and the Feature.
VIII. Reference On Information Collected via Product
All inquiries, such as questions and complaints, related to the information collected via the Product shall be directed to FFRI at firstname.lastname@example.org.
Revised on March 30, 2023