At Sophos, we know privacy means customer trust. That’s why our practices are based on key privacy principles.

Sophos is committed to safeguarding your personal data. Please read our Sophos Group Privacy Notice to understand how we collect and use your personal data.

Sophos Privacy Notice

If you use our products, please review our product disclosures.

Data Location

Certain Sophos Central products enable you to choose the geographic location where your Sophos Central administration portal will be hosted. This selection takes place at the point of installation and cannot be changed later. This selection only applies to the administration portal. Some data returned by the product may also be exported to Sophos’ global engineering locations for analysis, research, development, and product monitoring purposes.

If you select “Enable Partner Access” in the Settings tab of Sophos Central, your designated third-party partner or service provider will be able to access and administer your Sophos services on your behalf. If you do not enable such access, your designated third-party partner or service provider will only see high-level reporting information such as Sophos services purchased and current usage information. You may revoke such access at any time by changing the permissions in the Settings tab.


Sophos may use one or several sub-processors as further detailed in our product privacy notices.

Data subject requests

You may have certain rights with respect to your personal data. To find out more about your rights or make a request, view the data protection rights section of our Privacy Statement.

We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.

Transfers of Data and Agreements

Sophos recognizes that data transfers are an essential part of our products and services and our goal is to ensure these continue to be as secure as possible. In the use of some of our products as well as in our technical support and corporate operations, it may be necessary to transfer some personal data from our customers, partners and end users to Sophos. It may also be necessary to transfer some personal data from Sophos to third parties. Wherever a transfer of data is necessary, we employ a range of measures to ensure that such transfers are secure and safe to maintain the integrity, accuracy and confidentiality of that data. In some of these transfers, Sophos acts as a Data Controller, while in others we act as a Data Processor.

Personal data transfers at Sophos are governed wherever possible by a Data Processing Agreement (DPA). You can read more information about our approach to data transfers, including our DPA and Transfer Impact Assessment available here.