Privacy Policy
Plain-language summary: we process the request metadata needed to filter traffic and keep an audit trail, we set no cookies and load no trackers, and you can ask us to delete your data.
Who processes your data
Smart WAF operates the edge nodes and portal described on this site. The legal entity and its full contact details are listed in our Impressum; that page is the formal controller identification.
What we process, and why
When a request passes through our edge to reach a protected site, we process request metadata to make a security decision and to record what happened.
- Edge request logs, including IP addresses. A client IP address is personal data under the GDPR. We process it — together with request method, host, path, and the WAF decision — to detect and block attacks and to give you an audit trail.
- Legal basis: Art. 6(1)(f) GDPR (legitimate interest). Operating a web application firewall requires processing request data; filtering malicious traffic and protecting the sites you entrust to us is the legitimate interest we rely on. You may object to this processing; where we can still meet our security obligations, we will honour it.
No cookies, no trackers
- This site and the portal set no advertising or analytics cookies.
- We load no third-party trackers, pixels, or fingerprinting scripts. All assets are served from our own domain.
- Your theme preference (light or dark) is stored in your browser’s local storage as a functional setting. It never leaves your browser, so there is no consent banner to show.
Retention and deletion
- Configurable retention. How long request metadata and logs are kept is a setting you control. We do not keep data longer than the retention you choose.
- Right to deletion. You can ask us to delete your data, and we will. You also have the GDPR rights of access, rectification, restriction, and portability — contact us to exercise any of them.
The contact and lead form
If you submit a contact or “under attack?” form, we process the details you enter (such as your name, email, domain, and message) for one purpose: to respond to your enquiry.
- The submission is handled by our own backend, and we may send ourselves an internal email notification so a person can follow up. These are the only processors in the chain today; we will name any additional processor here before it is introduced.
- We do not use this data for advertising, and we do not sell it.
Changes
If this policy changes materially, we will update this page. The entity responsible for it is the one named in the Impressum.