Trust, stated honestly
We sell a security service, so we hold ourselves to the same standard we ask of you: say only what is true. This page lists what we actually do with your traffic and your data — no certification wall, no invented numbers.
Our GDPR posture
Smart WAF is built for the EU market, and GDPR is a design constraint rather than a checkbox added later. Every record in our system carries a tenant identifier, so your data is isolated from every other customer by structure, not by convention. We process the minimum needed to filter traffic and give you an audit trail, and we give you the controls the regulation expects: configurable retention and a right to deletion.
Where your data lives
Our edge nodes run inside the European Union. Traffic metadata is processed in-region by architecture — not as an add-on you have to configure around.
- Edge nodes are hosted with EU providers: Hetzner, OVH, and Scaleway.
- We are honest about topology: the test edge today is single-region. As we add nodes, they stay within the EU footprint.
- No traffic is routed through a non-EU jurisdiction to reach us.
What the architecture guarantees
These are properties of how the platform is written, not promises on a slide:
- Immutable audit trail. Every write is recorded in an append-only log. Records are added, never edited or silently removed.
- Cookie-less and tracker-free. The portal and this site set no advertising or analytics cookies and load no third-party trackers. Your theme preference is kept in your own browser’s local storage — nothing leaves the page.
- Configurable retention and deletion. Log retention is a setting you control, and deletion requests are honoured — you decide how long request metadata is kept.
Responsible disclosure
If you find a security issue, we want to hear about it. Our scope, safe-harbour wording, and response expectations are on the responsible disclosure page, and our machine-readable contact details are published at /.well-known/security.txt.