SECURIAWALL – PRIVACY POLICY
v1.1 Hardened
Effective Date: 21/06/2025
Last Updated: 11/02/2026
This Privacy Policy (“Policy”) describes how Securiawall Ltd. (“Securiawall”, “we”, “us”, or “our”) collects, uses, discloses, and protects personal data when you access or use our services, websites, dashboards, APIs, and related products (collectively, the “Services”).
This Policy is incorporated by reference into the Securiawall Terms of Service (“Terms”).
1. Who We Are (Data Controller)
- Controller: Securiawall Ltd.
- Jurisdiction: England and Wales
- Contact: privacy@securiawall.com
For the purposes of the UK GDPR and, where applicable, the EU GDPR, Securiawall acts as the data controller for personal data processed in connection with the Services.
2. Scope of This Policy
This Policy applies to:
- visitors to our websites;
- customers and authorized users of the Services;
- communications with support, abuse, and sales channels.
It does not apply to content or personal data hosted on your Origin Server, for which you are the data controller.
3. Categories of Personal Data We Collect
A. Mandatory Account & Billing Data
Collected to create accounts, provide Services, and comply with legal obligations:
- Full name or company name
- Email address
- Telephone number (used for account security and 2FA)
- Billing address (country/city)
- Subscription status (Active, Past Due, Canceled)
- Invoice dates and amounts
- Transaction identifiers from payment processors
- Payment method metadata (e.g., card brand/last four digits; no full card numbers)
B. Security, Access & WAF Logs
Collected to operate, secure, and audit the Services:
- Source IP address
- Target host/domain
- Timestamp (UTC)
- HTTP method and request path
- User-Agent
- Action taken (ALLOW, BLOCK, CHALLENGE)
- Geolocation (country-level)
C. Audit & Activity Logs
Collected for security, accountability, and abuse prevention:
- User ID performing an action
- Action performed (e.g., rule creation/deletion, DNS change)
- Timestamp
- Dashboard access IP address
D. Communications
- Support tickets, abuse reports, emails, and call records (where applicable)
4. Purposes and Legal Bases of Processing
We process personal data for the following purposes and legal bases:
| Purpose | Legal Basis |
|---|---|
| Account creation and service delivery | Contract (UK GDPR Art. 6(1)(b)) |
| Billing, invoicing, and accounting | Legal obligation |
| Network security, DDoS/WAF protection, abuse detection | Legitimate interests |
| Monitoring, logging, and incident investigation | Legitimate interests |
| Customer support and communications | Contract / Legitimate interests |
| Fraud prevention and chargeback handling | Legitimate interests |
| Compliance with law enforcement requests | Legal obligation |
5. Logging, Monitoring, and Security Analytics
As a cybersecurity service provider, Securiawall necessarily processes traffic metadata, logs, and telemetry to:
- detect and mitigate attacks;
- prevent abuse;
- maintain network stability;
- protect customers and third parties.
We do not inspect or control Customer Content beyond what is technically required for security, routing, and mitigation.
5.3 No Absolute Anonymity. Use of the Services does not provide anonymity from lawful investigation or abuse enforcement.
6. Data Retention
We retain personal data only for as long as necessary for the purposes described above:
- Traffic & WAF Logs: 3 to 6 months
- Audit Logs: 1 year
- Account & Subscription Data: for the duration of the account
- Payment & Invoice Records: 6 years (UK HMRC requirement)
Data may be retained longer where required by law or to establish, exercise, or defend legal claims.
7. Sharing and Disclosure of Data
To provide the Services, we may share data with trusted third-party subprocessors, including:
- Payment Processors: Stripe, LemonSqueezy (financial and transaction data)
- Infrastructure Providers: Hetzner Online GmbH, Path.net (traffic metadata and hosting)
- Analytics Providers: If applicable
A current list of subprocessors may be updated from time to time.
We may disclose personal data where required to:
- comply with applicable law, regulation, or court order;
- respond to lawful requests from authorities;
- prevent serious harm, fraud, or abuse.
8. International Data Transfers
Personal data may be transferred to and processed in countries outside the UK or EEA.
Where such transfers occur, Securiawall ensures appropriate safeguards, including:
- adequacy decisions;
- standard contractual clauses (SCCs);
- equivalent lawful mechanisms.
9. Data Security
We implement appropriate technical and organizational measures to protect personal data, including:
- access controls and authentication;
- encryption in transit where applicable;
- segregation of environments;
- audit logging and monitoring.
However, no system is 100% secure, and absolute security cannot be guaranteed.
10. Your Data Protection Rights
Subject to applicable law, you may have the right to:
- access your personal data;
- rectify inaccurate data;
- request erasure (“right to be forgotten”);
- restrict or object to processing;
- data portability;
- lodge a complaint with a supervisory authority.
Requests may be submitted to privacy@securiawall.com.
We may require identity verification before fulfilling requests.
11. Limitations on Rights
Certain rights may be limited where processing is necessary for:
- network security and abuse prevention;
- compliance with legal obligations;
- the establishment or defense of legal claims.
12. Cookies and Tracking
We use cookies and similar technologies as described in our Cookie Policy, incorporated by reference.
13. Children’s Data
The Services are not intended for children.
We do not knowingly collect personal data from individuals under 18 years of age.
14. Changes to This Policy
We may update this Privacy Policy from time to time.
Changes become effective upon posting unless otherwise stated. Continued use of the Services constitutes acceptance.
15. Governing Law
This Policy is governed by the laws of England and Wales, consistent with the Terms.