Privacy

Privacy Policy

How this self-hosted CloudFirewall instance handles data. All data stays on the operator's infrastructure — nothing is sent to external services by default.

Last updated March 2026

Overview

CloudFirewall is self-hosted software. All data processed by this instance — account information, firewall rules, agent telemetry, and logs — is stored on infrastructure controlled by the instance operator. No data is sent to the CloudFirewall project or any third party by default.

The instance operator is the data controller for any personal data processed through this deployment and is responsible for compliance with applicable data protection laws.

Data Collected

This instance collects only the data necessary to operate the firewall control plane. The categories below describe what the software stores in its database.

Account data: email address, hashed password, and organization membership
Agent data: hostname, OS details, public IP, agent version, and registration timestamp
Firewall rules: rule definitions, priorities, and assignment to agents
Telemetry: heartbeat timestamps, config sync status, and per-rule packet counters
Activity log: registration events, rule changes, and configuration pushes

How Data Is Used

All collected data is used exclusively to operate the firewall control plane — authenticating users, delivering configuration to agents, tracking sync status, and displaying activity in the dashboard.

Authenticate dashboard users and authorize API requests
Deliver desired firewall configuration to registered agents
Display agent status, drift detection, and rule hit counts
Record an audit trail of configuration and registration changes

Storage and Retention

All data is stored in the PostgreSQL database configured by the instance operator. No data leaves the operator's infrastructure unless the operator explicitly configures external services such as backup targets or log forwarders.

Retention is determined by the operator. Deleting an agent from the dashboard removes its registration and telemetry. Deleting an account removes the user record. Database-level backups and retention policies are the operator's responsibility.

Third Parties

The CloudFirewall software does not transmit data to third-party services by default. The only outbound network requests made by agents are to the dashboard API endpoint configured during installation.

If the operator integrates external services (reverse proxies, monitoring, email providers, SSO), those services may process additional data according to their own policies. The operator is responsible for evaluating and disclosing any such integrations.

Cookies and Sessions

The dashboard uses a session cookie to maintain your login state. This is a functional cookie required for authentication — no analytics, tracking, or advertising cookies are set by the software.

Your Rights

Depending on your jurisdiction, you may have the right to access, correct, delete, or export your personal data. Since this is a self-hosted instance, all such requests should be directed to the instance operator who controls the database and infrastructure.

The CloudFirewall project does not have access to any data stored on this instance and cannot fulfill data subject requests on behalf of instance operators.