LEGAL

Privacy Policy

Last updated: January 1, 2025 · Version 1.0 · Applies to all CYBERZERS WAF products and services.

TABLE OF CONTENTS

Who We Are
Data We Collect
How We Use Your Data
Data Storage & Security
Third Parties
Your Rights
Cookies
Children's Privacy
Contact

1. Who We Are

CYBERZERS Security ("we", "us", "our") operates the CYBERZERS WAF web application firewall platform available at waf.cyberzers.net. We are committed to protecting your personal data in accordance with applicable privacy laws including GDPR and KVKK.

2. Data We Collect

When you register or use CYBERZERS WAF, we may collect the following information:

Account data: Username, email address, hashed password, account creation date.
Usage data: Login timestamps, panel actions, IP addresses of admin sessions.
WAF data: IP addresses, request metadata, and threat logs generated by the WAF engine installed on your server. This data is stored on your own server, not ours.
Technical data: Browser type, operating system, referring URLs (standard server logs).

Important: WAF engine data (ban lists, security logs, blocked IPs) is stored exclusively on your own server. We do not access or store this data on our systems.

3. How We Use Your Data

We use your data to:

Provide and maintain the CYBERZERS WAF service.
Authenticate your identity and manage your account.
Send transactional emails (OTP codes, account confirmations).
Send service-related notifications via Telegram (if configured).
Improve our service and fix technical issues.
Comply with legal obligations.

We do not sell, rent, or share your personal data with third parties for marketing purposes.

4. Data Storage & Security

Your account credentials are stored in JSON files on our secure servers, with passwords hashed using bcrypt. We implement the following security measures:

CSRF token protection on all forms.
Rate limiting on login and registration endpoints.
Session fingerprinting to detect session hijacking.
TLS/SSL encryption for all data in transit.

We retain your data for as long as your account is active. You may request deletion at any time.

5. Third Parties

We use the following third-party services:

Telegram: For optional alert notifications. Only if you configure a Telegram bot in your account settings.
ipapi.co / ip-api.com: For geographic IP lookup in the radar map. Only public IP data is queried.
Google Fonts / cdnjs: For loading web fonts and icon libraries on the panel interface.

No personal account data is transmitted to any third party.

6. Your Rights

Under GDPR and KVKK, you have the right to:

Access the personal data we hold about you.
Correct inaccurate or incomplete data.
Request deletion of your data ("right to be forgotten").
Object to or restrict certain processing.
Data portability.

To exercise these rights, contact us at our contact page.

7. Cookies

We use only essential cookies required for the operation of the service (session management, CSRF protection). We do not use tracking or advertising cookies. See our Cookie Policy for details.

8. Children's Privacy

CYBERZERS WAF is intended for use by individuals aged 18 and older. We do not knowingly collect personal data from children under 18. If you believe a minor has provided us with their data, please contact us immediately.

9. Contact

For privacy-related inquiries: Contact form or email [email protected].