Privacy Policy

Your privacy and data security are of the utmost importance to us.

This Privacy Policy outlines the types of information ConfigServer Security & Firewall (“CSF”, “we”, “our”, or “us”) collects, how that information is used, and the steps we take to safeguard it.

By using our website, services, or participating in the Insiders Program, you acknowledge and agree to the practices described in this policy.

In addition to this Privacy Policy, your use of our services is governed by our ConfigServer Services Terms and Conditions and any applicable License Terms and Conditions (available on each product’s page).

---

1. Information We Do Not Collect

Outlines what information is NOT collected by us on our website:

Website

CSF does not collect, log, or retain any information such as IP addresses, payment details, geographic data, device identifiers, or any other personally identifiable information (PII) from users who visit or interact with:

• The main domain: https://configserver.dev
• The download service: https://download.configserver.dev
• The blocklist service: https://blocklist.configserver.dev

CSF Application

The CSF application does not transmit or collect any personal or server-related information. Specifically:

• We do not log the IP address of any server running CSF.
• We do not collect configuration data, version information, or any personal server details.
• We do not access or transmit your local CSF logs — all logs remain securely stored on your own system.
• We do not perform remote telemetry, analytics, or background reporting of any kind.
• We do not automatically send diagnostic or crash data to external servers.
• We do not fetch or scan any system files, user directories, or third-party applications.
• We do not collect information about your firewall rules, ports, or network traffic.
• We do not use any tracking identifiers, unique installation IDs, or hardware fingerprints.

Payment Processors

When you sponsor CSF or join the Insiders program, all payment processing is handled securely by trusted third-party services such as GitHub Sponsors and BuyMeACoffee.

We do not handle or store any sensitive payment information ourselves.

• We do not log, copy, or retain any personal, financial, or payment details on our servers.
• We do not have access to your full credit card or banking information — all transactions are securely managed by our payment partners.
• We do not share, sell, or trade any supporter or payment data with third parties.
• We do not collect analytics or behavioral data from users making donations or sponsorship payments.
• We do not perform recurring billing unless explicitly managed and authorized through the payment provider’s platform.
• We only store minimal, non-sensitive data (such as your GitHub username or public display name) to verify active sponsorships or Insiders status.

---

2. Information We Collect and Retain

When visiting our documentation site or participating in our Insiders Program, certain information may be collected under limited and clearly defined circumstances.

A. Domain

Our main domain https://configserver.dev and its subdomains do not actively collect, store, or track any personal information from visitors.

However, we do use the third-party service Cloudflare to improve performance and security. Cloudflare may collect certain information about visitors to our site. This data is managed entirely by Cloudflare, and we do not have access to or control over it.

For information on what Cloudflare collects and how it is used, please refer to their Privacy Policy.

B. Documentation Subdomain

Our documentation subdomain uses a third-party framework called MkDocs, along with the Material for MkDocs theme, which may store local cookies in your browser.

When you first visit our documentation site, MkDocs will prompt you to consent to cookies before any optional or analytics-related cookies are set ¹. This ensures compliance with data privacy regulations such as the GDPR.

The cookies used are strictly functional and are limited to the following purposes:

• Remembering your selected display theme (e.g., light or dark mode)
• Retaining your navigation state, such as your last visited page
• Analytics (currently disabled) ¹

We do not use cookies for advertising, behavioral tracking, or any form of user profiling.

C. Insiders Program

When you join the Insiders Program, limited personal information is collected to manage and verify your membership and licensing status.

Depending on the payment processor you use to sign up for our Insiders Program or to become a sponsor, we may collect:

• Your GitHub or BuyMeACoffee username
  • Used to publically broadcast sponsors on our Sponsors page
• Your Discord user ID
  • Used give Insiders special perks and a role on our Discord server
• Your email address (if provided during signup or donation)
  • Used as a backup communication method
• The timestamp your sponsorship began
• The timestamp your last communication with our licensing server was

This information is used exclusively for program administration, including license validation, member communication, and early-release access.

D. Cloud Services

We make use of third-party cloud infrastructure providers, such as Cloudflare, to enhance the security, performance, and reliability of our web services.

These providers may automatically collect limited connection-related information — such as your IP address, browser type, and general request metadata — for purposes including threat detection, caching, load balancing, and protection against abuse or excessive request rates.

Your IP address may be temporarily examined at the time of connection to detect suspicious activity or enforce rate limits. This process is automated and used solely to maintain service integrity.

All data collection related to these operations is handled by the third-party service and is subject to their respective privacy policies.

We do not store or log this information within our own infrastructure beyond what is necessary for normal server operation.

E. Data Retention

Information associated with the Insiders Program is retained for the duration of your active membership and may be archived for up to 90 days following termination, to ensure continuity of support or compliance with auditing requirements.

After this period, the data is permanently deleted or anonymized.

---

3. Insiders Program and License Server

Participation in the Insiders Program requires connection to our license server for verification.

The license server collects and processes limited user data for the purpose of:

• Validating active licenses and Insiders status
• Managing software release eligibility
• Application updates

This data is not used for analytics or shared with any external parties except as required for essential operation (for example, communication between CSF systems and GitHub for identity verification).

We do not sell, rent, or trade any personal data with third parties.

Access to stored information is strictly limited to authorized personnel for administrative purposes.

---

4. Third-Party Services

We utilize a minimal number of third-party services, each serving a specific operational purpose. These may include:

• MkDocs — Used solely for documentation.
• GitHub — Used for hosting source code, managing issues/support tickets.
• Payment Processors — Used for processing sponsorships or donations tied to Insiders membership, which may include:
  • GitHub Sponsors
  • PayPal
  • BuyMeACoffee
• Cloudflare — Provides network security, caching, and DDoS protection for our websites and services. Cloudflare may temporarily process connection-related data (such as IP addresses and request metadata) to detect abuse, manage traffic, and ensure reliable service delivery.
• Discord — Used for community support and communication. Discord may store information including your Discord username, ID, and any messages or interactions you have within our official CSF servers. Refer to Discord's Privacy Policy for more information on what they collect and how they use it.

Each third-party service is responsible for its own privacy policy and compliance with applicable data protection regulations.

We recommend reviewing those providers’ respective privacy notices before using their platforms.

---

5. Data Security

We take appropriate organizational and technical measures to protect all collected data from unauthorized access, alteration, disclosure, or destruction.

This includes the use of secure communication protocols, limited administrative access, and periodic review of access permissions.

Insiders-related information is stored on secure servers and only accessed by personnel with a legitimate administrative or support role.

---

6. Legal Basis for Data Processing

For users in applicable jurisdictions (such as the EU, UK, or other GDPR-aligned regions), we rely on the following legal bases for processing personal data:

• Contractual necessity – when managing your Insiders license and access.
• Legitimate interest – when maintaining platform security and functionality.
• Consent – when you voluntarily provide information during signup, donation, or correspondence.

---

7. Policy Updates

This Privacy Policy may be updated periodically to reflect operational, technical, or legal changes.

Any updates will be posted to this page, and the “Last Updated” date will be revised accordingly.

We encourage all users to review this policy regularly to stay informed about how we protect and manage your data.

---

8. Contact Us

If you have questions about this Privacy Policy, data handling, or wish to request access or deletion of your information, you may contact us via:

• Our official website: https://configserver.dev
• Our GitHub repository: https://github.com/Aetherinox/csf-firewall

We will respond to all privacy-related inquiries within a reasonable timeframe.

---

9. Links to Other Websites

This Privacy Policy applies only to information collected by ConfigServer Security & Firewall through our official website and related services.

Our website may include links to external websites that are not operated or controlled by us. We are not responsible for the content or privacy practices of those third-party sites.

If you choose to visit another website through a link on our site, we encourage you to review that website’s own privacy policy to understand how your personal information may be collected, used, and protected.

---

Last Updated: October 20, 2025

---

1. If analytics or external assets are ever enabled, MkDocs ensures that user consent is obtained before any analytics cookies are created. ↩↩