Skip to content

Privacy Policy

Your privacy and data security are of the utmost importance to us.

This Privacy Policy outlines the types of information ConfigServer Security & Firewall (“CSF”, “we”, “our”, or “us”) collects, how that information is used, and the steps we take to safeguard it.

By using our website, services, or participating in the Insiders Program, you acknowledge and agree to the practices described in this policy.

In addition to this Privacy Policy, your use of our services is governed by our ConfigServer Services Terms and Conditions and any applicable License Terms and Conditions (available on each product’s page).



1. Information We Do Not Collect

CSF does not collect, log, or retain any personal information from users who access or use:

We do not collect IP addresses, payment information, geographical data, device information, or other personally identifiable information (PII) from visitors to these subdomains.



2. Information We Collect and Retain

When visiting our documentation site or participating in our Insiders Program, certain information may be collected under limited and clearly defined circumstances.


A. General Website Usage

Our main website and associated subdomains do not actively collect or store any personal information.

We do not track user activity, browser fingerprints, or connection metadata.


B. Documentation Subdomain

Our documentation site uses a third-party framework called MkDocs, along with the Material for MkDocs theme, which may store local cookies in your browser.

When you first visit our documentation site, MkDocs will prompt you to consent to cookies before any optional or analytics-related cookies are set. This ensures compliance with data privacy regulations such as the GDPR.

The cookies used are strictly functional and are limited to the following purposes:

  • Remembering your selected display theme (e.g., light or dark mode)
  • Retaining your navigation state, such as your last visited page
  • Analytics (currently disabled) 1

We do not use cookies for advertising, behavioral tracking, or any form of user profiling.


C. Insiders Program Participation

When you join the Insiders Program, limited personal information is collected to manage and verify your membership and licensing status.

Depending on the method of participation or donation, we may collect:

  • Your GitHub username
  • Used to publically broadcast sponsors on our Sponsors page
  • Your Discord user ID
  • Used give Insiders special perks and a role on our Discord server
  • Your email address (if provided during signup or donation)
  • Used as a backup communication method
  • The timestamp of your sponsorship with our licensing server
  • The timestamp of your last communication with our licensing server

This information is used exclusively for program administration, including license validation, member communication, and early-release access.


D. Cloud Services

We make use of third-party cloud infrastructure providers, such as Cloudflare, to enhance the security, performance, and reliability of our web services.

These providers may automatically collect limited connection-related information — such as your IP address, browser type, and general request metadata — for purposes including threat detection, caching, load balancing, and protection against abuse or excessive request rates.

Your IP address may be temporarily examined at the time of connection to detect suspicious activity or enforce rate limits. This process is automated and used solely to maintain service integrity.

All data collection related to these operations is handled by the third-party service and is subject to their respective privacy policies.

We do not store or log this information within our own infrastructure beyond what is necessary for normal server operation.


E. Data Retention

Information associated with the Insiders Program is retained for the duration of your active membership and may be archived for up to 90 days following termination, to ensure continuity of support or compliance with auditing requirements.

After this period, the data is permanently deleted or anonymized.



3. Insiders Program and License Server

Participation in the Insiders Program requires connection to our license server for verification.

The license server collects and processes limited user data for the purpose of:

  • Validating active licenses and Insiders status
  • Managing software release eligibility
  • Application updates

This data is not used for analytics or shared with any external parties except as required for essential operation (for example, communication between CSF systems and GitHub for identity verification).

We do not sell, rent, or trade any personal data with third parties.

Access to stored information is strictly limited to authorized personnel for administrative purposes.



4. Third-Party Services

We utilize a minimal number of third-party services, each serving a specific operational purpose. These may include:

  • MkDocs — Used solely for documentation.
  • GitHub — Used for hosting source code, managing issues/support tickets.
  • Payment Processors — Used for processing sponsorships or donations tied to Insiders membership, which may include:
    • GitHub Sponsors
    • PayPal
    • BuyMeACoffee
  • Cloudflare — Provides network security, caching, and DDoS protection for our websites and services. Cloudflare may temporarily process connection-related data (such as IP addresses and request metadata) to detect abuse, manage traffic, and ensure reliable service delivery.
  • Discord — Used for community support and communication. Discord may store information including your Discord username, ID, and any messages or interactions you have within our official CSF servers.


Each third-party service is responsible for its own privacy policy and compliance with applicable data protection regulations.

We recommend reviewing those providers’ respective privacy notices before using their platforms.



5. Data Security

We take appropriate organizational and technical measures to protect all collected data from unauthorized access, alteration, disclosure, or destruction.

This includes the use of secure communication protocols, limited administrative access, and periodic review of access permissions.

Insiders-related information is stored on secure servers and only accessed by personnel with a legitimate administrative or support role.



For users in applicable jurisdictions (such as the EU, UK, or other GDPR-aligned regions), we rely on the following legal bases for processing personal data:

  • Contractual necessity – when managing your Insiders license and access.
  • Legitimate interest – when maintaining platform security and functionality.
  • Consent – when you voluntarily provide information during signup, donation, or correspondence.



7. Policy Updates

This Privacy Policy may be updated periodically to reflect operational, technical, or legal changes.

Any updates will be posted to this page, and the “Last Updated” date will be revised accordingly.

We encourage all users to review this policy regularly to stay informed about how we protect and manage your data.



8. Contact Us

If you have questions about this Privacy Policy, data handling, or wish to request access or deletion of your information, you may contact us via:

We will respond to all privacy-related inquiries within a reasonable timeframe.



This Privacy Policy applies only to information collected by ConfigServer Security & Firewall through our official website and related services.

Our website may include links to external websites that are not operated or controlled by us. We are not responsible for the content or privacy practices of those third-party sites.

If you choose to visit another website through a link on our site, we encourage you to review that website’s own privacy policy to understand how your personal information may be collected, used, and protected.



Last Updated: October 20, 2025


  1. If analytics or external assets are ever enabled, MkDocs ensures that user consent is obtained before any analytics cookies are created.