VoidFort
English
  • English
  • Русский
  • Deutsch SOON
  • Français SOON
  • Español SOON
  • Português SOON
  • Italiano SOON
  • 日本語 SOON
  • 中文 SOON
  • 한국어 SOON
LEGAL://PRIVACY_POLICY

Privacy Policy

Last updated: May 2025

1. Overview

VoidFort ("we", "us", "our") provides a managed Web Application Firewall (WAF) service and ephemeral security audit. This policy explains what data we collect, why we collect it, and how we handle it.

2. Data we collect

Audit requests

When you submit a domain for a free security audit, we collect:

  • Your email address — to deliver the PDF report.
  • The target domain name — to run the scan.

The ephemeral VPS that performs the scan is destroyed immediately after the report is delivered. No scan data is retained on the scanning infrastructure.

Shield customers

Paying customers additionally provide:

  • Account credentials (email + password hash).
  • Billing details — processed by our payment processor; we do not store card numbers.
  • Origin server hostname — required to route traffic through your Shield node.

Traffic telemetry

Shield nodes aggregate anonymised attack metrics (request counts, blocked IPs, attack categories) and send summaries to our control plane. Raw HTTP request bodies and URL parameters from your visitors are never stored.

3. How we use data

  • Deliver audit reports to the provided email address.
  • Provision and manage your Shield node.
  • Detect and block malicious traffic across all nodes (shared ban-list).
  • Send transactional emails (report delivery, billing receipts, critical alerts).

We do not sell, rent, or share your personal data with third parties for marketing.

4. Data retention

  • Audit email + domain — retained for 90 days, then deleted.
  • Account data — retained for the lifetime of the account plus 30 days after deletion.
  • Attack telemetry — aggregated metrics retained for 12 months.
  • Banned IPs — retained in the shared threat network indefinitely.

5. Cookies and analytics

This site uses privacy-first analytics (Plausible Analytics) that does not set cookies, does not track individuals, and does not share data with ad networks. No consent banner is required.

6. Third-party processors

  • Hetzner Cloud / CloudCone / Vultr — cloud VPS providers used to host Shield nodes and run ephemeral audit bots. Data is processed in EU/US datacenters.
  • Postmark / SMTP — transactional email delivery.
  • Stripe / YooKassa — payment processing. Subject to their own privacy policies.

7. Your rights

You may request access to, correction of, or deletion of your personal data at any time by emailing privacy@voidfort.com. Requests are processed within 30 days.

If you are in the EU/EEA, you have rights under GDPR, including the right to lodge a complaint with your local supervisory authority.

8. Security

All data in transit is encrypted via TLS 1.3. Internal control-plane traffic travels exclusively over an encrypted Wireguard mesh. Passwords are stored as bcrypt hashes.

9. Changes to this policy

We may update this policy as the service evolves. Material changes will be communicated by email to active customers at least 14 days before taking effect.

10. Contact

Questions? Email privacy@voidfort.com.