Privacy Policy

Akarguard ("we", "us", "our") is the data controller responsible for your personal data. We operate the DDoS protection service accessible at akarguard.net.

Contact: privacy@akarguard.net

We do not currently have a designated Data Protection Officer (no DPO is mandatorily required under Art. 37 GDPR for our current scale of processing). Enquiries regarding this Privacy Policy should be directed to the contact above.

If you are located in the EU and wish to enter into a Data Processing Agreement (DPA) in accordance with Art. 28 GDPR, please contact us at the address above.

We collect the following categories of personal data depending on how you interact with our services. Providing contact and account data is a contractual requirement for using the Services — without it we cannot create or administer your account. Technical data is collected automatically as a necessary part of delivering the service. You are not obliged to provide optional data (e.g., company name) but it helps us serve you better (Art. 13(2)(e) GDPR).

• Contact & account data: Name, email address, company name — provided when you request a trial or contact us.
• Technical data: IP address, browser type, operating system, referring URL, pages visited — collected automatically.
• DDoS mitigation logs: Source IP addresses and request metadata processed as part of our core security service.
• Communication data: Emails, support messages, or other communications you send us.

We process your personal data on the following legal bases:

• Contractual necessity (Art. 6(1)(b)): Processing required to provide the DDoS protection service you have requested.
• Legitimate interests (Art. 6(1)(f)): Network security, fraud prevention, service improvement, and marketing communications to existing customers. We have conducted a balancing test and determined that these interests are not overridden by your rights.
• Consent (Art. 6(1)(a)): Analytics cookies and marketing communications to prospective customers, where you have given explicit consent. You may withdraw consent at any time.
• Legal obligation (Art. 6(1)(c)): Compliance with applicable laws, including data retention requirements.

We use your personal data to:

• Provide, operate, and maintain the DDoS protection service
• Detect, investigate, and mitigate security threats and attacks
• Respond to your enquiries and provide customer support
• Send service-related communications (status updates, security alerts)
• Improve the website and services based on aggregated usage analytics
• Comply with legal obligations

We retain personal data only for as long as necessary for the purposes outlined above:

• DDoS mitigation logs (IP addresses): 30 days, then permanently deleted or anonymised.
• Contact and account data: Duration of the business relationship plus 3 years for legitimate interests.
• Analytics data: Aggregated data retained for up to 24 months; no individual-level retention.
• Legal / compliance records: As required by applicable law (typically 5–7 years).

We do not sell your personal data. We may share it with the following categories of recipients:

• Infrastructure providers: Hosting and network providers necessary to deliver the service. Bound by Data Processing Agreements (DPAs).
• Server logs: Anonymised request logs (response codes, page paths) for performance monitoring. No personally identifiable information is retained from these logs beyond 30 days.
• Legal authorities: Where required by law, court order, or to protect our legal rights.

Where personal data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission (Art. 46(2)(c) GDPR). You may request a copy of the relevant safeguards by contacting us at privacy@akarguard.net.

Under the GDPR, you have the following rights:

• Right of access (Art. 15): Request a copy of the personal data we hold about you.
• Right to rectification (Art. 16): Request correction of inaccurate or incomplete personal data.
• Right to erasure (Art. 17): Request deletion of your personal data ('right to be forgotten') where there is no legitimate ground for continued processing.
• Right to restriction (Art. 18): Request that we restrict processing of your data in certain circumstances.
• Right to data portability (Art. 20): Receive your personal data in a structured, machine-readable format.
• Right to object (Art. 21): Object to processing based on legitimate interests or for direct marketing purposes.
• Right to withdraw consent (Art. 7(3)): Withdraw consent at any time without affecting the lawfulness of prior processing. You can manage cookie consent via the Cookie Settings link in the footer.

To exercise any of these rights, contact us at privacy@akarguard.net. We will respond within 30 days as required by Art. 12 GDPR.

You have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work, or place of the alleged infringement. You may contact the relevant national data protection authority. A list of EU supervisory authorities is available at edpb.europa.eu.

We use cookies and similar technologies on this website. For full details, including a list of all cookies used and how to manage your preferences, please see our Cookie Policy.

As a DDoS mitigation provider, our platform performs automated analysis of network traffic to detect and block attack patterns in real time. This processing is carried out at the network level on IP addresses and request metadata — it does not involve profiling of individuals for marketing, credit, or other purposes that produce legal or similarly significant effects on you as defined in Art. 22 GDPR.

We do not subject you to decisions based solely on automated processing that produce legal or similarly significant effects concerning you. Any account-level decisions (e.g., suspension for acceptable use violations) involve human review.

In the event of a personal data breach, we will notify the competent supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware of it, unless the breach is unlikely to result in a risk to your rights and freedoms (Art. 33 GDPR).

Where a breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay (Art. 34 GDPR), describing the nature of the breach, the likely consequences, and the measures taken or proposed to address it.

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. Material changes will be communicated via email or a prominent notice on the website. Continued use of our services after changes constitutes acceptance of the revised policy.