Privacy Policy

Akarguard ("we", "us", "our") is the data controller responsible for your personal data. We operate the DDoS protection service accessible at akarguard.net.

Contact: privacy@akarguard.net

We do not currently have a designated Data Protection Officer. Enquiries regarding this Privacy Policy should be directed to the contact above.

We collect the following categories of personal data depending on how you interact with our services:

• Contact & account data: Name, email address, company name — provided when you request a trial or contact us.
• Technical data: IP address, browser type, operating system, referring URL, pages visited — collected automatically.
• DDoS mitigation logs: Source IP addresses and request metadata processed as part of our core security service.
• Communication data: Emails, support messages, or other communications you send us.

We process your personal data on the following legal bases:

• Contractual necessity (Art. 6(1)(b)): Processing required to provide the DDoS protection service you have requested.
• Legitimate interests (Art. 6(1)(f)): Network security, fraud prevention, service improvement, and marketing communications to existing customers. We have conducted a balancing test and determined that these interests are not overridden by your rights.
• Consent (Art. 6(1)(a)): Analytics cookies and marketing communications to prospective customers, where you have given explicit consent. You may withdraw consent at any time.
• Legal obligation (Art. 6(1)(c)): Compliance with applicable laws, including data retention requirements.

We use your personal data to:

• Provide, operate, and maintain the DDoS protection service
• Detect, investigate, and mitigate security threats and attacks
• Respond to your enquiries and provide customer support
• Send service-related communications (status updates, security alerts)
• Improve the website and services based on aggregated usage analytics
• Comply with legal obligations

We retain personal data only for as long as necessary for the purposes outlined above:

• DDoS mitigation logs (IP addresses): 30 days, then permanently deleted or anonymised.
• Contact and account data: Duration of the business relationship plus 3 years for legitimate interests.
• Analytics data: Aggregated data retained for up to 24 months; no individual-level retention.
• Legal / compliance records: As required by applicable law (typically 5–7 years).

We do not sell your personal data. We may share it with the following categories of recipients:

• Infrastructure providers: Hosting and network providers necessary to deliver the service. Bound by Data Processing Agreements (DPAs).
• Vercel Analytics: Anonymised website usage analytics. No personal identifiers are stored. Vercel's infrastructure is EU-based or transfers are covered by Standard Contractual Clauses (SCCs).
• Legal authorities: Where required by law, court order, or to protect our legal rights.

Where personal data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission (Art. 46(2)(c) GDPR). You may request a copy of the relevant safeguards by contacting us at privacy@akarguard.net.

Under the GDPR, you have the following rights:

• Right of access (Art. 15): Request a copy of the personal data we hold about you.
• Right to rectification (Art. 16): Request correction of inaccurate or incomplete personal data.
• Right to erasure (Art. 17): Request deletion of your personal data ('right to be forgotten') where there is no legitimate ground for continued processing.
• Right to restriction (Art. 18): Request that we restrict processing of your data in certain circumstances.
• Right to data portability (Art. 20): Receive your personal data in a structured, machine-readable format.
• Right to object (Art. 21): Object to processing based on legitimate interests or for direct marketing purposes.
• Right to withdraw consent (Art. 7(3)): Withdraw consent at any time without affecting the lawfulness of prior processing. You can manage cookie consent via the Cookie Settings link in the footer.

To exercise any of these rights, contact us at privacy@akarguard.net. We will respond within 30 days as required by Art. 12 GDPR.

You have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work, or place of the alleged infringement. You may contact the relevant national data protection authority. A list of EU supervisory authorities is available at edpb.europa.eu.

We use cookies and similar technologies on this website. For full details, including a list of all cookies used and how to manage your preferences, please see our Cookie Policy.

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. Material changes will be communicated via email or a prominent notice on the website. Continued use of our services after changes constitutes acceptance of the revised policy.