Privacy Policy

If you are reading this policy, it is because you care about your privacy and how we use your data on this website and in the tool we offer.

CoreWAF adheres to best practices regarding privacy and data protection. The data collected is handled securely and its confidentiality is guaranteed.

This website complies with all applicable regulations protecting personal information of its users, subscribers and customers, specifically:

  • EU Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR)
  • Organic Law 3/2018 of December 5, on the Protection of Personal Data and guarantee of digital rights

Who is the data controller?

Legal entity: Julio Rodríguez Cruz
NIF/DNI: 53194665N
Address: Vigo, Galicia, 36205
Email: Contact form

Notice before purchasing our licenses

Before purchasing the software licenses offered on this platform, you must give your consent to the service contract, which includes clauses on the processing and confidentiality of your personal data.

Data collected on this website

Personal data collected and processed on this website is provided directly by users, specifically through:

  • Registration form
  • Contact form

Legal basis for processing your data

To contact us or request information, you must consent to this privacy policy. The legal basis for processing data of persons who make purchases on CoreWAF or purchase any licenses offered by CoreWAF is the execution of the contract.

Privacy of the CoreWAF tool

CoreWAF is a Web Application Firewall (WAF) that runs directly on the client's server, with no need to redirect traffic to third parties or modify DNS records.

The data processing performed by the tool meets the following requirements:

  • IP anonymization: Visitor IP addresses are processed so they cannot be linked to individual users in reports.
  • GDPR compliance: The tool complies with EU General Data Protection Regulation requirements.
  • Limited data retention: CoreWAF logs HTTP request metadata (anonymized IP, URI, response code, decision taken) to provide the security and analytics service. No user data or request body content is stored. Logs are automatically deleted after 30 days.
  • Exclusive use of data: Configuration and telemetry data is used exclusively to provide the contracted service.
  • EU storage: Data hosted on our infrastructure is stored on servers located within the European Union.
  • Data deletion: When a user requests data deletion, we proceed to delete it effectively and permanently.

Data collected by the CoreWAF tool

The tool logs the following data from processed HTTP requests:

  • Visitor IP address (anonymized in reports)
  • HTTP method and URI
  • HTTP User-Agent header
  • HTTP response code
  • Detected attack patterns
  • Decision taken (allowed or blocked)
  • Request timestamp

Personal data categories required by this website

To contact us: identifying data (name, email address).

To purchase licenses: full name, address, email and payment transaction information (payment instrument used, transaction date and time, amount, expiration date, billing postal code and other payment-related details).

Purpose of processing your personal data

Data collected through CoreWAF will be processed for the following purposes:

  • Process orders, requests or any type of inquiry made through available contact channels.
  • Send communications related to the status of the contracted subscription.
  • Archive purchase history and management performed on the website.
  • Verify and update user registration.
  • Perform support and user assistance activities.
  • Maintain the contractual relationship established with the client.
  • Conduct fraud prevention, security incident analysis and abuse detection.

What are your rights when you provide your data?

  • Access: right to know whether your personal data is used and how.
  • Rectification: right to ensure accurate and up-to-date information is used.
  • Erasure: right to request deletion of data no longer needed.
  • Restriction: right to ask us to limit processing to certain purposes.
  • Portability: right to request we send your data to another company.
  • Withdrawal of consent: right to withdraw consent at any time.
  • Complaint: right to file a complaint with the relevant data protection authority.

How can you exercise your rights?

Write to us at: Contact form

How long will we keep your data?

Personal data will be kept as long as you remain linked as a user or customer of the website and until the termination of the User Contract. Data will be kept as long as there are legal obligations for retention or until you request its deletion.

Who will your data be shared with?

Your data will not be transferred to third parties, except when legally required. Data will be shared with the Spanish Tax Agency and financial institutions to process payments, as well as with service providers necessary to execute the contract.

Hosting: OVH, Nicalia, Cubepath, Hetzner

Security of stored data

Data security is a priority at CoreWAF. Measures implemented include servers from OVH, Nicalia, Cubepath and Hetzner, regular backups, and TLS encryption for all communications. If CoreWAF determines that your data has been subject to a security breach, you will be informed immediately.

Applicable law and jurisdiction

The relationship between CoreWAF and the User will be governed by current Spanish regulations, and any disputes will be submitted to the appropriate courts.

Changes to the privacy policy

CoreWAF reserves the right to modify this policy to adapt it to new legislation or industry practices. Changes will be announced on this page with sufficient advance notice.

Last updated: 13/05/2026