Privacy & Data

We read the world — not your data

WF SecurityCloud is built from the ground up with privacy-first. We never collect personal data, never read your files or emails, and never sell your data. Period.

Our Privacy Promise

WF SecurityCloud protects you by analyzing the global threat landscape, not by monitoring you. Our 63 sensors in 54+ countries collect threat indicators from across the entire internet — so you don't have to share your data.

Core principle: We don't need your personal data to protect you. Our global sensor network identifies threats before they reach you, without ever looking at your data.

What We Collect vs. What We NEVER Collect

✓ What We Collect

  • IP reputation from global sensors
  • Port scans and protocol behaviors
  • Phishing signatures
  • Malware hashes
  • DNS queries (anonymized)
  • WordPress telemetry from WF Sentinel (anonymized)

✗ What We NEVER Collect

  • Your files or documents
  • Email content from your inbox
  • Personal data (names, addresses, social security numbers)
  • Browsing history
  • User data from your applications
  • Encryption keys or passwords

How Email Protection Works (Without Reading Your Email)

Misconception: "You have to read my email to protect me"

No. We never read your email. Here's how it actually works:

  1. We collect malicious emails via:
    • Our own honeypot systems (decoys for attackers)
    • Security researchers and partner sources
    • Public threat feeds
    • Spam traps and deception networks
  2. We extract signatures: URLs, domains, sender patterns, attachment hashes
  3. We distribute globally: All clients receive updated block lists
  4. Your client blocks locally: Without sending your emails to us

Result: You get protection against the latest phishing campaigns, without ever sharing your emails with us. Your email stays with you.

Technical Details

Data Storage and Retention

Threat indicators: Stored for 90 days. After that, aggregated statistics are archived (without IP addresses).
Attack logs: Anonymized after 30 days. Only metadata is kept for trend analysis.
WordPress telemetry: Anonymized at collection. No link to specific sites.

Anonymization and Pseudonymization

IP addresses: Hashed with salt. No direct identification possible.
Domains: Only threat domains are stored. Legitimate visit domains are discarded immediately.
User IDs: Random UUIDs with no link to personal data.

What Happens to Data if You Cancel?

Immediately: All license data is deleted.
30 days: All anonymized logs are deleted.
90 days: All backed up data permanently removed.
Nothing: We never retain your personal data — because we never collected it.

Our Sensor Network

WF SecurityCloud is powered by 63 strategically placed sensors in 54+ countries. These sensors:

  • Catch attacks against honeypots (decoys)
  • Analyze global attack patterns
  • Identify new threats before they reach you
  • Share threat intelligence in real time with all clients

Total blocked attacks: 749 329 181 since 2018
Last 24h: 960 268 attacks
Response time: 8.80 ms (median)
Uptime: 99.99%

GDPR & Compliance

WF SecurityCloud is GDPR-compliant by design:

  • Data minimization: We only collect what is necessary for protection
  • Privacy by default: No opt-in needed — privacy is the default
  • Right to erasure: Automatic deletion upon cancellation
  • Data portability: Export your settings at any time
  • Transparency: This page explains exactly what we do

Data Processing Agreement (DPA): Available for Enterprise customers.
Data localization: European servers. Data never leaves the EU (if you are an EU customer).

Frequently Asked Questions

Do you sell my data to third parties?

No. Never. We don't collect data that could be sold, and even if we did — we don't sell data. Period.

Can you see what I do online?

No. We only see if your computer tries to connect to known threat addresses. Legitimate browsing history passes us by without being logged.

What happens if you get hacked?

Minimal risk to you. Because we don't store your personal data, files or emails — there is no value for attackers. Worst case: they get anonymized threat intelligence (which is already public).

How can I verify your claims?

1. Open source: WF Sentinel (WordPress plugin) is open source.
2. Traffic analysis: Inspect network traffic — you'll see no personal data is sent.
3. Transparency reports: Published quarterly at wfsecuritycloud.com/transparency
4. Third-party audit: Available for Enterprise customers.

More questions about privacy?

We are happy to answer any questions about how we handle data.

Contact us Read our GDPR Policy