Privacy Policy

Last updated: 2026-05-10 · Owner: Datacenter Firewall

1. Who we are

Datacenter Firewall ("we", "us") is a managed security service for pfSense and Linux-based firewall fleets. The service is operated from India and is reachable at fireme.uludeveloper.top. For privacy questions contact parbatwebmaster@gmail.com.

2. Data we collect

Account data — your tenant name, owner email, password hash (bcrypt), country, optional WhatsApp number. Required to sign in and contact you.
Firewall metadata — names and hostnames you choose for your registered firewalls; per-firewall API key hashes.
Block events — IP, attack type, timestamp, port, country/ASN of the blocked attacker, originating firewall. Generated automatically by your agent and submitted to us for fleet-wide intel.
Audit log — record of state-changing actions you take in the dashboard (login, create/delete firewall, change settings, billing).
Billing records — Razorpay subscription/order IDs, plan, status, period end. We never store card numbers; Razorpay handles all payment data.
Operational metadata — last-heartbeat timestamps, agent version strings, log sizes.

3. What we DON'T collect

Payment card details (held by Razorpay only).
Content of your network traffic — only the source IPs of detected attackers and connection metadata.
Personal data of your end-users beyond what your agent reports (which is only attacker IPs, not legitimate users).
Cookies for tracking. We use a single session cookie + JWT for authentication.

4. How attacker IP data is used

Block events from any tenant feed into a globally fused threat-intel score (sources: your own firewalls + ET DROP feed + AbuseIPDB + honeypot signals). IPs scoring ≥ 0.6 are pushed back to all tenants' agents and to a public blocklist at /public/blocklist.txt. This crowd-sourced model is the value proposition of the service.

The data shared globally is only the attacker IP, country, ASN, and aggregate score — never your tenant identity, your firewall names, or your customers' IPs.

5. Third parties

Razorpay — payment processor (subject to Razorpay's privacy policy).
Resend — transactional email (verification, password reset, approval notifications).
Cloudflare — optional tenant-controlled WAF integration. Tenants paste their own Cloudflare API token; we use it only to push IP lists to their account.
Let's Encrypt — TLS certificate issuance for our domains.
WhatsApp message gateway (whatsapi.live.pwtech.pw) — if you configure a WhatsApp alert route, alerts are sent through that gateway.

6. Retention

Block events are retained for 30 days then pruned. Audit logs for 1 year. Backup snapshots for 7 days. On account deletion, your tenant is soft-deleted for 30 days (recoverable on request) then hard-deleted including all firewalls, alert routes, and Cloudflare configs.

7. Your rights (GDPR / DPDP Act 2023)

You can:

Export all your data — CSV at /v1/blocks/export.csv; full JSON via API token; audit log via the dashboard.
Correct or delete your data — change account email/password from /settings; delete tenant by emailing us (soft-delete with 30-day recovery window).
Object to processing — delete your tenant; you can also opt out of the global threat-intel pool by emailing us (we'll exclude your events from the fused score).
Withdraw consent — log out and delete your tenant.

8. Security

Password storage uses bcrypt. JWT-signed sessions expire in 12 hours. Per-IP and per-email rate limits + account lockouts protect against brute force. All traffic uses HTTPS via Let's Encrypt. Database backups are encrypted at rest. Per-firewall API keys are hashed. Per-tenant API tokens are hashed with sha256.

9. Children

The service is not intended for users under 18. We don't knowingly collect data from minors.

10. Changes

Material changes to this policy are notified by email at least 14 days before taking effect.

This policy is provided in good faith and is intended as a starting point. It is not legal advice and should be reviewed by counsel before relying on it for compliance with any specific regulation.