Privacy Policy

Our project is part of the Open Worldwide Application Security Project (OWASP). This privacy policy will explain how our project uses the personal data we collect from you when you use our website.


  • What data do we collect?
  • How do we collect your data?
  • How will we use your data?
  • How do we store your data?
  • How do we use cookies?
  • Subprocessors
  • Changes to our privacy policy
  • How to contact us
  • How to contact the appropriate authorities

What data do we collect?

Our project collects the following data:

  • IP addresses (short term)
  • Anonymized IP addresses combined with operating system and browser version (long term)

How do we collect your data?

You directly provide our project with the data we collect when you browse our website.

How will we use your data?

Our project collects your data so that we can:

  • Review website usage
  • Review usage / session patterns on website
  • Review interest of our users for certain aspects of our project (namely when reviewing the usage patterns of our documentation, e.g. which rule descriptions are loaded the most often)

We rule out any sharing of your data with anybody outside our project.

How do we store your data?

Our site securely stores your IP address in access_log files (this log is destroyed after 28 days). Your anonymized IP address and browser information are stored long-term in a self-hosted Matomo database.

What are your data protection rights?

Our project would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:

The right to access - You have the right to request copies of your personal data. We may charge you a fee for this service.

The right to erasure - You have the right to request that we erase your personal data, under certain conditions.

If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us at

How do we use cookies?

Our project uses cookies to understand how our users use our website. We use it to focus our resources on the most important content, keeping in mind the popular browsers and devices used by our visitors.


  • Netnea hosts the private Matomo instance for analytics.
  • Hetzner is used to run the WordPress website and its contents - such as comments left on the blog.

Changes to our privacy policy

Our project keeps its privacy policy under regular review and places any updates on this web page. This privacy policy was last updated on 6 December 2021.

How to contact us?

If you have any questions about our project's privacy policy, the data we hold on you, or you would like to exercise one of your data protection rights, then please understand that we're a volunteer driven project trying to write rules to protect our users from malicious attacks. That is our priority. But feel free to contact us and we'll make sure we have a response for you in due time.

Please email us at

How to contact the appropriate authority?

Should you wish to report a complaint or if you feel that our project has not addressed your concern in a satisfactory manner, you may contact the authorities.

  • Our website is hosted in Germany.
  • The database holding your anonymized IP addresses is hosted in Switzerland.
  • We're part of the OWASP family and OWASP is an American organisation.

Please pick one country's privacy authority as you see fit.