Effective Date: July 15, 2025
Last Updated: July 15, 2025
F5 NGINX One allows customers to configure and observe their NGINX instances in the F5 Distributed Cloud and enable WAF.
Under the data protection laws of the EU and similar jurisdictions, F5 is a processor of the data about the customer’s users, and the customer is (or acts on behalf of) a controller of such data, to the extent it contains personal data.
NGINX One stores customer configuration files which may, if the customer chooses, contain IP addresses of user devices.
If WAF is enabled by the customer, service logs are generated about the use of the customer’s online properties. What these logs contain is configurable by the customer, but will likely contain the following data, which may constitute personal data:
If WAF is enabled by the customer, IP addresses in the logs, and related metadata, are stored by F5 and used for administration and security. Customers also store logs in accordance with their own policies.
To exercise your rights as a Data Subject with respect to the customer data that F5 processes when providing the Service to a customer, please contact that customer. For more information about F5’s privacy practices, please see the F5 Privacy Notice.