Distributed Cloud Bot Defense

Data generated or collected by Distributed Cloud Bot Defense is persistently stored in one of the following locations, selected by each customer: the United States, Canada, the EU. For 24/7 Security Operations Center (“SOC”) support, data is queried from F5’s Global SOC locations, which include at least Poland, United States, Canada, Mexico, India, and Singapore. For a complete list and more information, please refer to the Data Residency and Processing Reference.

FAQ

F5 is fully committed to complying with the privacy laws in the U.S., including the CCPA/CPRA and other state privacy laws. F5’s global privacy strategy and privacy-by-design approach ensures that F5 and its services prioritize the protection of personal data and uphold the highest standards of data privacy.


What specific security measures does F5 provide for personal data?

F5 and its services prioritize the protection of personal data and uphold the highest standards of data privacy.  The technical and organizational controls that protect personal data collected by F5 are listed in the specific service contracts (for example, the Service-Specific Terms applicable to services provided under our End User Services Agreement) and in F5's SOC2 Type II report. F5 Global Support is ISO 27001 certified and F5 Distributed Cloud Services are ISO 27001 certified with an extension of ISO 27017 and ISO 27018. F5 is also PCI-DSS Compliant as a Level 1 Service Provider for the F5 Distributed Cloud Services. Additional security certifications apply to specific F5 services and F5 hardware. Find more detailed information about data security practices at https://www.f5.com/company/policies/privacy-notice.


What tools does F5 have for its customers to geographically restrict access to data?

Certain F5 services allow customers to choose the location of F5 data centers. The data processing and sub-processing locations for each service are listed at https://docs.cloud.f5.com/docs/reference/data-residency-locations.