Created: 1 January 2026
Last updated: 1 January 2026
Last reviewed: 1 January 2026
Overview
F5 Distributed Cloud WAF (the “Service”) identifies and mitigates web app attacks and vulnerabilities using WAF rules created by F5. This Privacy Statement applies to the customer data that F5 processes through the Service.
Roles of the Parties
Under the data protection laws of the EU and similar jurisdictions, F5 is a processor of the customer data, and the customer is, or acts on behalf of, a controller of such data, to the extent it contains personal data.
Personal Data Processed by the Service
To use the Service, the customer routes its network traffic through F5 servers. This network traffic may contain personal data, such as the IP address of a visitor to the customer’s online properties.The Service inspects the customer’s network traffic for unauthorized activity. If the Service determines that a request violates a WAF rule, the Service drops the request and creates a log of the blocking event for that customer’s later review. Otherwise, the Service transmits the request onward to its destination. The Service can also generate other logs for troubleshooting and analysis for the customer.
More Information
If you believe that the Service has improperly blocked or restricted your access to a customer’s online property, please contact that customer to request restoration of your access. If the Service presents you with a support ID number when blocking your access, please include that support ID in your request to the customer.
To exercise your rights with respect to the customer data that F5 processes when providing the Services to a customer, please contact that customer. For more information about F5’s privacy practices, please see the F5 Privacy Notice.
