Created: May 23, 2022
Last updated: October 1, 2025
Last reviewed: October 1, 2025
Overview
NGINXaaS allows customers to bring their existing NGINX configurations to the cloud. This fully-managed service is integrated with the customer cloud service provider.
Roles of the Parties
Under the data protection laws of the EU and similar jurisdictions, F5 is a processor of the data about the customer’s users, and the customer is (or acts on behalf of) a controller of such data, to the extent it contains personal data.
Personal Data Accessed by the Service
The following data is accessed by the NGINXaaS administrators:
- User Identity Info: Azure or Google user identity info, including user email address and unique Google user ID.
- NGINX logs and configurations: as configured by the customer, which may contain personal data, such as:
- IP address of the user’s device
- URL requested by the user, including query parameters
- Additional metadata relating to the request, such as referring URL and the user-agent string of the user’s browser.
Data Usage:
- User Identity Info: Data is used to confirm user identity for authentication purposes and for operational purposes.
- NGINX logs and configurations: This data may be accessed for troubleshooting customer support cases.
Data Sharing:
The data is not shared with third parties other than the cloud service used by the customer.
Data Retention & Deletion:
- User Identity Info: Data is completely removed when user is deleted.
- NGINX logs: data is ephemerally processed by the service but not persistently stored outside of the customer’s cloud service tenant.
- NGINX configurations: Configuration data is stored by the Service as long as necessary.
More Information
To exercise your rights as a Data Subject with respect to the customer data that F5 processes when providing the Service to a customer, please contact that customer. For more information about F5’s privacy practices, please see the F5 Privacy Notice.