NGINXaaS Privacy Statement

Created: May 23, 2022
Last updated: October 1, 2025
Last reviewed: October 1, 2025

Overview

NGINXaaS allows customers to bring their existing NGINX configurations to the cloud. This fully-managed service is integrated with the customer cloud service provider.

Roles of the Parties

Under the data protection laws of the EU and similar jurisdictions, F5 is a processor of the data about the customer’s users, and the customer is (or acts on behalf of) a controller of such data, to the extent it contains personal data.

Personal Data Accessed by the Service

The following data is accessed by the NGINXaaS administrators:

• User Identity Info: Azure or Google user identity info, including user email address and unique Google user ID.
• NGINX logs and configurations: as configured by the customer, which may contain personal data, such as:
  • IP address of the user’s device
  • URL requested by the user, including query parameters
  • Additional metadata relating to the request, such as referring URL and the user-agent string of the user’s browser.

Data Usage:

• User Identity Info: Data is used to confirm user identity for authentication purposes and for operational purposes.
• NGINX logs and configurations: This data may be accessed for troubleshooting customer support cases.

Data Sharing:

The data is not shared with third parties other than the cloud service used by the customer.

Data Retention & Deletion:

• User Identity Info: Data is completely removed when user is deleted.
• NGINX logs: data is ephemerally processed by the service but not persistently stored outside of the customer’s cloud service tenant.
• NGINX configurations: Configuration data is stored by the Service as long as necessary.

More Information

To exercise your rights as a Data Subject with respect to the customer data that F5 processes when providing the Service to a customer, please contact that customer. For more information about F5’s privacy practices, please see the F5 Privacy Notice.