1. Introduction
At EdgeCDN Network Ltd ("we", "us", "our", or "EdgeCDN"), your privacy and the security of your personal data are of paramount importance to us. This comprehensive Privacy Policy ("Policy") outlines our practices regarding the collection, use, processing, and disclosure of your information when you use our global content delivery network, edge computing platforms, websites, and associated services (collectively, the "Services").
By accessing or using our Services, you signify your understanding of the terms set out in this Privacy Policy. This Policy complies with the European Union's General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable global data protection laws.
2. Data Controller Information
For the purposes of the GDPR and other relevant data protection laws, EdgeCDN Network Ltd is the data controller of your personal data. Our headquarters are located at:
EdgeCDN Network Ltd.
1 Canada Square, Canary Wharf
London E14 5AB
United Kingdom
If you have any questions or concerns regarding this Privacy Policy, please contact our Data Protection Officer (DPO) at privacy@edgecdn-static.com.
3. Information We Collect
We collect information to provide better services to all our users. The types of personal data we collect depend on how you interact with our Services:
3.1. Information You Provide to Us
- Account Information: When you register for an EdgeCDN account, we collect your full name, email address, company name, job title, phone number, and physical billing address.
- Payment Information: To process payments, we collect financial information such as credit card details or billing account information. This data is securely transmitted directly to our PCI-compliant payment processors (e.g., Stripe) and is not stored on EdgeCDN servers.
- Support Communications: When you contact our support team, we collect the content of your messages, attachments, and any other information you choose to provide.
3.2. Information Collected Automatically
- Log Data and Telemetry: When you use our Services, our servers automatically record information, including your IP address, browser type, operating system, referring URLs, device information, and diagnostic data related to your API usage and Edge Function execution.
- Network Traffic Data: As a CDN provider, we temporarily process network traffic metadata (such as IP addresses, timestamps, HTTP headers, and requested URLs) passing through our edge nodes to optimize delivery, detect DDoS attacks, and provide analytics to our customers. We act as a Data Processor for this specific type of data.
- Cookies and Tracking Technologies: We use cookies, web beacons, and similar tracking technologies to analyze trends, administer the website, track users' movements around the website, and gather demographic information.
4. How We Use Your Information
We strictly use your personal data for the following legitimate business purposes:
- Service Delivery: To operate, maintain, and provision our global CDN and edge compute infrastructure.
- Billing and Administration: To process transactions, send invoices, and manage your account lifecycle.
- Security and Fraud Prevention: To monitor network activity for malicious behavior, mitigate DDoS attacks, verify accounts, and maintain the integrity of our infrastructure.
- Product Improvement: To analyze usage patterns, conduct research, and develop new features or edge locations.
- Communication: To send administrative alerts, network status updates, security notifications, and marketing communications (subject to your opt-in preferences).
5. Data Processing and Legal Bases (GDPR)
If you are an individual in the European Economic Area (EEA), we collect and process information about you only where we have a legal basis for doing so under applicable EU laws. The legal bases depend on the Services you use and how you use them. This means we collect and use your information only where:
- We need it to provide you the Services, including to operate the Services, provide customer support, and protect the safety and security of the Services;
- It satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to market and promote the Services, and to protect our legal rights;
- You give us consent to do so for a specific purpose; or
- We need to process your data to comply with a legal obligation.
6. Data Retention
We retain personal data we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax, or accounting requirements).
When we have no ongoing legitimate business need to process your personal data, we will either securely delete or anonymize it. If this is not possible (for example, because your personal data has been stored in backup archives), then we will securely store your personal data and isolate it from any further processing until deletion is possible. Network logs containing IP addresses are typically retained for no longer than 30 days unless required for active security investigations.
7. International Data Transfers
As a global infrastructure provider, EdgeCDN processes and stores data across our global network of PoPs. Your personal data may be transferred to, and processed in, countries other than the country in which you are resident. These countries may have data protection laws that are different from the laws of your country.
However, we have taken appropriate safeguards to require that your personal data will remain protected in accordance with this Privacy Policy. These include implementing the European Commission's Standard Contractual Clauses (SCCs) for transfers of personal data between our group companies and with our third-party service providers.
8. Your Data Protection Rights
Depending on your location, you may have the following rights regarding your personal data:
- The right to access: You have the right to request copies of your personal data.
- The right to rectification: You have the right to request that we correct any information you believe is inaccurate or incomplete.
- The right to erasure ("Right to be forgotten"): You have the right to request that we erase your personal data, under certain conditions.
- The right to restrict processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
- The right to object to processing: You have the right to object to our processing of your personal data, under certain conditions.
- The right to data portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
To exercise any of these rights, please contact us at privacy@edgecdn-static.com. We have one month to respond to your request.
9. Security Measures
We implement robust, industry-standard technical and organizational security measures to protect your data. These include encryption at rest (AES-256) and in transit (TLS 1.3), strict access controls (Zero Trust architecture), multi-factor authentication for our staff, and continuous security auditing and penetration testing.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time in response to changing legal, technical, or business developments. When we update our Privacy Policy, we will take appropriate measures to inform you, consistent with the significance of the changes we make. We will obtain your consent to any material Privacy Policy changes if and where this is required by applicable data protection laws.