ArmoSense ArmoSense
  • Features
  • How It Works
  • Compare
  • Pricing
  • Sign In
  • Get Started
Legal

Privacy Policy

Last updated: 14 June 2026

1. Introduction

This Privacy Policy explains how Armologic Ltd (company number 15518194), registered at 86-90 Paul Street, London, EC2A 4NE, United Kingdom ("we", "us", "our") collects, uses, stores, and protects your personal data when you use the ArmoSense platform and associated services (the "Service").

We are committed to protecting your privacy and processing your personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable data protection laws.

2. Data Controller

Armologic Ltd is the data controller for personal data collected through the Service. For payment-related data, Paddle.com Market Limited acts as an independent data controller in its capacity as Merchant of Record.

3. What Data We Collect

3.1 Account Information

When you register for the Service, we collect:

  • Full name and display name
  • Email address
  • Company/organisation name
  • Password (stored as an Argon2id hash — we never store plaintext passwords)

3.2 Billing Information

Payment processing is handled entirely by Paddle. We do not collect, store, or have access to your credit card numbers or bank details. Paddle may collect:

  • Payment method details (processed by Paddle)
  • Billing address
  • Transaction history

Please refer to Paddle's Privacy Policy for details on how they process payment data.

3.3 Security Telemetry Data

When ArmoSense Agents are deployed on your servers, they collect and transmit security-relevant data to the Control Plane, including:

  • HTTP request metadata (method, path, headers, query parameters — NOT request bodies unless configured)
  • Source IP addresses of incoming requests to your application
  • Attack signatures and anomaly detection scores
  • WAF rule match details
  • Agent health and performance metrics

This data is collected solely for the purpose of providing security protection and threat analysis. IP addresses of attackers are logged for security purposes.

3.4 Usage Data

We automatically collect:

  • Log-in timestamps and session duration
  • Pages and features accessed within the dashboard
  • Browser type and operating system
  • IP address used to access the dashboard

3.5 Cookies

We use strictly necessary cookies for authentication and session management. We do not use advertising or tracking cookies. Our cookie usage is limited to:

  • Authentication cookie: Maintains your logged-in session (HttpOnly, Secure, SameSite=Lax).
  • Anti-forgery token: Prevents cross-site request forgery attacks.
  • Theme preference: Stores your light/dark mode preference (localStorage, not a cookie).

4. How We Use Your Data

We use your personal data for the following purposes:

Purpose Legal Basis (UK GDPR)
Providing and operating the Service Performance of contract (Art. 6(1)(b))
Processing payments (via Paddle) Performance of contract (Art. 6(1)(b))
Security threat detection and prevention Legitimate interest (Art. 6(1)(f))
Account security and fraud prevention Legitimate interest (Art. 6(1)(f))
Service improvement and analytics Legitimate interest (Art. 6(1)(f))
Customer support Performance of contract (Art. 6(1)(b))
Legal compliance and audit Legal obligation (Art. 6(1)(c))

5. Data Sharing

We share personal data only with:

  • Paddle.com Market Limited: Payment processing (Merchant of Record).
  • Infrastructure providers: We use DigitalOcean for hosting. Data is processed on servers located in the EU/EEA.
  • Legal requirements: We may disclose data if required by law, court order, or government request.

We do not sell your personal data. We do not share data with advertisers or marketing partners. We do not use your Customer Data to train machine learning models on third-party data.

6. Data Retention

Data Type Retention Period
Account information Duration of account + 30 days after deletion
Security telemetry Per your subscription tier (7–365 days)
Alert data Per your subscription tier (30–365 days)
Audit logs 2 years
Payment records 7 years (legal requirement)

7. Data Security

We implement appropriate technical and organisational measures to protect your data, including:

  • Encryption in transit (TLS 1.3) and at rest
  • Argon2id password hashing
  • Row-level security (RLS) for multi-tenant data isolation
  • Mutual TLS (mTLS) for Agent-to-Control Plane communication
  • Ed25519 digital signatures for bundle integrity
  • Regular security assessments and penetration testing
  • Access controls and audit logging

8. International Data Transfers

Your data is primarily stored and processed within the European Economic Area (EEA). If data is transferred outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission.

9. Your Rights

Under the UK GDPR, you have the following rights:

  • Right of Access: Request a copy of your personal data.
  • Right to Rectification: Request correction of inaccurate data.
  • Right to Erasure: Request deletion of your personal data ("right to be forgotten").
  • Right to Restriction: Request restriction of processing.
  • Right to Data Portability: Receive your data in a structured, machine-readable format.
  • Right to Object: Object to processing based on legitimate interest.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, please contact us at privacy@armologic.com. We will respond within 30 days.

10. Children's Privacy

The Service is not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service. The "Last updated" date at the top indicates when the policy was last revised.

12. Supervisory Authority

If you are not satisfied with our handling of your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

  • https://ico.org.uk
  • Phone: 0303 123 1113

13. Contact Us

For privacy-related enquiries:

  • Armologic Ltd
  • 86-90 Paul Street
  • London, EC2A 4NE
  • United Kingdom
  • Email: privacy@armologic.com
  • Web: armologic.com
ArmoSense ArmoSense

Next-generation WAF & RASP protection platform with ML-powered threat detection and real-time alerting for modern web applications.

Platform
  • WAF Protection
  • RASP Runtime Defense
  • ML Anomaly Detection
  • Compare WAFs
  • Pricing
Company
  • Armologic
  • ArmoScan
  • Contact
Legal
  • Terms of Service
  • Privacy Policy
  • Refund Policy
Armologic

© 2026 Armologic Ltd. All rights reserved.

86-90 Paul Street, London EC2A 4NE, United Kingdom