Privacy Policy

At Corsfix, we take data privacy seriously and are committed to being transparent about the information we collect, how we use it, and how we keep it secure. This policy outlines our practices for protecting your data.

General Policy

The following policies apply when you interact with our website and dashboard.

Data We Collect

When you sign up for a Corsfix account, we collect your full name and email address. This information allows us to provide our services and verify your payment details. By registering with Corsfix, you consent to the processing of your personal data. Registration and account creation are not possible without submitting the required information.

How We Protect Your Data

We take strong measures to protect your data by using the latest encryption methods and ensuring that sensitive information is never stored in plain text. Encrypted traffic and communication are used across all critical parts of our system to ensure the safety of your data at every step.

Billing Information

Your credit card details are never stored on our servers. Instead, we rely on Polar.sh, a secure payment provider, to process and store your billing information safely.

Your Data Rights

You have the right to request from Corsfix access to or removal of your personal data. To exercise these rights, contact [email protected].

Anonymous Non-Personal Data Policy

To provide users with the best possible website experience, we may collect anonymous information about browser activity. This may include, but is not limited to, the name of the browser used and pages visited. This data is collected through an anonymous analytics service called Umami.is, which tracks non-personal data and does not collect any user identifiable information.

Web Browser Cookie Policy

Our website might use cookies to operate normally. They allow you to log into the dashboard and provide anonymous statistics about your visit to help enhance the user experience of our website.

Proxy Service Policy

The following policies apply when you use the CORS proxy service.

Data You Provide

We store the following information about your application when you choose to add it to your account. This data is used exclusively to provide our proxy service and can be edited or deleted at any time from your dashboard:

• Your website's origin URL
• Target domain you plan to call (optional)

Secrets

If you choose to store a secret (using the "Secrets" feature) for use when proxying your request, the secret data is encrypted at rest using layered encryption and decrypts only in memory when needed to send your proxied request. Removing the secret in the dashboard deletes the data immediately.

Cached Response and CDN Replication

When you use cached responses, we may store copies of the response data in our edge CDN to ensure requests are served faster. Cached objects have a certain TTL (time to live). Requests to the proxy without caching do not write anything to the CDN.

No Access Logs

We do not log or store access logs (no URL, headers, or body). We retain only aggregated performance metrics, which include but are not limited to latency, success rates, request count, status code, and bandwidth usage.

Operational Diagnostics

To maintain service reliability and quickly resolve technical issues, we may capture stack traces and diagnostic information when system errors occur. This data is used exclusively for operational troubleshooting and is automatically purged after 30 days.

Web Application Firewall (WAF)

To safeguard our service, we place a Web Application Firewall in front of our servers. The WAF inspects every incoming request in real time and only records information when a request breaches our security rules (e.g., DDoS attacks, known malicious traffic signature).

• What gets logged: includes but is not limited to the source IP, user-agent, and request path
• Legitimate requests that pass all rules are not recorded to the WAF logs
• WAF logs are stored in an isolated system, separate from our performance metrics, and are automatically purged in under 72 hours