Last updated: January 1, 2025
In this policy, we lay out: what data we collect and why; how your data is handled; and your rights with respect to your data. We never sell your data.
Our guiding principle is to collect only what we need. Here's what that means in practice:
When you sign up for CSP Warden, we ask for identifying information such as your name, email address. That's so you can personalise your new account, and we can send you product updates and other essential information.
When we receive Content Security Policy reports from your websites, we collect and store the following information:
This information is necessary to provide you with detailed security insights and help you identify and fix CSP violations effectively.
All billing and payment processing is handled by our payment processor, Stripe. We do not collect or store any payment information, credit card details, or billing addresses on our servers. We only maintain a reference to your Stripe subscription ID to manage your account's active status.
We collect information about your browsing activity for analytics and statistical purposes such as conversion rate testing and experimenting with new product designs. This includes, for example, your browser and operating system versions, your IP address, which web pages you visited and how long they took to load, and which website referred you to us. If you have an account and are signed in, these web analytics data are tied to your IP address and user account until your account is no longer active.
We use some third-party subprocessors to help run our applications and provide the Services to you. We also use third-party processors for other business functions such as managing newsletter subscriptions and sending customer surveys.
If at any point we need to access your content to help you with a support case, we will ask for your consent before proceeding.
Warden Software Ltd is a UK company with its main data infrastructure located in the UK. We will only respond to requests from government authorities if compelled by UK law.
At CSP Warden, we strive to apply the same data rights to all customers, regardless of their location. These rights include:
All data is encrypted via SSL/TLS when transmitted from our servers to your browser. Database backups are also encrypted. In addition, we go to great lengths to secure your data at rest.
We keep your information for the time necessary for the purposes for which it is processed. For CSP reports, we retain the data for as long as your account is active. If you cancel your account, your data will be deleted within 60 days.
Your information will be processed and stored in Ireland (eu-west-1 region) on AWS and Heroku infrastructure. By using our service, you consent to this processing and storage of your information.
We may update this policy as needed to comply with relevant regulations and reflect any new practices. If we make significant changes, we will refresh the date at the top of this page and notify our customers.
Have any questions, comments, or concerns about this privacy policy, your data, or your rights with respect to your information? Please get in touch by emailing us at hi@cspwarden.com.