Privacy Policy

home/termsconditions/privacy

Last Updated: March 27, 2026

This Privacy Policy ("Policy") describes how DIAMWALL, LDA ("DiamWall", "we", "us", or "our"), a company incorporated under Portuguese law with registered office at R. Fialho de Almeida 14 2 esq, 1070-129 Lisboa, Portugal, collects, uses, shares, and protects personal data in connection with our Websites and Services.

This Policy is issued in accordance with Regulation (EU) 2016/679 (the "GDPR"), Portuguese Law no. 58/2019 of 8 August implementing the GDPR, and Law no. 41/2004 of 18 August on privacy in electronic communications. The GDPR applies to all data subjects in the European Economic Area ("EEA") and governs all personal data processing described herein. References to "personal data" have the meaning given in Article 4(1) GDPR.

DiamWall is committed to processing personal data transparently, lawfully, and only for the purposes described in this Policy. We do not sell, rent, or trade personal data.

For data protection enquiries or to exercise your rights, contact us at: privacy@diamwall.com

1. DATA CONTROLLER AND PROCESSOR

As data controller: DiamWall (DIAMWALL, LDA) is the data controller for personal data collected directly from Website Visitors, Customers, and Administrative Users as described in this Policy.

As data processor: When DiamWall provides CDN, security, and network Services to its Customers, DiamWall acts as a data processor on behalf of those Customers with respect to: Customer Logs, Administrative User activity logs, account configuration data, and any personal data of End Users that transits or is stored on DiamWall's network. In such cases, DiamWall processes that data solely pursuant to Customer instructions and in accordance with the DiamWall Data Processing Addendum ("DPA") where applicable. Where the DPA applies, it forms part of the relevant customer agreement and governs processor-related obligations under Article 28 GDPR.

Our Customers are independently responsible for establishing lawful bases for and ensuring their own compliance with applicable data protection law in relation to the End Users they interact with through DiamWall's Services.

2. SCOPE OF THIS POLICY

This Policy applies to the following categories of data subjects:

Website Visitors: Those who visit DiamWall's Websites (collectively, www.diamwall.com and any other websites operated by DiamWall that link to this Policy), including those who provide contact information, submit feedback, or participate in surveys. "Websites" does not include sites owned or operated by DiamWall Customers.
Customers: Individuals or entities who enter into a subscription agreement with DiamWall. "Services" means all cloud-based solutions offered by DiamWall designed to increase the performance, security, and availability of Internet properties, including associated software, SDKs, and APIs.
Administrative Users: Those with login credentials for a DiamWall account who administer the Services on behalf of a Customer.
End Users: Those who access or use Customers' domains, networks, websites, APIs, or applications that are served through DiamWall's network.

This Policy does not apply to DiamWall Customers' own websites, APIs, applications, or networks, which are governed by those Customers' own privacy policies.

DiamWall's Websites and Services are not directed at children under the age of 16. We do not knowingly collect personal data from anyone under 16. If we become aware that we hold personal data of a person under 16, we will delete it promptly.

When DiamWall operates as a reverse proxy, our IP addresses may appear in WHOIS and DNS records. We are a conduit for content controlled by our Customers, who are responsible for the content transmitted across our network.

3. PERSONAL DATA WE COLLECT

3.1 Website Visitors

Contact information: Name, email address, and other details you provide voluntarily when submitting web forms, signing up for communications, requesting support, submitting feedback, or participating in surveys or promotions.
Log data: IP addresses, browser type, operating system, referring URLs, pages visited, and language preferences, collected automatically when you visit our Websites.
Cookie data: Information collected via cookies and similar tracking technologies, as described in our Cookie Policy. Non-essential cookies are placed only with your prior consent.

3.2 Customers and Administrative Users

Account information: Customer name, email address(es) of account administrators, telephone number, billing address, account configuration settings, and firewall or security configuration details for domains under management. We also maintain logs of Administrative User activity within accounts (e.g., configuration changes).
Payment information: Payment and billing information is required only for paid subscriptions. We collect card type and billing address; we do not store full card numbers or personal account numbers, which are handled directly by our PCI-DSS compliant payment processor.
Crash reports: Where DiamWall Services encounter an unexpected error, Customers may be invited to submit a crash report. Customers can review and redact any personal data before submission.

3.3 End Users

Network logs: When End Users access Customer websites, applications, or networks served through DiamWall's infrastructure, we process logs that may include IP addresses, system configuration information, and traffic metadata. This data is processed on behalf of the relevant Customer (see Section 1 — data processor role). "Customer Logs" made available to Customers via the Service dashboard are processed under the applicable DPA.

3.4 Network Data

DiamWall collects and processes Network Data — models, observations, analyses, statistics, and other information created or derived from server, network, or traffic data generated in the course of providing our Services. This includes service uptime metrics, request volumes, error rates, cache rates, malware origin and nature, and IP threat scores. Where Network Data is derived from personal data, it is processed on the legal basis of legitimate interests (Article 6(1)(f) GDPR) to maintain the security and integrity of our network.

3.5 Data from Third Parties

DiamWall may receive limited personal data from third-party service providers that support the operation of our Services, such as payment providers, fraud-prevention providers, analytics providers, or error-monitoring providers. Where we combine such information with data we already hold, we do so only where we have an appropriate legal basis and only for the purposes described in this Policy.

4. LEGAL BASES AND PURPOSES OF PROCESSING

DiamWall processes personal data only where a valid legal basis under Article 6 GDPR exists. The table below maps each processing purpose to its legal basis:

Purpose	Legal Basis (Art. 6 GDPR)
Providing, operating, and maintaining the Websites and Services	Art. 6(1)(b) — performance of a contract
Processing transactions and sending related information (invoices, confirmations)	Art. 6(1)(b) — performance of a contract
Sending transactional and technical communications (support, security alerts, service notices)	Art. 6(1)(b) — performance of a contract; Art. 6(1)(f) — legitimate interests
Network security, bot detection, fraud prevention, and abuse mitigation	Art. 6(1)(f) — legitimate interests in maintaining a secure network
Analytics and service improvement (aggregated, statistical)	Art. 6(1)(f) — legitimate interests in improving our Services
Sending commercial communications and marketing (newsletters, promotions, product news)	Art. 6(1)(a) — consent; or Art. 6(1)(f) — legitimate interests for existing customers (soft opt-in)
Remembering website preferences where non-essential technologies are used	Art. 6(1)(a) — consent
Analytics cookies and similar non-essential technologies used on our Websites	Art. 6(1)(a) — consent (via the cookie banner, where applicable)
Compliance with legal obligations (tax, accounting, consumer protection, and lawful disclosure obligations)	Art. 6(1)(c) — legal obligation
Responding to lawful requests from public authorities	Art. 6(1)(c) — legal obligation
Processing data as data processor on behalf of Customers (CDN, security, network services)	Processing carried out on Customer instructions under the applicable customer agreement and DPA

Where DiamWall relies on legitimate interests (Article 6(1)(f)) as its legal basis, we have carried out a balancing test and concluded that our interests are not overridden by your rights and freedoms. You may request a copy of our legitimate interests assessment by contacting privacy@diamwall.com.

Where DiamWall relies on consent (Article 6(1)(a)) as its legal basis, you may withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

5. DATA AGGREGATION

DiamWall may aggregate and anonymise personal data collected from Customers, Administrative Users, and End Users to produce statistical insights about service usage, performance, and security trends. Truly anonymised data — from which no individual can be identified — is not personal data under the GDPR and may be shared with third parties or published without restriction.

6. INFORMATION SHARING

DiamWall does not sell, rent, or trade personal data. We may share personal data only in the following circumstances:

Service Providers: DiamWall works with carefully selected third-party service providers who assist in delivering customer support, payment processing, error monitoring, website analytics, live chat, and other operational functions. These may include providers such as Revolut for payment processing and card acquiring. Service Providers are engaged under data processing agreements or other appropriate contractual arrangements, as applicable, and are permitted to process personal data only as necessary to provide their services to us and in compliance with applicable data protection law. DiamWall does not permit Service Providers to use personal data for their own marketing purposes on our behalf. Some providers, such as payment service providers, may also process personal data as independent controllers for their own legal, regulatory, fraud prevention, or compliance purposes.
Within the DiamWall Group: DIAMWALL, LDA and any future affiliates involved in providing the Services, each bound by equivalent data protection obligations.
Resellers and sales partners: Partners who assist DiamWall in distributing its Services, subject to contractual restrictions consistent with this Policy.
Business transactions: In the event of a merger, acquisition, sale, reorganisation, or change of control of all or part of DiamWall's business, personal data may be transferred to the successor entity. Where required by applicable law, affected data subjects will be notified in advance and, where the new controller intends to process personal data for materially different purposes, will be given the opportunity to object.
Legal and regulatory disclosures: DiamWall may disclose personal data where required to comply with a legal obligation, court order, or lawful request from a competent public authority (including EU or Portuguese law enforcement or regulatory bodies). Where legally permissible, DiamWall will notify affected data subjects of such a request. DiamWall will only disclose the minimum personal data necessary to comply with the applicable legal obligation.
Protection of rights and safety: Where DiamWall has a good-faith belief that sharing is necessary to prevent illegal activity, fraud, or threats to the safety of any person, or to enforce DiamWall's Terms of Use.
With your consent: For any other purposes, only with your prior explicit consent.

7. INTERNATIONAL TRANSFERS OF PERSONAL DATA

DiamWall is headquartered in Portugal and primarily stores personal data within the European Economic Area. In the course of providing its Services, DiamWall may transfer personal data to third countries outside the EEA (including the United States, where certain infrastructure and service providers are located).

All transfers of personal data from the EEA to third countries are subject to appropriate safeguards as required by Chapter V GDPR. DiamWall relies on one or more of the following transfer mechanisms:

Adequacy decisions of the European Commission — for example, the EU–US Data Privacy Framework (DPF), adopted on 10 July 2023, for transfers to DPF-certified organisations in the United States.
Standard Contractual Clauses (SCCs) — the clauses adopted by the European Commission under Article 46(2)(c) GDPR, for transfers to processors or controllers in countries without an adequacy decision.

You may obtain further details about the specific transfer safeguards applicable to any given transfer, including copies of SCCs where relevant, by contacting us at privacy@diamwall.com.

Note: DiamWall no longer relies on the EU-US Privacy Shield or Swiss-US Privacy Shield frameworks, which were invalidated by the Court of Justice of the European Union in Data Protection Commissioner v. Facebook Ireland Limited and Maximillian Schrems (Case C-311/18, "Schrems II") on 16 July 2020. Any prior references to Privacy Shield in older versions of this Policy are superseded in their entirety by this Section 7.

8. DATA RETENTION

DiamWall retains personal data only for as long as is necessary for the purposes for which it was collected, as required by applicable law, or as needed to resolve disputes and enforce our agreements. The following indicative retention periods apply:

Customer and Administrative User account data: Retained for the duration of the contractual relationship and for up to 7 years thereafter, to comply with Portuguese and EU tax and accounting obligations.
Website Visitor contact information and enquiry data: Retained for up to 3 years from the date of last contact, unless a shorter period is requested by the data subject.
Network and traffic logs: Retained for up to 30 days for operational and security purposes, unless a longer period is required to investigate a specific security incident or comply with a legal obligation.
Payment information: Retained for up to 7 years to comply with Portuguese fiscal law and anti-money-laundering requirements.
Domain Registrant data: Retained for the duration of the registration and for such further period as required by ICANN policies and applicable law.
Marketing and communication preferences: Retained until you opt out or withdraw consent, and for up to 3 years thereafter to evidence the withdrawal.

At the end of the applicable retention period, personal data is securely deleted or anonymised in accordance with DiamWall's internal data deletion procedures.

9. YOUR DATA SUBJECT RIGHTS

As a data subject in the EEA or Portugal, you have the following rights under the GDPR, which you may exercise free of charge:

Right of access (Art. 15 GDPR): To obtain confirmation of whether we process your personal data and, if so, to receive a copy of it together with information about the purposes, categories, recipients, and retention periods.
Right to rectification (Art. 16 GDPR): To request correction of inaccurate or incomplete personal data. Customers and Administrative Users may also update their account information directly at diamwall.com.
Right to erasure (Art. 17 GDPR): To request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, where you have withdrawn consent, or where processing is unlawful.
Right to restriction (Art. 18 GDPR): To request that we restrict processing of your personal data in certain circumstances (e.g., while the accuracy of data is contested).
Right to data portability (Art. 20 GDPR): To receive personal data you have provided to us in a structured, commonly used, machine-readable format, and to transmit it to another controller, where processing is based on consent or contract and carried out by automated means.
Right to object (Art. 21 GDPR): To object at any time to processing of your personal data based on legitimate interests (Art. 6(1)(f)), including profiling for marketing purposes. Where you object to processing for direct marketing, we will cease processing your data for that purpose immediately.
Right to withdraw consent (Art. 7(3) GDPR): Where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
Rights related to automated decision-making (Art. 22 GDPR): DiamWall does not currently make decisions that produce legal or similarly significant effects on individuals based solely on automated processing (including profiling). Should this change, we will update this Policy and provide appropriate safeguards and information.

To exercise any of these rights, please submit a written request to privacy@diamwall.com. We will respond within one month of receipt and verification of your identity. In complex or multiple-request cases, we may extend this period by a further two months in accordance with Article 12(3) GDPR, in which case we will notify you of the extension and the reasons for it within the first month.

We may need to verify your identity before processing your request. Where a request relates to the personal data of another individual, we will balance that request against the rights of the other person.

10. COMMUNICATION PREFERENCES

DiamWall will send commercial communications (newsletters, product updates, promotions) only in accordance with your communication preferences and applicable law. You may manage or withdraw your communication preferences at any time by:

Clicking the "unsubscribe" link in any commercial email we send;
Updating your preferences in your DiamWall account settings at diamwall.com; or
Emailing us at unsubscribe@diamwall.com.

Please note that even if you opt out of commercial communications, DiamWall will continue to send you transactional and service-related messages (such as security alerts, invoices, and technical notices), which are necessary for the performance of our contract with you.

11. DATA SECURITY AND BREACH NOTIFICATION

DiamWall implements appropriate technical and organisational security measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures include encryption in transit and at rest, access controls, network segmentation, and regular security testing.

In the event of a personal data breach, DiamWall will comply with its notification obligations under Articles 33 and 34 GDPR. This means:

Notification to the CNPD (Art. 33 GDPR): Where a breach is likely to result in a risk to the rights and freedoms of individuals, DiamWall will notify the Comissão Nacional de Proteção de Dados (CNPD) within 72 hours of becoming aware of the breach, where feasible.
Notification to data subjects (Art. 34 GDPR): Where a breach is likely to result in a high risk to your rights and freedoms, DiamWall will communicate the breach to you directly without undue delay, including information about the nature of the breach, the likely consequences, and the measures taken or proposed to address it.

If you have concerns about the security of your personal data, please contact us at privacy@diamwall.com.

12. RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with the competent data protection supervisory authority if you consider that our processing of your personal data infringes the GDPR or applicable Portuguese data protection law.

The competent supervisory authority for DiamWall is:

Comissão Nacional de Proteção de Dados (CNPD)
Av. D. Carlos I, 134 – 1.º
1200-651 Lisboa, Portugal
Website: https://www.cnpd.pt
Email: geral@cnpd.pt
Phone: +351 213 928 400

If you are habitually resident in another EU Member State, you also have the right to lodge a complaint with the supervisory authority of the Member State of your habitual residence or place of work.

We encourage you to contact us first at privacy@diamwall.com so that we can attempt to resolve your concern before you escalate it to a supervisory authority.

13. BUSINESS TRANSACTIONS

In the event of a merger, sale, change of control, or reorganisation of all or part of DiamWall's business, personal data held by DiamWall may be transferred to the relevant successor entity as part of that transaction. Where required by applicable law, DiamWall will notify affected data subjects before their personal data is transferred to a new controller, and will ensure that any successor entity provides equivalent protections to those described in this Policy. If the successor entity intends to process personal data for materially different purposes, affected data subjects will be informed and given the opportunity to object or request deletion before such processing begins.

14. CHANGES TO THIS POLICY

DiamWall may update this Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. Where we make material changes, we will notify you by posting a prominent notice on our Websites and, where required by law, by seeking your renewed consent. The "Last Updated" date at the top of this Policy indicates when it was last revised. We encourage you to review this Policy periodically.

This Policy is available in English. Where translations into other languages are provided, they are for convenience only; in the event of any conflict or ambiguity, the English version shall prevail. However, DiamWall is committed to making this Policy accessible and understandable to all users, and will endeavour to provide a Portuguese-language version in accordance with Article 12 GDPR.

15. CONTACT INFORMATION

The data controller responsible for your personal data is:

DIAMWALL, LDA
R. Fialho de Almeida 14 2 esq
1070-129 Lisboa
Portugal

For all data protection and privacy enquiries, including to exercise your rights under Section 9 of this Policy, please contact us at:

Email: privacy@diamwall.com
Postal: DIAMWALL, LDA, R. Fialho de Almeida 14 2 esq, 1070-129 Lisboa, Portugal, Attn: Privacy

For general support enquiries: support@diamwall.com
For legal and law enforcement enquiries: legal@diamwall.com
For data subject access requests: privacy@diamwall.com

Privacy Policy

home/termsconditions/privacy

Last Updated: March 27, 2026

DiamWall is committed to processing personal data transparently, lawfully, and only for the purposes described in this Policy. We do not sell, rent, or trade personal data.

For data protection enquiries or to exercise your rights, contact us at: privacy@diamwall.com

1. DATA CONTROLLER AND PROCESSOR

As data controller: DiamWall (DIAMWALL, LDA) is the data controller for personal data collected directly from Website Visitors, Customers, and Administrative Users as described in this Policy.

2. SCOPE OF THIS POLICY

This Policy applies to the following categories of data subjects:

Website Visitors: Those who visit DiamWall's Websites (collectively, www.diamwall.com and any other websites operated by DiamWall that link to this Policy), including those who provide contact information, submit feedback, or participate in surveys. "Websites" does not include sites owned or operated by DiamWall Customers.
Customers: Individuals or entities who enter into a subscription agreement with DiamWall. "Services" means all cloud-based solutions offered by DiamWall designed to increase the performance, security, and availability of Internet properties, including associated software, SDKs, and APIs.
Administrative Users: Those with login credentials for a DiamWall account who administer the Services on behalf of a Customer.
End Users: Those who access or use Customers' domains, networks, websites, APIs, or applications that are served through DiamWall's network.

This Policy does not apply to DiamWall Customers' own websites, APIs, applications, or networks, which are governed by those Customers' own privacy policies.

3. PERSONAL DATA WE COLLECT

3.1 Website Visitors

Contact information: Name, email address, and other details you provide voluntarily when submitting web forms, signing up for communications, requesting support, submitting feedback, or participating in surveys or promotions.
Log data: IP addresses, browser type, operating system, referring URLs, pages visited, and language preferences, collected automatically when you visit our Websites.
Cookie data: Information collected via cookies and similar tracking technologies, as described in our Cookie Policy. Non-essential cookies are placed only with your prior consent.

3.2 Customers and Administrative Users

Account information: Customer name, email address(es) of account administrators, telephone number, billing address, account configuration settings, and firewall or security configuration details for domains under management. We also maintain logs of Administrative User activity within accounts (e.g., configuration changes).
Payment information: Payment and billing information is required only for paid subscriptions. We collect card type and billing address; we do not store full card numbers or personal account numbers, which are handled directly by our PCI-DSS compliant payment processor.
Crash reports: Where DiamWall Services encounter an unexpected error, Customers may be invited to submit a crash report. Customers can review and redact any personal data before submission.

3.3 End Users

Network logs: When End Users access Customer websites, applications, or networks served through DiamWall's infrastructure, we process logs that may include IP addresses, system configuration information, and traffic metadata. This data is processed on behalf of the relevant Customer (see Section 1 — data processor role). "Customer Logs" made available to Customers via the Service dashboard are processed under the applicable DPA.

3.4 Network Data

3.5 Data from Third Parties

4. LEGAL BASES AND PURPOSES OF PROCESSING

DiamWall processes personal data only where a valid legal basis under Article 6 GDPR exists. The table below maps each processing purpose to its legal basis:

Purpose	Legal Basis (Art. 6 GDPR)
Providing, operating, and maintaining the Websites and Services	Art. 6(1)(b) — performance of a contract
Processing transactions and sending related information (invoices, confirmations)	Art. 6(1)(b) — performance of a contract
Sending transactional and technical communications (support, security alerts, service notices)	Art. 6(1)(b) — performance of a contract; Art. 6(1)(f) — legitimate interests
Network security, bot detection, fraud prevention, and abuse mitigation	Art. 6(1)(f) — legitimate interests in maintaining a secure network
Analytics and service improvement (aggregated, statistical)	Art. 6(1)(f) — legitimate interests in improving our Services
Sending commercial communications and marketing (newsletters, promotions, product news)	Art. 6(1)(a) — consent; or Art. 6(1)(f) — legitimate interests for existing customers (soft opt-in)
Remembering website preferences where non-essential technologies are used	Art. 6(1)(a) — consent
Analytics cookies and similar non-essential technologies used on our Websites	Art. 6(1)(a) — consent (via the cookie banner, where applicable)
Compliance with legal obligations (tax, accounting, consumer protection, and lawful disclosure obligations)	Art. 6(1)(c) — legal obligation
Responding to lawful requests from public authorities	Art. 6(1)(c) — legal obligation
Processing data as data processor on behalf of Customers (CDN, security, network services)	Processing carried out on Customer instructions under the applicable customer agreement and DPA

5. DATA AGGREGATION

6. INFORMATION SHARING

DiamWall does not sell, rent, or trade personal data. We may share personal data only in the following circumstances:

Service Providers: DiamWall works with carefully selected third-party service providers who assist in delivering customer support, payment processing, error monitoring, website analytics, live chat, and other operational functions. These may include providers such as Revolut for payment processing and card acquiring. Service Providers are engaged under data processing agreements or other appropriate contractual arrangements, as applicable, and are permitted to process personal data only as necessary to provide their services to us and in compliance with applicable data protection law. DiamWall does not permit Service Providers to use personal data for their own marketing purposes on our behalf. Some providers, such as payment service providers, may also process personal data as independent controllers for their own legal, regulatory, fraud prevention, or compliance purposes.
Within the DiamWall Group: DIAMWALL, LDA and any future affiliates involved in providing the Services, each bound by equivalent data protection obligations.
Resellers and sales partners: Partners who assist DiamWall in distributing its Services, subject to contractual restrictions consistent with this Policy.
Business transactions: In the event of a merger, acquisition, sale, reorganisation, or change of control of all or part of DiamWall's business, personal data may be transferred to the successor entity. Where required by applicable law, affected data subjects will be notified in advance and, where the new controller intends to process personal data for materially different purposes, will be given the opportunity to object.
Legal and regulatory disclosures: DiamWall may disclose personal data where required to comply with a legal obligation, court order, or lawful request from a competent public authority (including EU or Portuguese law enforcement or regulatory bodies). Where legally permissible, DiamWall will notify affected data subjects of such a request. DiamWall will only disclose the minimum personal data necessary to comply with the applicable legal obligation.
Protection of rights and safety: Where DiamWall has a good-faith belief that sharing is necessary to prevent illegal activity, fraud, or threats to the safety of any person, or to enforce DiamWall's Terms of Use.
With your consent: For any other purposes, only with your prior explicit consent.

7. INTERNATIONAL TRANSFERS OF PERSONAL DATA

Adequacy decisions of the European Commission — for example, the EU–US Data Privacy Framework (DPF), adopted on 10 July 2023, for transfers to DPF-certified organisations in the United States.
Standard Contractual Clauses (SCCs) — the clauses adopted by the European Commission under Article 46(2)(c) GDPR, for transfers to processors or controllers in countries without an adequacy decision.

You may obtain further details about the specific transfer safeguards applicable to any given transfer, including copies of SCCs where relevant, by contacting us at privacy@diamwall.com.

8. DATA RETENTION

Customer and Administrative User account data: Retained for the duration of the contractual relationship and for up to 7 years thereafter, to comply with Portuguese and EU tax and accounting obligations.
Website Visitor contact information and enquiry data: Retained for up to 3 years from the date of last contact, unless a shorter period is requested by the data subject.
Network and traffic logs: Retained for up to 30 days for operational and security purposes, unless a longer period is required to investigate a specific security incident or comply with a legal obligation.
Payment information: Retained for up to 7 years to comply with Portuguese fiscal law and anti-money-laundering requirements.
Domain Registrant data: Retained for the duration of the registration and for such further period as required by ICANN policies and applicable law.
Marketing and communication preferences: Retained until you opt out or withdraw consent, and for up to 3 years thereafter to evidence the withdrawal.

At the end of the applicable retention period, personal data is securely deleted or anonymised in accordance with DiamWall's internal data deletion procedures.

9. YOUR DATA SUBJECT RIGHTS

As a data subject in the EEA or Portugal, you have the following rights under the GDPR, which you may exercise free of charge:

Right of access (Art. 15 GDPR): To obtain confirmation of whether we process your personal data and, if so, to receive a copy of it together with information about the purposes, categories, recipients, and retention periods.
Right to rectification (Art. 16 GDPR): To request correction of inaccurate or incomplete personal data. Customers and Administrative Users may also update their account information directly at diamwall.com.
Right to erasure (Art. 17 GDPR): To request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, where you have withdrawn consent, or where processing is unlawful.
Right to restriction (Art. 18 GDPR): To request that we restrict processing of your personal data in certain circumstances (e.g., while the accuracy of data is contested).
Right to data portability (Art. 20 GDPR): To receive personal data you have provided to us in a structured, commonly used, machine-readable format, and to transmit it to another controller, where processing is based on consent or contract and carried out by automated means.
Right to object (Art. 21 GDPR): To object at any time to processing of your personal data based on legitimate interests (Art. 6(1)(f)), including profiling for marketing purposes. Where you object to processing for direct marketing, we will cease processing your data for that purpose immediately.
Right to withdraw consent (Art. 7(3) GDPR): Where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
Rights related to automated decision-making (Art. 22 GDPR): DiamWall does not currently make decisions that produce legal or similarly significant effects on individuals based solely on automated processing (including profiling). Should this change, we will update this Policy and provide appropriate safeguards and information.

10. COMMUNICATION PREFERENCES

Clicking the "unsubscribe" link in any commercial email we send;
Updating your preferences in your DiamWall account settings at diamwall.com; or
Emailing us at unsubscribe@diamwall.com.

11. DATA SECURITY AND BREACH NOTIFICATION

In the event of a personal data breach, DiamWall will comply with its notification obligations under Articles 33 and 34 GDPR. This means:

Notification to the CNPD (Art. 33 GDPR): Where a breach is likely to result in a risk to the rights and freedoms of individuals, DiamWall will notify the Comissão Nacional de Proteção de Dados (CNPD) within 72 hours of becoming aware of the breach, where feasible.
Notification to data subjects (Art. 34 GDPR): Where a breach is likely to result in a high risk to your rights and freedoms, DiamWall will communicate the breach to you directly without undue delay, including information about the nature of the breach, the likely consequences, and the measures taken or proposed to address it.

If you have concerns about the security of your personal data, please contact us at privacy@diamwall.com.

12. RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY

The competent supervisory authority for DiamWall is:

Comissão Nacional de Proteção de Dados (CNPD)
Av. D. Carlos I, 134 – 1.º
1200-651 Lisboa, Portugal
Website: https://www.cnpd.pt
Email: geral@cnpd.pt
Phone: +351 213 928 400

If you are habitually resident in another EU Member State, you also have the right to lodge a complaint with the supervisory authority of the Member State of your habitual residence or place of work.

We encourage you to contact us first at privacy@diamwall.com so that we can attempt to resolve your concern before you escalate it to a supervisory authority.

13. BUSINESS TRANSACTIONS

14. CHANGES TO THIS POLICY

15. CONTACT INFORMATION

The data controller responsible for your personal data is:

DIAMWALL, LDA
R. Fialho de Almeida 14 2 esq
1070-129 Lisboa
Portugal

For all data protection and privacy enquiries, including to exercise your rights under Section 9 of this Policy, please contact us at:

Email: privacy@diamwall.com
Postal: DIAMWALL, LDA, R. Fialho de Almeida 14 2 esq, 1070-129 Lisboa, Portugal, Attn: Privacy

For general support enquiries: support@diamwall.com
For legal and law enforcement enquiries: legal@diamwall.com
For data subject access requests: privacy@diamwall.com

DiamWall is a global Content Delivery Network built to secure networks with an in-house developed, next-generation automated mitigation solution that ensures security, privacy, speed, and reliability against cyber attacks.

DiamWall

Products

Knowledge

Technologies

Blog

About Us

DiamWall

Contact

Cookies Policy

Self-Serve Agreement

Website Terms

Data Processing Addendum

Get In Touch

E-mail: support@diamwall.com

Phone: (+351) 968 689 784

Address: Rua Fialho de Almeida 14, 2 Esq, Esc. BS09 Lisboa, Portugal

Privacy Policy

Last Updated: March 27, 2026

1. DATA CONTROLLER AND PROCESSOR

2. SCOPE OF THIS POLICY

3. PERSONAL DATA WE COLLECT

3.1 Website Visitors

3.2 Customers and Administrative Users

3.3 End Users

3.4 Network Data

3.5 Data from Third Parties

4. LEGAL BASES AND PURPOSES OF PROCESSING

5. DATA AGGREGATION

6. INFORMATION SHARING

7. INTERNATIONAL TRANSFERS OF PERSONAL DATA

8. DATA RETENTION

9. YOUR DATA SUBJECT RIGHTS

10. COMMUNICATION PREFERENCES

11. DATA SECURITY AND BREACH NOTIFICATION

12. RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY

13. BUSINESS TRANSACTIONS

14. CHANGES TO THIS POLICY

15. CONTACT INFORMATION

DiamWall

DiamWall

Get In Touch

Copyright ©2026 DiamWall All Rights Reserved.

Privacy Policy

Last Updated: March 27, 2026

1. DATA CONTROLLER AND PROCESSOR

2. SCOPE OF THIS POLICY

3. PERSONAL DATA WE COLLECT

3.1 Website Visitors

3.2 Customers and Administrative Users

3.3 End Users

3.4 Network Data

3.5 Data from Third Parties

4. LEGAL BASES AND PURPOSES OF PROCESSING

5. DATA AGGREGATION

6. INFORMATION SHARING

7. INTERNATIONAL TRANSFERS OF PERSONAL DATA

8. DATA RETENTION

9. YOUR DATA SUBJECT RIGHTS

10. COMMUNICATION PREFERENCES

11. DATA SECURITY AND BREACH NOTIFICATION

12. RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY

13. BUSINESS TRANSACTIONS

14. CHANGES TO THIS POLICY

15. CONTACT INFORMATION

DiamWall

DiamWall

Get In Touch

Copyright ©2026 DiamWall All Rights Reserved.