Platform Compliance How it works Compare Pricing Partners
Book a demo Start free
  • Platform
  • Compliance
  • How it works
  • Compare
  • Pricing
  • Partners
  • PCI DSS Firewall
  • Firewall Audit
  • Secure NAT Gateway
  • AWS Network Firewall Cost
  • Azure Firewall Cost
  • AWS NAT Gateway Cost
  • Azure NAT Gateway Cost
  • Savings Calculator
  • MSSP / MSP Platform
  • White-Label Firewall
  • Articles
Start free Book a demo

Legal

Privacy Policy

Last updated: July 2026

Enforza (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy outlines how we collect, use, and safeguard your personal information when you use our cloud-based firewall and networking services, including our marketing website, management portal and APIs. It also sets out the lawful bases on which we process your personal data and the rights you have over it.

1. Who we are — data controller

Enforza is a product and trading name of Synvu Limited, a company registered in England & Wales (Company No. 15761962), with its registered office at 71–75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom.

For the personal data described in this policy, Synvu Limited is the data controller. If you have any questions about this policy or how we handle your personal data, contact us at contact@enforza.io or by post at the registered office above.

Where we use third-party advertising and analytics services (see §6), those providers may act as separate or joint controllers for the data they receive; we link to their own privacy statements in the relevant sections below.

2. Overview

We care about privacy. We do not sell your personal data. We only use your information to provide and improve the Enforza service, and we never use your contact details for purposes unrelated to Enforza operations or support.

3. What We Collect

We collect information when you:

  • Create an Enforza account (name, email, password, and optional company details)
  • Manage devices and configure firewall or NAT gateway rules
  • Deploy agents or interact with our APIs and web interfaces
  • Send support queries or provide feedback
  • Access the Enforza portal, CLI, or agent tools
  • Opt in via Single Sign-On (e.g., Google, Microsoft)

We may also collect:

  • IP addresses, login timestamps, and session metadata
  • Device identifiers, hostname, OS version, cloud provider metadata
  • Network activity data (e.g., policy application, firewall event logs, NAT flow metadata)
  • Telemetry and usage metrics for performance tuning
  • Cookies, device settings, and language preferences

If you manage multiple users or sub-accounts, we may store:

  • User role, email, IP address, access logs, and permission settings

4. How We Use Your Data

We use your data to:

  • Deliver, operate, and secure the Enforza platform
  • Manage authentication, access control, and session persistence
  • Process support requests and customer communications
  • Send account-related alerts and system status updates
  • Perform analytics to improve performance and usability
  • Detect abuse, unauthorized access, and fraud attempts
  • Monitor rule enforcement, policy usage, and system health
  • Meet regulatory and compliance obligations, and audit security-critical actions

5. Legal Bases for Processing

Under the UK GDPR and the EU GDPR we only process personal data where we have a lawful basis to do so. The table below maps what we do to the basis we rely on. Anything relying on consent stays off until you opt in, and you can withdraw that consent at any time (see §10).

Purpose Data used Lawful basis
Provide, operate and secure the Enforza platform — accounts, authentication, device and policy configuration, session persistence Account details, credentials, device/network configuration, session metadata Performance of a contract (Art. 6(1)(b))
Account security, abuse / fraud detection, audit logging and platform integrity IP addresses, login timestamps, access logs, security-event logs Legitimate interests (Art. 6(1)(f)) — keeping the service and its users secure
Support requests and service-critical communications (security, system status, account alerts) Contact details, support correspondence Performance of a contract (Art. 6(1)(b)) and legitimate interests (Art. 6(1)(f))
Billing, invoicing and statutory record-keeping Billing and transaction records Legal obligation (Art. 6(1)(c)) and performance of a contract (Art. 6(1)(b))
Product and website analytics and usability improvement (Google Analytics, Microsoft Clarity) Cookie / device identifiers, page and interaction events, session replay Consent (Art. 6(1)(a)) — off until you allow the Analytics category
Advertising and conversion measurement (Google Ads, and Microsoft Advertising UET where active) Cookie / advertising identifiers, conversion events Consent (Art. 6(1)(a)) — off until you allow the Marketing category

6. Cookies, Analytics and Advertising

We group cookies and similar local storage into three categories. Essential items are strictly necessary and are always active. Analytics and Marketing items stay off until you allow them, and you can change or withdraw your choice at any time using the control (also in the site footer). We operate first-party categorised consent with Google Consent Mode v2: analytics and advertising storage default to denied and are only granted when you opt in.

Analytics — Google Analytics and Microsoft Clarity

When you allow the Analytics category we use Google Analytics (Google Tag Manager / GA4) to understand aggregate site usage, and Microsoft Clarity to see how visitors interact with pages through heatmaps and session replay so we can improve the product and website. Microsoft Clarity is provided by Microsoft, which receives and processes the interaction data it captures as described in the Microsoft Privacy Statement. Google Analytics is provided by Google under the Google Privacy Policy. Neither runs until you grant Analytics consent.

Marketing — Google Ads and Microsoft Advertising (UET)

When you allow the Marketing category we may use Google Ads and the Microsoft Advertising Universal Event Tracking (UET) tag to measure the effectiveness of our advertising and attribute sign-ups and demo requests to the campaigns that led to them. Where the Microsoft UET tag is active, Microsoft receives and processes personal data (such as cookie / advertising identifiers and conversion events) as an independent controller under the Microsoft Privacy Statement. Google Ads processing is described in the Google Privacy Policy. These tags stay off until you grant Marketing consent, and you can withdraw that consent at any time.

UET technical safeguard. We do not place personal data into the page URLs or query parameters that the UET tag reads, and we do not pass names, email addresses or other directly-identifying fields to Microsoft through the tag. UET is used only for aggregate conversion measurement.

Name Provider Purpose Category Duration
efz-consent-v3 Enforza Stores your cookie choices Essential ~12 months (localStorage)
theme preference Enforza Remembers light / dark mode Essential Persistent (localStorage)
pricing code Enforza Remembers a pricing code you enter Essential Persistent (localStorage)
efz-acq Enforza First-touch campaign attribution (UTM / gclid) Analytics / Marketing Persistent (localStorage)
_ga, _ga_* Google Analytics Distinguishes users and sessions Analytics 13 months
_clck, _clsk Microsoft Clarity Heatmaps & session replay to improve usability Analytics Up to ~12 months
_gcl_au Google Ads Conversion attribution Marketing 90 days
_uetsid, _uetvid, MUID Microsoft Advertising (UET) Advertising conversion measurement. Active only while a Microsoft Advertising campaign is running; set only with Marketing consent. Marketing Session – 13 months

To change which categories you allow, or to withdraw consent, open . Withdrawing is as easy as granting.

7. Sharing Your Data

We do not sell your personal information. We may share it only in the following circumstances:

  • With trusted third-party service providers (e.g., billing, authentication, analytics)
  • With infrastructure providers for secure cloud hosting and database storage
  • With analytics and advertising partners where you have consented — specifically Google (Google Analytics and Google Ads) and Microsoft (Microsoft Clarity, and Microsoft Advertising UET where active), each governed by its own privacy statement linked in §6
  • With regulatory or legal authorities if required by law
  • With professional advisors (e.g., auditors, legal counsel)
  • Within Synvu Limited and affiliated service teams to operate the platform
  • When explicitly authorized by you, such as during integrations or role delegation

Some of these providers are located outside the UK / EEA. Where personal data is transferred internationally, we rely on appropriate safeguards such as the providers’ standard contractual clauses and equivalent transfer mechanisms.

8. Storage and Retention

We retain your data as long as necessary to:

  • Provide and support our services
  • Enforce our agreements and fulfill legal obligations
  • Conduct security audits and maintain platform integrity

We may retain:

  • Audit logs, firewall rule changes, and access attempts for up to 3 years
  • Billing and transaction records as required by law
  • Anonymized usage metrics indefinitely for analytics

When no longer needed, personal data is securely deleted or anonymized.

9. Security Measures

We employ modern security practices including:

  • TLS encryption for all data in transit
  • Encryption at rest using industry standards
  • Role-based access controls and least privilege
  • Multi-factor authentication (MFA)
  • Continuous monitoring and anomaly detection

However, no system is immune to all threats. We take reasonable steps to protect your data but cannot guarantee absolute security.

10. Your Rights and Choices

Under the UK GDPR and the EU GDPR, and depending on your region, you have the following rights over your personal data:

  • Access — obtain a copy of the personal data we hold about you (Art. 15)
  • Rectification — have inaccurate or incomplete data corrected (Art. 16)
  • Erasure — ask us to delete your data where the law allows (“right to be forgotten”, Art. 17)
  • Restriction — ask us to limit how we process your data (Art. 18)
  • Portability — receive your data in a structured, machine-readable format (Art. 20)
  • Objection — object to processing based on our legitimate interests, and to direct marketing at any time (Art. 21)

Withdrawing consent is your right. Where we rely on your consent — for analytics and advertising cookies — you can withdraw it at any time, and withdrawing is as easy as granting: open to change or revoke any category. Withdrawing consent does not affect the lawfulness of processing carried out before you withdrew it (Art. 7(3)).

To exercise any of these rights, contact us at contact@enforza.io. You also have the right to lodge a complaint with a data protection supervisory authority. In the UK that is the Information Commissioner’s Office (ico.org.uk); in the EEA it is your local supervisory authority.

11. Children’s Privacy

Enforza is not intended for children under 13. We do not knowingly collect information from minors. If you believe a child has submitted personal information, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Significant changes will be announced via our website or portal notifications. Your continued use of Enforza after such updates constitutes your agreement to the revised policy.

July 2026 update: we added an explicit data-controller clause, a legal-basis table, and clearer disclosure of our analytics and advertising partners (Google and Microsoft) — including Microsoft Clarity and, where active, the Microsoft Advertising UET tag — with links to their privacy statements.

13. Legal Disclaimers

  • Enforza is provided “as is” without warranties of any kind.
  • We are not liable for any damages resulting from the use or misuse of the platform.
  • We do not guarantee uninterrupted or error-free service.
  • External integrations and linked services are governed by their own policies.
  • You are responsible for ensuring your use of Enforza complies with applicable laws and industry regulations.

14. Contact Information

If you have questions or concerns about this policy, or wish to exercise any of your rights, contact us at contact@enforza.io, or write to Synvu Limited, 71–75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom.

← Back to home · Terms of Service

The built-for-cloud firewall — same capability as the cloud-native one, at 60–80% less. Flat, per firewall, no per-GB data-processing tax.

Runs on any cloud.

Product

  • Platform
  • Cloud Controller
  • How it works
  • Secure NAT gateway
  • AWS GWLB Inspection
  • AWS Marketplace

Compliance

  • Compliance hub
  • PCI DSS firewall
  • HIPAA firewall
  • ISO 27001 firewall
  • NIST firewall rules
  • Firewall audit

Compare

  • All comparisons
  • vs AWS Network Firewall
  • vs Azure Firewall
  • vs Google Cloud NGFW
  • vs pfSense
  • vs OPNsense
  • vs fck-nat
  • vs Aviatrix
  • vs Cisco Multicloud Defense

Pricing

  • Pricing
  • Savings calculator
  • AWS Network Firewall cost
  • Azure Firewall cost
  • AWS NAT Gateway cost
  • Azure NAT Gateway cost

Partners

  • Partner program
  • Reseller program
  • MSSP / MSP platform
  • White-label firewall
  • Multi-tenant firewall

Company

  • About
  • Contact
  • Articles

© 2026 Synvu Limited. All rights reserved.

  • Terms of Service
  • Privacy Policy

Enforza is a trading name of Synvu Limited, a company registered (15761962) in the United Kingdom. Registered office address: 71–75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom.

AWS and the “Powered by AWS” / AWS Marketplace logos are trademarks of Amazon.com, Inc. or its affiliates. Microsoft Azure, Google Cloud, and all other product and company names, logos and trademarks referenced on this site are the property of their respective owners. Enforza is an independent product and is not affiliated with, endorsed by, sponsored by, or otherwise associated with Amazon Web Services, Microsoft, Google, or any other company mentioned here. All third-party names and marks are used solely for identification and comparison purposes.

We use cookies to measure traffic and, with your consent, support advertising — both stay off until you allow them. See our Privacy & Cookie Policy.