Privacy Policy

Last updated: March 2026

This Privacy Policy explains how FortiPanel ("we", "us", or "our") collects, uses, and protects your information when you use our website and software services.

1. Data We Collect

We collect the minimum data necessary to provide the Service:

• Account data: Email address, provided when purchasing a license
• License data: Number of devices managed, license key, activation date
• Payment data: Processed exclusively by Paddle — we never store credit card information
• Technical data: IP address and device count sent during license validation (every 6 hours)

2. Data We Do NOT Collect

FortiPanel runs entirely on your own infrastructure. We have no access to:

• Your FortiGate IP addresses, credentials, or API tokens
• Your network topology or configurations
• Your clients' data or infrastructure
• Any data stored within your FortiPanel installation

3. How We Use Your Data

• To validate and manage your license
• To send your license key and transactional emails (receipts, renewal reminders)
• To prevent abuse and enforce license limits
• To improve the Service based on aggregate usage statistics

4. Data Sharing

We do not sell or share your personal data with third parties, except:

• Paddle: Our payment processor and Merchant of Record, who processes payment information according to their own privacy policy
• Legal requirements: If required by law or to protect our rights

5. Data Retention

We retain your account and license data for as long as you have an active account, plus 12 months after account closure for legal and accounting purposes. Validation logs are retained for 90 days.

6. Your Rights (GDPR)

If you are in the European Economic Area, you have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Object to processing of your data
• Data portability

To exercise these rights, contact us at privacy@fortipanel.dev.

7. Cookies

Our website (fortipanel.dev) does not use tracking or analytics cookies. We only use essential session cookies required for authentication in the admin panel.

8. Security

We use industry-standard security measures including HTTPS, secure password hashing, and HMAC-signed license keys. License validation is rate-limited and logged to detect abuse.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email. The date at the top of this page indicates when it was last updated.

10. Contact

For privacy-related questions: privacy@fortipanel.dev