Detection, Mitigation & Response

Detect and mitigate DDoS attacks in under 1 second, respond automatically, and keep your users informed.

All features →
1-Second Detection
Know the instant traffic spikes. PPS checked every second.
Attack Classification
Identifies 7 attack families with protocol-level confidence scores.
Node Firewall Rules
Per-server iptables, null-routes, CDN rules & scripts.
Cloud Scrubbing
Auto-divert to Cloudflare, OVH, or Hetzner on attack detection.
BGP Mitigation
Auto-deploy FlowSpec, RTBH blackhole & rate-limiting via BGP.
Multi-Channel Alerts
Discord, Slack, PagerDuty, OpsGenie, SMS, email, webhooks.
PCAP Capture
Full packet capture with AI-powered forensic analysis.
Layer 7 Detection
HTTP flood, credential stuffing, API abuse & bot detection.
Automated Runbooks
Chain mitigation steps into automated incident response playbooks.
Analytics Baselines Threat Intel & IOC Multi-Node Status Pages Correlation Audit Log Attack Profiles Flow Collection Mirror / SPAN Mode
Learn
Documentation Quick Start API Reference Agent Setup DDoS Protection Landscape State of DDoS 2026 REPORT Free Certifications Hackathon Sponsorships
Research & Guides
Server Nerd Comic NEW Mirai Botnet Kill Switch Research memcached Amplification Dynamic Baselines PCAP Forensics PagerDuty Setup
Company
About Us Partners Managed Protection Whitelabel / Reseller Affiliate Program Pay with Crypto System Status
Legal & Support
Contact Us Security Trust Center Terms Privacy SLA
Who Uses Flowtriq

From indie hosts to ISPs, see how teams like yours use Flowtriq to detect and stop DDoS attacks.

All Use Cases → Talk to Us →
Infrastructure
Hosting Providers ISPs MSPs/MSSPs Small Operators Routers Edge Node Defense Proxy Providers VPN Providers
Gaming & Entertainment
Game Server Hosting Game Studios Esports Platforms iGaming & Sportsbooks
Business & Emerging
SaaS Platforms E-Commerce Financial Services Compliance VoIP & Cloud Calling GPU & AI Cloud
Legal & Compliance

Privacy Policy

Effective: June 20, 2026  ยท  Questions? [email protected]

Terms of Service Privacy Policy Data Processing Agreement Service Level Agreement
Summary: We collect only what we need to operate the service. We do not sell your data. You can request deletion at any time.

1. Information We Collect

Account Data

Name, email address, company name, and billing information collected at registration.

Network Telemetry

PPS, BPS, protocol ratios, connection counts, and attack metadata submitted by the ftagent running on your servers. This data is processed to detect DDoS incidents.

PCAP Files

If PCAP capture is enabled, packet captures are transmitted by the agent and stored for 7 days (standard plans) or up to 365 days (enterprise plans).

Usage Data

Log data, dashboard activity, and API call metadata used to operate and improve the service.

2. How We Use Data

  • Detect and respond to DDoS incidents on your infrastructure.
  • Provide and maintain the Flowtriq dashboard and API.
  • Send incident alerts and service notifications.
  • Process billing through Stripe (we do not store card data).
  • Improve detection accuracy and service reliability.

3. Data Sharing

We do not sell your data. We share data with:

  • Stripe: payment processing.
  • Google Analytics & Google Ads: website traffic analysis and advertising conversion measurement.
  • Microsoft Clarity: session recordings, heatmaps, and usage analytics to understand how visitors interact with the site.
  • Meta (Facebook) Pixel: advertising conversion tracking and audience measurement.
  • LinkedIn Insight Tag: advertising conversion tracking and aggregate website visitor demographics.
  • Reddit Pixel: advertising conversion tracking and campaign measurement.
  • Contentsquare: user experience analytics including session replay and interaction mapping.
  • Apollo.io: B2B visitor identification and sales intelligence.
  • Infrastructure providers: hosting and storage under data processing agreements.
  • Law enforcement, when required by applicable law.

4. Data Retention

Metric data (PPS/BPS) is retained for 25 hours in raw form and up to 90 days in aggregated form. PCAP files are retained for 7 days (standard plans) or up to 365 days (enterprise plans). Account data is retained while your account is active and deleted immediately upon account deletion.

5. Data Location

Primary data storage and processing occurs on infrastructure located in North America. Certain sub-processors may process data in other regions as described in our Data Processing Agreement. Where data is transferred outside the European Economic Area, the United Kingdom, or other jurisdictions with data transfer restrictions, we ensure appropriate safeguards are in place, including EU Standard Contractual Clauses (SCCs) and UK International Data Transfer Agreements (IDTAs). For details on sub-processor data flows, see Section 6 of the DPA.

6. Your Rights

You may request access, correction, or deletion of your personal data by emailing [email protected]. We will respond within 30 days.

GDPR Rights (EU/UK Residents)

If you are located in the European Economic Area or the United Kingdom, you have the rights described in the Data Processing Agreement, Section 7, including the right of access, rectification, erasure, restriction of processing, data portability, objection, and the right to lodge a complaint with your local supervisory authority.

CCPA/CPRA Rights (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act and the California Privacy Rights Act:

  • Right to Know: You have the right to request that we disclose what categories and specific pieces of personal information we have collected about you, the categories of sources from which the information was collected, the business purpose for collecting the information, and the categories of third parties with whom we share the information.
  • Right to Delete: You have the right to request that we delete personal information we have collected from you, subject to certain exceptions permitted by law.
  • Right to Correct: You have the right to request correction of inaccurate personal information.
  • Right to Opt-Out of Sale or Sharing: We do not sell personal information, and we do not share personal information for cross-context behavioural advertising. Therefore, there is no need to opt out of these practices.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights. You will not receive different pricing or a different quality of service because you exercised your rights.

To exercise any of these rights, contact us at [email protected]. We will verify your identity before processing your request and respond within 45 days as required by law.

PIPEDA Rights (Canadian Residents)

If you are a resident of Canada, the Personal Information Protection and Electronic Documents Act (PIPEDA) provides you with rights regarding your personal information. You have the right to:

  • Access the personal information we hold about you.
  • Request correction of inaccurate or incomplete information.
  • Withdraw consent for the collection, use, or disclosure of your personal information, subject to legal or contractual restrictions.
  • Challenge our compliance with PIPEDA by filing a complaint with us or with the Office of the Privacy Commissioner of Canada.

To exercise your rights under PIPEDA, contact us at [email protected]. If you are not satisfied with our response, you have the right to file a complaint with the Office of the Privacy Commissioner of Canada at www.priv.gc.ca.

Australian Privacy Principles (Australian Residents)

If you are located in Australia, we handle your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). You have the right to access your personal information, request correction, and make a complaint about our handling of your information. Complaints can be directed to [email protected] or, if unresolved, to the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

7. Security

All data is encrypted in transit (TLS 1.2+). Passwords are stored as bcrypt hashes; API keys are stored as one-way hashes. PCAP files are stored outside the web root with restricted filesystem access.

8. Cookies & Tracking Technologies

We use a session cookie (PHPSESSID) for authentication and Cloudflare cookies for DDoS protection. We also use the following third-party analytics and advertising technologies on our marketing pages:

  • Google Analytics & Google Ads (Google LLC): measures website traffic and advertising conversions using cookies such as _ga, _gid, and _gcl_au.
  • Microsoft Clarity (Microsoft Corporation): records anonymised session replays and heatmaps to analyse site usability. Sets cookies such as _clck and _clsk.
  • Meta Pixel (Meta Platforms, Inc.): tracks advertising conversions and enables audience targeting on Facebook and Instagram. Sets the _fbp cookie.
  • LinkedIn Insight Tag (LinkedIn Corporation): measures ad conversions and provides aggregate demographic insights about website visitors. Sets cookies such as li_sugr and bcookie.
  • Reddit Pixel (Reddit, Inc.): tracks advertising conversions and campaign performance on Reddit.
  • Contentsquare: provides user experience analytics including session replay, heatmaps, and interaction mapping.
  • Apollo.io: B2B intent data and visitor analytics for sales intelligence.

These technologies may collect your IP address, browser type, pages visited, and interaction data. You can opt out by adjusting your browser cookie settings or using browser extensions that block tracking scripts. For a complete list of cookies and opt-out instructions, see our Cookie Policy.

9. Do Not Track

Some web browsers transmit "Do Not Track" (DNT) signals. There is currently no universally accepted standard for how companies should respond to DNT signals. At this time, the Flowtriq website does not respond to or alter its behaviour based on DNT signals. You may use browser settings, extensions, or our cookie consent controls to manage your tracking preferences.

10. Children's Privacy

The Service is not directed at individuals under the age of 16. Flowtriq Networks Inc. does not knowingly collect personal information from children under 16 years of age. If we become aware that we have collected personal information from a child under 16, we will take steps to delete that information promptly. If you believe that a child under 16 has provided personal information to us, please contact us at [email protected].

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email at least 30 days before the changes take effect, and we will post the updated policy on this page with a revised effective date. We encourage you to review this policy periodically. Your continued use of the Service after the effective date of a revised policy constitutes acceptance of the changes.

12. Contact

For privacy-related inquiries, data subject requests, or questions about this Privacy Policy, contact us at:

  • Email: [email protected]
  • Mail: Flowtriq Networks Inc., 145 1/2 Church St, Unit 5, Office 822, Toronto, Ontario, Canada