Privacy Policy
Last updated: March 1, 2026
Data We Collect
Azure CDN processes HTTP requests on behalf of our customers. In the course of providing CDN services, we collect and temporarily store the following data:
- Client IP addresses (for routing and abuse prevention)
- Request URLs, HTTP methods, and response status codes
- Request and response sizes
- TLS protocol version and cipher suite
- User-Agent and Referer headers
- Timestamps and edge node identifiers
How We Use Data
Request logs are used for:
- Delivering cached content and routing traffic to the appropriate edge node
- Generating aggregate analytics available to zone owners via the API and dashboard
- Detecting and mitigating abuse, including DDoS attacks
- Debugging service issues and maintaining uptime
Data Retention
Raw request logs are retained for 30 days, then deleted. Aggregate analytics (request counts, bandwidth totals, cache hit ratios) are retained for 12 months. Account data is retained for the duration of the account plus 30 days after deletion.
Data Sharing
We do not sell request log data. Zone owners can access analytics for their own zones. We may disclose data when required by law or to prevent imminent harm to the network.
Cookies
The Azure CDN status page and documentation do not set cookies. The customer dashboard uses session cookies for authentication.
Security
Request logs are encrypted in transit and at rest. Access to raw logs is restricted to operations staff and is audited. Edge nodes do not store persistent request data beyond the configured cache TTL.
Changes
Updates to this policy will be posted on this page with a revised date. Continued use of the service constitutes acceptance of the updated policy.