Privacy Policy

Last Updated: December 11, 2025

1. Introduction

GuardAxion ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI security platform, products, and services (collectively, the "Services").

By accessing or using our Services, you agree to this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Services.

2. Information We Collect

⚠️ Important: Data Collection Only After Explicit Enrollment

GuardAxion only collects technical and usage data after you explicitly enroll in our services through an enrollment key or account registration. We do not collect or process any data from visitors who have not enrolled. All data collection requires your active consent and enrollment.

2.1 Information You Provide

We collect information you provide directly to us when you enroll and use our Services:

  • User Account Information (Purpose: Authentication & Service Delivery):
    • Name (for account identification and support)
    • Email address (for authentication, notifications, and support)
    • Company name (for organizational grouping and billing)
    • Retention: Stored for the duration of your active account plus 90 days after account termination
  • Communications: Information you provide when you contact us for support, provide feedback, or communicate with us through any channel.
  • Configuration Data: Security policies, guardrail rules, access controls, and other configuration settings you define within our platform.

2.2 Information Collected Automatically (Only After Enrollment)

When you use our Services after enrollment, we automatically collect the following technical information necessary for security monitoring:

  • Device & Browser Identifiers (Purpose: Security Monitoring & Session Management):
    • Browser type, version, and user agent string
    • Operating system and device type
    • Unique device identifiers (browser extension ID, installation ID)
    • Retention: 12 months for active devices, 30 days after device removal
  • IP Addresses (Purpose: Security, Fraud Prevention & Geographic Compliance):
    • Source IP addresses for all service requests
    • Geographic location derived from IP (country/region level only)
    • Retention: 90 days in detailed logs, 2 years in aggregated analytics
  • Browsing Activity on AI Platforms (Purpose: DLP Enforcement & Policy Compliance):
    • URLs of AI platforms accessed (e.g., ChatGPT, Claude, Gemini)
    • Timestamps of AI platform visits
    • DLP rule matches and blocked content patterns (not full content)
    • Access control decisions (allow/block/warn)
    • Important: We log metadata only, not the actual content of your prompts or AI responses unless explicitly configured for audit purposes
    • Retention: 6 months for security analysis, 2 years for compliance audit logs
  • Security Event Logs (Purpose: Threat Detection & Incident Response):
    • Policy violation events and timestamps
    • Blocked requests and warning triggers
    • Authentication attempts and failures
    • Anomalous behavior detections
    • Retention: 12 months for security analysis, 7 years for critical security incidents
  • Usage Data: Log data, API calls, request/response metadata, timestamps, user actions, and feature utilization.
  • Analytics Data: Performance metrics, usage patterns, and aggregated statistics to improve our Services.

2.3 AI Content Data

Our Services may process AI-related content including:

  • Prompts and queries submitted to AI platforms
  • AI responses and generated content (when monitoring is enabled)
  • Metadata about AI interactions for security analysis
  • Pattern data for threat detection and compliance enforcement

Important: We process this data solely to provide security services. We do not use your AI content to train our models or for purposes unrelated to your security requirements.

3. How We Use Your Information

We use the collected information for the following purposes:

  • Service Delivery: Provide, maintain, and improve our AI security platform and related services.
  • Security Protection: Detect, prevent, and respond to security threats, vulnerabilities, and policy violations.
  • Analytics & Insights: Generate security analytics, threat intelligence, and usage insights for your organization.
  • Customer Support: Respond to your requests, provide technical support, and resolve issues.
  • Communications: Send administrative information, security alerts, product updates, and service notifications.
  • Compliance: Meet legal obligations, enforce our agreements, and comply with applicable regulations.
  • Product Improvement: Analyze usage patterns to enhance features, develop new capabilities, and improve user experience.

4. Data Sharing and Disclosure

✓ No Third-Party Data Sharing

GuardAxion does NOT share your data with any third parties for marketing, analytics, or any other purposes. We do not sell, rent, or share your personal information or usage data with external organizations, data brokers, advertising networks, or analytics providers.

4.1 Limited Disclosure Scenarios

We may only disclose your information in these specific circumstances:

  • Legal Requirements: When required by law, subpoena, court order, or to protect our rights and safety. We will notify you unless legally prohibited.
  • Business Transfers: In connection with mergers, acquisitions, or sale of assets, with appropriate safeguards and prior notice to affected users.
  • With Your Explicit Consent: When you specifically authorize us to share information with third parties for a particular purpose.

Infrastructure Note: Our services are self-hosted on our own infrastructure. We do not use third-party cloud providers, analytics services, or marketing platforms that would have access to your data.

4.2 We Do NOT:

  • Share data with third-party analytics providers (we use internal analytics only)
  • Share data with advertising networks or marketing platforms
  • Sell your personal information to third parties under any circumstances
  • Share your AI content data with other customers
  • Use your data to train AI models for other customers
  • Disclose security configurations or proprietary rules to competitors

5. Data Security

We implement comprehensive security measures to protect your information:

  • Encryption: Data encrypted in transit (TLS 1.3+) and at rest (AES-256)
  • Access Controls: Role-based access control (RBAC) and multi-factor authentication (MFA)
  • Network Security: Firewalls, intrusion detection/prevention systems, and network segmentation
  • Monitoring: 24/7 security monitoring, logging, and incident response procedures
  • Compliance: SOC 2 Type II, ISO 27001, and industry-standard security frameworks
  • Regular Audits: Penetration testing, vulnerability assessments, and security audits

While we strive to protect your information, no security system is impenetrable. We cannot guarantee absolute security of data transmitted over the internet.

6. Data Retention

We retain your information only for as long as necessary to provide services and meet legal obligations. Here are our specific retention periods:

Data Type Retention Period Reason
User Account Information Active account + 90 days Account recovery, billing reconciliation
Device/Browser Identifiers 180 days (then anonymized) Security monitoring, anomaly detection
IP Addresses 90 days Security analysis, fraud prevention
Activity Logs (General Usage) 90 days User behavior analysis, support troubleshooting
Analytics Events 90 days Service improvement, performance optimization
Browsing Activity on AI Platforms 90 days DLP enforcement, policy compliance
Audit Logs (Security & Compliance) 365 days Compliance audits, incident investigation
Security Event Logs (Critical Incidents) 365 days (critical events retained longer) Incident response, forensic analysis
Billing Records 7 years Tax compliance, financial audits
Export Files (User-Generated) 7 days Temporary download access, automatic deletion
Support Communications 3 years Customer service quality, dispute resolution

Data Deletion Process: Upon account termination, we will delete or anonymize your data according to the retention periods above. You may request immediate deletion by contacting our Data Protection Officer, though some data may need to be retained for legal compliance.

7. Your Rights and Choices

Depending on your location, you may have the following rights:

  • Access: Request access to personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information (subject to legal obligations)
  • Data Portability: Receive your data in a structured, machine-readable format
  • Restriction: Request restriction of processing in certain circumstances
  • Objection: Object to processing based on legitimate interests
  • Opt-Out: Unsubscribe from marketing communications (service notifications may continue)

To exercise these rights, contact us at privacy@guardaxion.com.

8. International Data Transfers

GuardAxion operates globally. Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs) for international transfers
  • Data Processing Agreements (DPAs) with third-party processors
  • Compliance with GDPR, CCPA, and other applicable privacy regulations
  • Data residency options for customers with specific geographic requirements

9. Children's Privacy

Our Services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us immediately.

10. Cookies and Tracking Technologies

GuardAxion uses cookies and similar technologies to provide and secure our Services. We use a minimal, privacy-focused approach:

10.1 Cookies We Use

Cookie Type Purpose Duration Required?
Session Cookies Maintain login state and authenticate users Session (deleted on logout) Yes - Essential
Security Cookies CSRF protection, fraud detection Session Yes - Essential
Preference Cookies Remember settings, language, UI preferences 365 days No - Functional
Cookie Consent Store your cookie preferences 365 days Yes - Legal compliance

10.2 What We DON'T Use

  • ❌ Third-party analytics cookies (no Google Analytics, Mixpanel, etc.)
  • ❌ Advertising cookies or tracking pixels
  • ❌ Social media tracking cookies
  • ❌ Cross-site tracking or fingerprinting
  • ❌ Marketing automation cookies

10.3 Browser Extension Tracking

Our browser security extension collects minimal technical data only after enrollment:

  • Extension installation ID (for authentication with our servers)
  • Browser type and version (for compatibility)
  • AI platform URLs visited (for DLP enforcement)
  • Policy violation events (for security monitoring)

No cross-site tracking: The extension only monitors visits to AI platforms you've configured. It does not track general browsing activity or other websites.

10.4 Managing Cookies

You can control cookies through:

  • Cookie Settings: Click the "Cookie Settings" button on our website to manage preferences
  • Browser Settings: Configure your browser to block or delete cookies (may impact functionality)
  • Extension Settings: Uninstall the browser extension to stop all browser-based data collection

See our Cookie Policy for complete details on cookie usage.

11. Third-Party Links

Our Services may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any information.

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of material changes by:

  • Posting the updated policy on our website with a new "Last Updated" date
  • Sending email notification to your registered email address
  • Displaying prominent notices within our Services

Your continued use of our Services after changes constitutes acceptance of the updated Privacy Policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

General Privacy Inquiries: privacy@guardaxion.com

Data Protection Officer: Bryan Caddy, bcaddy@guardaxion.com

Data Subject Requests: For access, deletion, or correction requests, contact our DPO directly

Security Incidents: security@guardaxion.com

We will respond to privacy inquiries within 30 days and data subject requests within the timeframes required by applicable law (typically 30-45 days).

14. Region-Specific Provisions

14.1 California Residents (CCPA)

California residents have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected, used, shared, or sold
  • Right to delete personal information
  • Right to opt-out of sale of personal information (we do not sell personal information)
  • Right to non-discrimination for exercising CCPA rights

14.2 European Union Residents (GDPR)

EU residents have rights under the General Data Protection Regulation (GDPR):

  • Legal basis for processing: Contractual necessity, legitimate interests, legal compliance, and consent
  • Right to lodge complaints with supervisory authorities
  • Right to withdraw consent for consent-based processing
  • Data Protection Impact Assessments (DPIAs) for high-risk processing