Privacy Policy
Last updated: February 2026
Aguardic (“we,” “us,” or “our”) operates the Aguardic platform and website (aguardic.com). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our services.
By using Aguardic, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use our services.
Information We Collect
Account Information
When you create an account, we collect your name, email address, and organization name. If you sign in via a third-party identity provider (Google, Microsoft, GitHub, or SAML SSO), we receive the profile information those services share with us.
Usage Data
We collect information about how you interact with our platform, including pages visited, features used, policy evaluations run, and timestamps. This data helps us improve the product and diagnose issues.
Content You Provide
When you upload documents to knowledge bases, create policies, or configure integrations, we store that content on your behalf. This content belongs to your organization and is scoped to your account.
Integration Data
When you connect third-party services (GitHub, Slack, Google Drive, etc.), we receive OAuth tokens and the minimum data required to evaluate policies against content from those services. We do not access data beyond what is necessary for evaluation.
Payment Information
Payment processing is handled by Stripe. We do not store credit card numbers or bank account details. We receive only the information necessary to manage your subscription (plan type, billing status, invoice history).
How We Use Your Information
Provide, operate, and maintain the Aguardic platform.
Evaluate content against your organization’s policies.
Process transactions and manage your subscription.
Send transactional communications (account confirmations, security alerts, billing notifications).
Improve the platform based on usage patterns and feedback.
Detect, prevent, and address technical issues and security threats.
Comply with legal obligations.
Data Sharing
We do not sell your personal data. We share information only in the following circumstances:
Service Providers
We use third-party services to operate the platform (cloud infrastructure, payment processing, email delivery, error monitoring). These providers process data on our behalf under contractual obligations to protect your information.
AI Model Providers
When semantic policy evaluation is enabled, the specific content being evaluated and the relevant policy rules are sent to LLM providers (OpenAI, Anthropic) via their APIs. No organization metadata, user data, or unrelated content is included. We use API agreements that prohibit training on customer inputs.
Legal Requirements
We may disclose information if required by law, subpoena, court order, or government request, or if we believe disclosure is necessary to protect rights, safety, or property.
Data Security
We implement industry-standard security measures to protect your data:
All data encrypted at rest (AES-256) and in transit (TLS 1.2+).
Integration credentials individually encrypted with AES-256-GCM.
Organization-level data isolation enforced at the database layer.
Role-based access control with principle of least privilege.
Regular security assessments and monitoring.
For more details, see our Security page.
Data Retention
We retain your data for as long as your account is active or as needed to provide services. Evaluation logs, violation records, and audit trails are retained for the duration of your subscription.
When you delete your account or organization, we remove your data in accordance with our deletion procedures, including clearing all stored credentials and uploaded documents.
Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
Access — request a copy of the personal data we hold about you.
Correction — request correction of inaccurate or incomplete data.
Deletion — request deletion of your personal data.
Portability — request your data in a structured, machine-readable format.
Objection — object to processing of your data in certain circumstances.
Restriction — request that we limit processing of your data.
To exercise any of these rights, contact us at privacy@aguardic.com. We will respond within 30 days.
Cookies & Tracking
Essential Cookies
We use essential cookies to maintain your session, remember your organization context, and keep you authenticated. These are strictly necessary for the platform to function and cannot be disabled.
Analytics
We use Google Analytics to understand how visitors interact with our website. This data is aggregated and does not personally identify you. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.
No Third-Party Marketing Cookies
We do not use third-party advertising or marketing cookies. We do not sell data to advertisers or participate in ad networks.
International Data Transfers
Your data may be processed in countries other than your own. When we transfer data internationally, we ensure appropriate safeguards are in place, including standard contractual clauses and data processing agreements with our service providers.
Children's Privacy
Aguardic is not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected data from a child, contact us and we will promptly delete it.
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the “Last updated” date. Your continued use of Aguardic after changes constitutes acceptance of the updated policy.
Contact
For privacy-related questions or to exercise your data rights: