Privacy Policy

Last Updated: November 24, 2025

1. Introduction

GuardAxion ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI security platform, products, and services (collectively, the "Services").

By accessing or using our Services, you agree to this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Services.

2. Information We Collect

2.1 Information You Provide

We collect information you provide directly to us, including:

  • Account Information: Name, email address, company name, job title, phone number, and billing information when you create an account or subscribe to our Services.
  • Communications: Information you provide when you contact us for support, provide feedback, or communicate with us through any channel.
  • Configuration Data: Security policies, guardrail rules, access controls, and other configuration settings you define within our platform.

2.2 Information Collected Automatically

When you use our Services, we automatically collect certain information:

  • Usage Data: Log data, API calls, request/response metadata, timestamps, user actions, and feature utilization.
  • Device Information: IP addresses, browser types, operating systems, device identifiers, and connection information.
  • Security Events: Threat detections, policy violations, blocked requests, and security incidents related to AI platform usage.
  • Analytics Data: Performance metrics, usage patterns, and aggregated statistics to improve our Services.

2.3 AI Content Data

Our Services may process AI-related content including:

  • Prompts and queries submitted to AI platforms
  • AI responses and generated content (when monitoring is enabled)
  • Metadata about AI interactions for security analysis
  • Pattern data for threat detection and compliance enforcement

Important: We process this data solely to provide security services. We do not use your AI content to train our models or for purposes unrelated to your security requirements.

3. How We Use Your Information

We use the collected information for the following purposes:

  • Service Delivery: Provide, maintain, and improve our AI security platform and related services.
  • Security Protection: Detect, prevent, and respond to security threats, vulnerabilities, and policy violations.
  • Analytics & Insights: Generate security analytics, threat intelligence, and usage insights for your organization.
  • Customer Support: Respond to your requests, provide technical support, and resolve issues.
  • Communications: Send administrative information, security alerts, product updates, and service notifications.
  • Compliance: Meet legal obligations, enforce our agreements, and comply with applicable regulations.
  • Product Improvement: Analyze usage patterns to enhance features, develop new capabilities, and improve user experience.

4. Data Sharing and Disclosure

4.1 We May Share Information With:

  • Service Providers: Third-party vendors who perform services on our behalf (hosting, analytics, support) under strict confidentiality agreements.
  • Business Transfers: In connection with mergers, acquisitions, or sale of assets, with appropriate safeguards.
  • Legal Requirements: When required by law, subpoena, court order, or to protect our rights and safety.
  • With Your Consent: When you explicitly authorize us to share information with third parties.

4.2 We Do NOT:

  • Sell your personal information to third parties
  • Share your AI content data with other customers
  • Use your data to train AI models for other customers
  • Disclose security configurations or proprietary rules to competitors

5. Data Security

We implement comprehensive security measures to protect your information:

  • Encryption: Data encrypted in transit (TLS 1.3+) and at rest (AES-256)
  • Access Controls: Role-based access control (RBAC) and multi-factor authentication (MFA)
  • Network Security: Firewalls, intrusion detection/prevention systems, and network segmentation
  • Monitoring: 24/7 security monitoring, logging, and incident response procedures
  • Compliance: SOC 2 Type II, ISO 27001, and industry-standard security frameworks
  • Regular Audits: Penetration testing, vulnerability assessments, and security audits

While we strive to protect your information, no security system is impenetrable. We cannot guarantee absolute security of data transmitted over the internet.

6. Data Retention

We retain your information for as long as necessary to:

  • Provide Services and maintain your account
  • Comply with legal obligations and regulatory requirements
  • Resolve disputes and enforce our agreements
  • Maintain security logs for incident investigation

Upon account termination, we will delete or anonymize your data within 90 days, except where retention is required by law or for legitimate business purposes (e.g., billing records, audit trails).

7. Your Rights and Choices

Depending on your location, you may have the following rights:

  • Access: Request access to personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information (subject to legal obligations)
  • Data Portability: Receive your data in a structured, machine-readable format
  • Restriction: Request restriction of processing in certain circumstances
  • Objection: Object to processing based on legitimate interests
  • Opt-Out: Unsubscribe from marketing communications (service notifications may continue)

To exercise these rights, contact us at privacy@guardaxion.com.

8. International Data Transfers

GuardAxion operates globally. Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs) for international transfers
  • Data Processing Agreements (DPAs) with third-party processors
  • Compliance with GDPR, CCPA, and other applicable privacy regulations
  • Data residency options for customers with specific geographic requirements

9. Children's Privacy

Our Services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us immediately.

10. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Maintain session state and authentication
  • Remember user preferences and settings
  • Analyze usage patterns and improve our Services
  • Provide security features and detect anomalies

You can control cookies through your browser settings. Disabling cookies may limit functionality of our Services.

11. Third-Party Links

Our Services may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any information.

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of material changes by:

  • Posting the updated policy on our website with a new "Last Updated" date
  • Sending email notification to your registered email address
  • Displaying prominent notices within our Services

Your continued use of our Services after changes constitutes acceptance of the updated Privacy Policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Email: privacy@guardaxion.com

Data Protection Officer: dpo@guardaxion.com

Address: GuardAxion Privacy Team
[Company Address]
[City, State ZIP]

14. Region-Specific Provisions

14.1 California Residents (CCPA)

California residents have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected, used, shared, or sold
  • Right to delete personal information
  • Right to opt-out of sale of personal information (we do not sell personal information)
  • Right to non-discrimination for exercising CCPA rights

14.2 European Union Residents (GDPR)

EU residents have rights under the General Data Protection Regulation (GDPR):

  • Legal basis for processing: Contractual necessity, legitimate interests, legal compliance, and consent
  • Right to lodge complaints with supervisory authorities
  • Right to withdraw consent for consent-based processing
  • Data Protection Impact Assessments (DPIAs) for high-risk processing