Privacy Policy
Last updated July 2026. This is a template — review with your legal counsel before going live.
1. What we collect
Account data (name, email, password hash), the websites you add (URL, scan results, protection settings), and operational logs (scan history, firewall events). We do not sell your data.
2. How we use it
To provide scanning, protection, reporting and notifications; to operate and secure the platform; and to communicate about your account. Email is sent only via the channels you configure.
3. Connected sites
When you install the Guardian connector or enable the cloud firewall, the Service accesses your site’s files/database/traffic solely to perform the protection you requested. Actions are cryptographically authorized; file/DB remediation is backed up and reversible.
4. Third-party data
We query free, public threat-intelligence and vulnerability feeds (e.g. abuse.ch, WPVulnerability, WordPress.org checksums) to assess risk. We do not share your site data with these sources.
5. Security
Passwords are hashed; API keys and stored secrets are hashed/encrypted. We apply rate-limiting and access controls. No system is perfectly secure; report concerns to [email protected].
6. Retention & your rights
You may delete websites and your account at any time, which removes the associated data. Contact us to request export or deletion.