Legal

Privacy Policy

Last updated July 2026. This is a template — review with your legal counsel before going live.

1. What we collect

Account data (name, email, password hash), the websites you add (URL, scan results, protection settings), and operational logs (scan history, firewall events). We do not sell your data.

2. How we use it

To provide scanning, protection, reporting and notifications; to operate and secure the platform; and to communicate about your account. Email is sent only via the channels you configure.

3. Connected sites

When you install the Guardian connector or enable the cloud firewall, the Service accesses your site’s files/database/traffic solely to perform the protection you requested. Actions are cryptographically authorized; file/DB remediation is backed up and reversible.

4. Third-party data

We query free, public threat-intelligence and vulnerability feeds (e.g. abuse.ch, WPVulnerability, WordPress.org checksums) to assess risk. We do not share your site data with these sources.

5. Security

Passwords are hashed; API keys and stored secrets are hashed/encrypted. We apply rate-limiting and access controls. No system is perfectly secure; report concerns to [email protected].

6. Retention & your rights

You may delete websites and your account at any time, which removes the associated data. Contact us to request export or deletion.

7. Contact

[email protected]