Legal

Privacy Policy

Last updated: April 27, 2026·Red Impact LLC

1. Who We Are

Guardian is operated by Red Impact LLC, a Wyoming limited liability company ("Company", "we", "us", or "our"). Red Impact LLC 30 N Gould St Ste R Sheridan, WY 82801, USA EIN: 30-1402453 Contact: privacy@tryguardian.dev

2. Information We Collect

Account data: email address, name, and session credentials when you create an account. Scan data: URLs you submit for scanning, scan results, and scan history. Payment data: billing information is collected and processed by Stripe, Inc. We do not store full payment card details — we only store a Stripe customer ID and subscription status. Usage data: log data, IP addresses, browser type, pages visited, and timestamps.

3. How We Use Your Information

We use your information to: provide and improve the Service, process payments and manage subscriptions, send scan result notifications and security alerts you opt into, respond to your support requests, enforce our Terms of Service, and comply with legal obligations. We do not sell your personal information to third parties. We do not use your data to train AI models.

4. Payment Processing

Payments are processed by Stripe, Inc. ("Stripe"). When you subscribe to a paid plan, your payment information is transmitted directly to Stripe using secure encryption. Stripe is PCI DSS compliant. We receive from Stripe only non-sensitive billing metadata (subscription status, last 4 digits of card, billing cycle). Stripe's privacy policy is available at stripe.com/privacy.

5. Data Storage and Security

Scan data and account data are stored in Supabase (PostgreSQL), hosted on AWS infrastructure. Data is encrypted at rest (AES-256) and in transit (TLS 1.2+). Scan results are retained for 90 days. You can delete your data at any time from the Scan History page. We implement industry-standard security practices and access controls.

6. What We Scan

When you submit a URL for scanning, Guardian sends automated HTTP requests to your application to probe for security vulnerabilities. We do not store the content of your application's responses beyond what is necessary to generate security findings. Session cookies you provide are used only for the duration of the scan and are not shared with third parties.

7. Email Communications

If you enable email alerts, we use Resend to send security notifications to your registered email. You can disable email alerts at any time from the Settings page. We may send transactional emails related to your account (verification, password reset, billing receipts). You cannot opt out of transactional emails while your account is active.

8. Third-Party Services

We use the following third-party services which may process your data: • Supabase (database and authentication) — supabase.com/privacy • Stripe (payment processing) — stripe.com/privacy • Resend (email delivery) — resend.com/legal/privacy-policy • Vercel (web hosting) — vercel.com/legal/privacy-policy • Railway (scan worker infrastructure) — railway.app/legal/privacy

9. Cookies

We use cookies and similar technologies to maintain your session and remember your preferences. Session cookies are required for authentication and cannot be disabled while using the Service. We do not use third-party tracking or advertising cookies. You may clear cookies at any time through your browser settings, but this will log you out of the Service.

10. Your Rights (GDPR / CCPA)

Depending on your location, you may have the following rights regarding your personal data: • Right to access: request a copy of the personal data we hold about you. • Right to rectification: request correction of inaccurate data. • Right to erasure: request deletion of your account and associated data. • Right to portability: receive your data in a machine-readable format. • Right to object: object to processing of your data. • California residents (CCPA): you have the right to know, delete, and opt-out of the sale of personal information. We do not sell personal information. To exercise any of these rights, email privacy@tryguardian.dev. We will respond within 30 days.

11. Data Transfers

Your data is processed in the United States. If you are located in the European Economic Area (EEA) or United Kingdom, you acknowledge that your data is transferred to and processed in the United States, which may not have the same data protection laws as your home country. By using the Service, you consent to this transfer.

12. Children's Privacy

The Service is not directed to individuals under 18 years of age. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal information, please contact us at privacy@tryguardian.dev and we will promptly delete it.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of significant changes via email at least 14 days in advance. The updated policy will be posted at tryguardian.dev/privacy with a revised "Last updated" date. Continued use of the Service after the effective date constitutes acceptance of the revised policy.

14. Contact Us

For privacy-related questions or to exercise your rights: Email: privacy@tryguardian.dev Mail: Red Impact LLC, 30 N Gould St Ste R, Sheridan, WY 82801, USA Website: tryguardian.dev

Terms Privacy Refunds ← Home