Legal
Privacy Policy
How we handle your data. Short version: we don't want your source code, we don't train on your traces, and we don't sell anything. Last updated April 10, 2026.
What we collect
Account info (name, work email, company). Usage telemetry (product events, not content). Billing data processed by our payment provider. For customers who enable it: product-improvement telemetry derived from aggregated, anonymized findings.
What we do NOT retain by default
Raw source code, prompts, traces, tool arguments, memory contents, or model outputs. These are processed in ephemeral enclaves and discarded. Findings — the outputs of our detectors — are what persists in your tenant.
How we use it
To provide the Service, respond to support, prevent abuse, and comply with legal obligations. We do not sell personal data. We do not use Customer Data to train foundation models.
Data locations
US-East, EU-West, or AP-South — selected per workspace. Enterprise and Premium customers pin their data region contractually. No cross-region transfer without explicit consent.
Your rights
GDPR and CCPA: access, rectification, deletion, portability, restriction. File a request at privacy@guardra.ai — we respond within 30 days (GDPR) or 45 days (CCPA).
Security
Encryption in transit (TLS 1.3) and at rest (AES-256). Customer-managed keys on Premium. Full program described at guardra.ai/security.
Retention
Findings retained for the lifetime of your workspace or 90 days after termination, whichever is shorter. Audit logs 7 years for SOC 2 compliance. Billing records per statutory requirements.
Subprocessors
Full list in the Trust Center, with 30-day advance notice of any change. Subscribe via contact@guardra.ai.
Contact
privacy@guardra.ai · DPO: dpo@guardra.ai · Postal: Guardra AI, Inc., 1209 Orange Street, Wilmington, DE 19801, USA.