Privacy Policy - Privacy Guardian

Quick Summary

📄 What we collect	Your email, hashed password, optional display name, and anonymous counts of how often you run an analysis.
🔍 What we don't collect	We never read or store your personal browsing history. We never sell or share your data for advertising.
🛠 Why we need data	To create your account, stop abuse, process paid subscriptions via Paddle, improve our AI model, and keep the service running.
🤝 Who sees it	A short list of trusted providers: our EU cloud host (Microsoft Azure), Paddle (payments), and GitHub Pages (this website). No one else.
⏱ Retention	Aggregated logs & crash reports: 30 days. Account data: while your account is active, then erased or anonymised within 30 days of deletion.
🔐 Your rights	Access, correct, download, delete, or object to processing at any time—just email privacyguardian1@gmail.com.

Our Commitment

We collect only the minimum data necessary to provide our services and never sell, rent, or share your personal information with third parties for marketing purposes.

Information We Collect

Account Information

We collect only the following personal information when you create an account:

Email Address: Used for account creation, authentication, and important service communications
Password: Stored as a secure hash using Argon2 algorithm with salt (we never store plain text passwords)
Display Name: Optional name to personalize your experience within the application

Usage Data

We automatically collect certain information when you use our extension:

Website URLs: Base URLs (e.g., https://notion.so) of websites you choose to analyze - we never transmit full page HTML or your browsing history
Analysis History: Records of your privacy policy analysis requests and results
Extension Settings: Your preferences for notifications and other extension features
Analysis Count: Anonymous metrics on how often you run analyses

Technical Data

Browser Information: Basic browser type and version for compatibility purposes
Extension Version: To ensure compatibility and provide support
Error Logs: Anonymized crash reports without IP addresses to improve service quality

Payment Data

For paid subscriptions, payment information is handled entirely by Paddle. We receive only:

Transaction ID: To associate your payment with your account
Subscription Status: To provide appropriate service level

We never receive or store your credit card details or billing address.

How We Use Your Information

We use your personal information exclusively for the following purposes:

Account Management: Creating and managing your user account
Authentication: Verifying your identity when you log in
Service Provision: Providing privacy policy analysis services and generating reports
Communication: Sending you important service updates, security notifications, and transactional emails (receipts, password resets)
Improvement: Analyzing usage patterns to improve our service and AI model (anonymized data only)
Support: Providing customer support when requested
Safety & Abuse Prevention: Rate-limiting requests and detecting automated scraping

                We Do NOT:
                Sell, rent, or lease your personal information to third parties
Use your data for advertising or marketing purposes without explicit opt-in
Share your information with third parties except as described in this policy
Store or analyze the content of websites you visit beyond URL analysis
Use cookies or trackers in the extension

            

Data Security & Protection

We implement industry-standard security measures to protect your personal information:

Encryption: All data transmission is encrypted using HTTPS/TLS protocols with HSTS enabled
Password Security: Passwords are hashed using Argon2 algorithm with salt
Database Encryption: All databases encrypted at rest using AES-256
Access Controls: Role-based access control with audit logs for administrative actions
Authentication: Secure JWT token-based authentication system
Infrastructure: Hosted on Microsoft Azure EU-West data centers
Regular Updates: Routine vulnerability scans and dependency updates
Two-Factor Authentication: All internal access protected by 2FA

Sharing & International Transfers

We share your data only with essential service providers:

Recipient	What they receive	Safeguards
Microsoft Azure (EU-West)	Encrypted database containing account data and analysis results	EU data centre; data encrypted at rest and in transit
Paddle (payment processor)	Billing details you enter at checkout	PCI-DSS compliant and adheres to GDPR; standard contractual clauses cover EU transfers
GitHub Pages	Static hosting of this site; GitHub logs visitor IPs in server logs	GitHub participates in the EU–US Data Privacy Framework

No other third parties receive personal data. Internal access is limited to two authorized founders, protected by 2-factor authentication.

Your Rights Under GDPR

If you are a resident of the European Union, you have the following rights regarding your personal data:

Right of Access

You have the right to request copies of your personal data that we hold about you.

Right to Rectification

You have the right to request correction of any information you believe is inaccurate or incomplete.

Right to Erasure

You have the right to request deletion of your personal data under certain circumstances.

Right to Restrict Processing

You have the right to request restriction of processing of your personal data under certain circumstances.

Right to Data Portability

You have the right to request transfer of your data to another organization or directly to you.

Right to Object

You have the right to object to our processing of your personal data under certain circumstances.

Exercising Your Rights

To exercise any of these rights, please contact us at privacyguardian1@gmail.com. We will respond to your request within 30 days. If you believe we have violated your rights, you may lodge a complaint with your local supervisory authority (for EU users, this is your national Data Protection Authority).

Data Retention

We retain your personal data only as long as necessary to provide our services and comply with legal obligations:

Account Data: Retained while your account is active, then erased or anonymized within 30 days of deletion request
Analysis Results & URLs: Stored for up to 90 days for model accuracy, then deleted or aggregated
Aggregated Usage & Crash Logs: 30 days, then deleted or fully anonymized
Communication Records: Retained for 3 years for support and legal compliance
Payment Records: Retained as required by accounting laws (typically 7 years)

Cookies and Local Storage

Our extension uses minimal local storage for the following purposes:

Authentication Tokens: Securely stored JWT tokens for user authentication
User Preferences: Your extension settings and notification preferences
Analysis History: Local cache of your privacy analysis results
Notification State: Tracking which sites have already shown privacy notifications

We do not use tracking cookies or third-party analytics cookies. All data storage is essential for the functioning of our service.

Children's Privacy

Our service is not directed to children under 16 years of age. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at privacyguardian1@gmail.com and we will delete it immediately.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. When we make changes:

We will update the "Last Updated" date at the bottom of this policy
We will notify you of significant changes via email or extension notification
We will provide at least 30 days' notice for material changes
Continued use of our service after changes constitutes acceptance of the updated policy

Contact Us

If you have any questions about this Privacy Policy or our data practices, or if you wish to exercise your rights, please contact us:

Email: privacyguardian1@gmail.com

Data Protection Officer: privacyguardian1@gmail.com

We operate remotely; we will provide a mailing address on request or in any future updates.

Last Updated: June 30, 2025

This Privacy Policy is effective as of the date listed above and applies to all users of our Privacy Guardian extension.

🔒 Privacy Policy