Privacy Policy

Email Address: We collect your email when you create an account. This is used for login, notifications, and account recovery.

Encrypted Passwords: When you use our password vault, passwords are encrypted on YOUR device before being sent to our servers. We never see your plaintext passwords.

Threat Statistics: We track how many threats our extension blocks to show you in your dashboard. This data is aggregated and anonymized.

Device Information: We collect basic device info (OS, browser version) to ensure compatibility and provide support.

❌ Browsing History: We never track which websites you visit.

❌ Personal Data: We don't collect your name, address, phone number, or any personally identifiable information beyond your email.

❌ Payment Information: Credit card details are handled entirely by Stripe. We never see or store your payment info.

❌ Plaintext Passwords: Your vault passwords are encrypted with zero-knowledge encryption. We can't read them even if we wanted to.

• Account Management: Your email is used to authenticate you and send important account notifications.

• Security Alerts: If we detect a data breach affecting your accounts, we'll email you immediately.

• Product Improvements: Aggregated threat statistics help us improve our scam detection algorithms.

• Customer Support: We may use your email to respond to support requests.

Stripe: We use Stripe for payment processing. Your payment information goes directly to Stripe and is never stored on our servers. Stripe's privacy policy: stripe.com/privacy

Resend: We use Resend to send transactional emails. Your email address is shared with Resend only for this purpose.

PhishTank: Our extension checks URLs against PhishTank's database to detect scams. No personal information is sent to PhishTank.

• All data is transmitted over HTTPS (encrypted in transit)

• Passwords are stored using bcrypt hashing

• Vault passwords use AES-256-GCM encryption with client-side key derivation

• Our database is hosted on Railway with automatic backups

• Our encryption code is open source for security auditing

• Access: You can request a copy of all data we have about you

• Deletion: You can delete your account at any time from settings

• Export: You can export your vault passwords as encrypted JSON

• Opt-out: You can disable email notifications in settings

• Active accounts: Data retained indefinitely while subscription is active

• Canceled accounts: Data deleted 30 days after cancellation

• Deleted accounts: All data permanently deleted within 7 days

We may update this privacy policy from time to time. We'll notify you via email of any significant changes.

Questions about this privacy policy? Email us at support@guardianos.org