Guardzy
Log in Start your cyber security program

Guardzy legal

Privacy Policy

Guardzy is committed to protecting privacy and handling personal information transparently, securely, and responsibly.

Last updated: March 24, 2026 This page explains how Guardzy collects, uses, stores, and shares personal information when you use our website, platform, and related services.

1. Overview

Overview

In short: this policy applies to Guardzy's website, platform, demos, trials, support interactions, and related services.

This Privacy Policy applies to Guardzy's public website, product platform, demo and trial experiences, support channels, customer onboarding, and related business services.

It explains how Guardzy handles personal information when people visit our website, create or use an account, interact with our team, or access Guardzy through an organisation subscription.

By using Guardzy's services, you acknowledge that this policy applies to the personal information we collect and process in connection with those services.

2. Information We Collect

Information We Collect

In short: we collect information you provide, customer content stored in the platform, technical usage data, integration data, and limited billing information needed to run the service.

Information you provide directly

Plain English: this is information you give us when you sign up, request a demo, contact support, or interact with Guardzy directly.

  • Name
  • Work email
  • Phone number
  • Company name
  • Role or job title
  • Account credentials and login details
  • Demo, trial, or contact form submissions
  • Support messages and customer communications

Customer content

Plain English: this is the business information customers choose to store and manage inside Guardzy.

  • Asset registers
  • Risk registers
  • Controls
  • Treatments and actions
  • Policies
  • Evidence and attachments
  • Comments, notes, tasks, and workflow records

Automatically collected information

Plain English: like most SaaS services, we collect technical and usage information to operate, secure, and improve the platform.

  • IP address
  • Browser and device data
  • Log data
  • Session and usage activity
  • Pages visited
  • Timestamps and related event data

Information from integrations

Plain English: if you connect third-party systems, Guardzy may receive or exchange relevant data needed to make those integrations work.

  • Google Workspace
  • Microsoft 365
  • Slack
  • Jira
  • Other connected cloud or business system integrations

Billing and transaction information

Plain English: we collect the commercial and billing details needed to manage subscriptions and invoices, but payment processing may be handled by specialist providers.

  • Subscription details
  • Billing contact information
  • Payment-related metadata

3. How We Use Information

How We Use Information

In short: we use personal information to operate Guardzy, secure accounts, support customers, improve the platform, manage commercial relationships, and meet legal obligations.

Guardzy may use personal information to:

  • Create and manage accounts
  • Authenticate users and secure access
  • Provide the platform and its core features
  • Support collaboration, workflows, reminders, approvals, and reporting
  • Provide customer support and troubleshoot issues
  • Improve reliability, performance, usability, and product quality
  • Process subscriptions and billing
  • Detect, investigate, and prevent fraud, misuse, security incidents, and unauthorised access
  • Comply with legal, regulatory, and contractual obligations
  • Communicate service updates, security notices, and administrative messages
  • Send marketing communications where permitted, with opt-out controls

Where UK or EU data protection rules apply, Guardzy may rely on lawful bases such as performance of a contract, legitimate interests, compliance with legal obligations, or consent where consent is the appropriate basis.

4. Customer Content and Account Data

Customer Content and Account Data

In short: Guardzy distinguishes between account-level personal information and customer-controlled business content stored in the platform.

Guardzy handles both personal or account information about users and customer-controlled business information stored in workspaces.

Personal or account information includes details such as names, work emails, login activity, billing contacts, and support interactions. Customer content includes records, evidence, attachments, and other business information customers choose to manage through the platform.

Where Guardzy provides the platform to an organisation customer, Guardzy may process relevant customer content on behalf of that customer in order to provide the service.

In those cases, Guardzy processes customer content in accordance with customer instructions, platform configuration, and applicable contract terms.

5. AI, Analytics, and Product Improvement

AI, Analytics, and Product Improvement

In short: Guardzy uses analytics and service telemetry to improve the product, and AI-assisted features are intended to support user workflows rather than replace review or judgment.

Guardzy may use analytics, operational telemetry, and product usage information to improve service reliability, usability, security, and feature quality.

Where Guardzy offers AI-assisted drafting, recommendations, summaries, or workflow support, those features are designed to support user workflows and accelerate operational tasks.

Customers should review outputs before relying on them, especially for risk, compliance, audit, or business decisions.

Some AI-related controls may be available through product settings, workspace configuration, or commercial terms depending on the feature and customer plan.

6. Cookies and Similar Technologies

Cookies and Similar Technologies

In short: Guardzy uses cookies and similar technologies for core service operation, preferences, and analytics, with browser controls available to users.

Guardzy may use:

  • Essential cookies to support sign-in, session handling, security, and core service operation
  • Analytics cookies to understand performance and usage patterns
  • Functionality or preference cookies to remember settings and improve the user experience
  • Marketing cookies only where Guardzy actually uses them and where permitted

Users can manage cookies through browser settings and, where available, Guardzy's cookie controls.

7. How We Share Information

How We Share Information

In short: Guardzy shares information with carefully selected service providers and other parties only where needed to operate the service, support customers, meet legal obligations, or support a business transaction.

Guardzy may share information with:

  • Hosting and cloud infrastructure providers
  • Authentication and identity providers
  • Payment processors
  • Customer support providers
  • Analytics providers
  • Communication and email providers
  • Professional advisers
  • Regulators, courts, law enforcement, or authorities where required
  • Parties involved in a merger, acquisition, restructure, or sale of business assets

Guardzy does not sell personal information in the ordinary sense of selling user data for profit.

8. International Data Transfers

International Data Transfers

In short: Guardzy and its service providers may process information across borders, and we take reasonable steps to protect data where international transfers occur.

Guardzy and its service providers may process information in countries outside the jurisdiction where the user or customer is located.

Where international transfers occur, Guardzy takes reasonable steps to protect information and uses appropriate contractual, technical, or operational safeguards where required.

9. Data Retention

Data Retention

In short: Guardzy keeps information for as long as it is reasonably needed to operate the service, support customers, meet legal obligations, and manage backups and security records.
  • Account information is retained while the account is active and for a reasonable period afterward.
  • Customer content is retained in line with contractual terms, account settings, legal obligations, backup cycles, and legitimate business needs.
  • Support, billing, audit, and security records may be retained for legal, security, fraud prevention, and compliance purposes.
  • When information is no longer required, Guardzy will take reasonable steps to delete or de-identify it where appropriate.

10. Security

Security

In short: Guardzy uses layered technical and organisational controls to protect information, but no system can promise absolute security.

Guardzy uses security measures such as:

  • Encryption in transit
  • Role-based access controls
  • Authentication safeguards
  • Logging and monitoring
  • Least-privilege principles
  • Backups and recovery processes
  • Vendor risk management
  • Incident response processes

No method of transmission over the internet or method of electronic storage is completely secure, so Guardzy cannot guarantee absolute security.

11. Your Rights and Choices

Your Rights and Choices

In short: depending on your location and relationship with Guardzy, you may have rights to access, correct, delete, object, restrict, port, or complain about how your information is handled.
  • Access
  • Correction
  • Deletion
  • Objection or restriction where applicable
  • Data portability where applicable
  • Withdrawal of consent where processing is based on consent
  • Marketing unsubscribe rights
  • Complaint rights

If Guardzy processes information on behalf of an organisation customer, we may direct certain requests to the relevant customer administrator where appropriate.

12. Business Accounts and Administrators

Business Accounts and Administrators

In short: if you use Guardzy through a work account or team subscription, authorised administrators may have visibility into account activity and workspace content.

If you sign up using a work email or use Guardzy through an employer or team subscription, certain account information and activity may be visible to authorised administrators of that workspace.

Administrators may control workspace settings, permissions, access, and content associated with organisational use.

Users should avoid storing personal or private material in organisation-managed environments if they want that material kept separate from work-managed systems.

13. Third-Party Services and Integrations

Third-Party Services and Integrations

In short: when you connect third-party tools, Guardzy exchanges the data needed to make those integrations work, but those services remain subject to their own terms and privacy policies.

When users connect third-party tools, Guardzy may exchange relevant data with those services to enable the integration, synchronise records, or support connected workflows.

Third-party services are governed by their own privacy terms and policies, and customers should review those policies directly.

14. Changes to This Policy

Changes to This Policy

In short: Guardzy may update this policy over time, and material changes may be communicated through the website, product, or email.

Guardzy may update this Privacy Policy from time to time.

Material changes may be notified through the website, the product, or email where appropriate.

Continued use of Guardzy after an update may be treated as acknowledgment of the revised policy.

15. Contact Us

Contact Us

In short: contact Guardzy if you have privacy questions, want to exercise your rights, or need to make a complaint.

If you have questions, requests, or complaints about this Privacy Policy or how Guardzy handles personal information, contact us at:

Privacy requests and complaints should include enough detail for Guardzy to understand the request and respond appropriately.