Privacy Policy

Last updated: March 9, 2026

Guardr ("we", "us", "our") operates guardr.io. This Privacy Policy explains how we collect, use, store, and protect your information when you use guardr.io and related services.

By using Guardr, you agree to the practices described in this policy.

1. Information We Collect

Information you provide

Account information: Name, email address, and password when you create an account.

Site URLs: Website domains you add for monitoring.

Billing information: Processed by LemonSqueezy (our Merchant of Record). We do not store your payment card details.

Waitlist entries: Email address and plan interest when you join our waitlist.

Communications: Any emails or messages you send to our support team.

Information we generate

Security scan results: Data about your websites' security configuration, including TLS/SSL settings, security headers, DNS records, exposed files, and cookie configurations.

Uptime monitoring data: HTTP status codes, response times, and availability records for your monitored websites.

Alert history: Records of downtime, recovery, and security grade change notifications sent to you.

Information collected automatically

IP address: Used for rate limiting and security purposes. Provided by Cloudflare's infrastructure.

Essential cookies: We use cookies solely for authentication sessions and remembering your cookie notice preference. No tracking or advertising cookies are used.

2. How We Use Your Information

We use your information exclusively to:

Provide and operate the Guardr service (scanning, monitoring, alerts), authenticate your account and maintain your session, send service-related notifications (downtime alerts, security grade changes, password resets), process billing and manage your subscription, enforce rate limits and prevent abuse, respond to your support requests, and improve the reliability and performance of our service.

We do not use your information for advertising, profiling, or selling to third parties.

3. Third-Party Services

We share data only with the following service providers, each acting as a data processor:

Cloudflare — Infrastructure (hosting, CDN, DNS, database, compute). All service data is processed within Cloudflare's infrastructure.

LemonSqueezy — Payment processing (Merchant of Record). Receives email, name, and billing details.

Resend — Transactional email delivery. Receives email address and notification content.

Public certificate transparency logs — We query publicly available certificate transparency data to monitor SSL/TLS certificate expiry for your domains. Only the domain name is sent; no personal information is shared.

These providers process data solely on our behalf and under contractual obligations to protect your data. We do not share, sell, or rent your personal information to any other third parties.

4. Data Storage and Security

All data is stored and processed within Cloudflare's global infrastructure using Cloudflare D1 (database) and Cloudflare KV (key-value storage). Passwords are hashed using industry-standard algorithms. We never store plaintext passwords. Session cookies are encrypted, HttpOnly, and transmitted only over HTTPS. HSTS is enabled with a 12-month duration, including subdomains and preload. Access to production data is restricted to the service operator.

5. Data Retention

Scan results and uptime data: Retained according to your plan (Free: 7 days, Solo: 14 days, Starter: 30 days, Pro: 90 days, Agency: 365 days). Data beyond your retention period is automatically deleted by our daily cleanup process.

Account data: Retained for as long as your account is active. When you delete your account, all associated data is permanently removed.

Deleted sites: When you remove a site from your dashboard, all associated data (scan results, uptime checks, alerts) is permanently deleted.

Waitlist entries: Retained until you unsubscribe via your account settings.

6. Your Rights

You have the right to:

Access your data: Use the "Download My Data" feature in your account settings to export all your data as a JSON file.

Delete your data: Use the "Delete Account" feature in your account settings to permanently erase your account and all associated data.

Unsubscribe from the waitlist: Use the option in your account settings.

Lodge a complaint: You may contact the relevant data protection authority in your jurisdiction.

7. Cookies

We use only essential cookies:

Session cookie — Authentication and session management. Duration: 7 days.

cookie_notice — Remembers your cookie notice dismissal. Duration: 1 year.

We do not use analytics, advertising, or third-party tracking cookies.

8. International Data Transfers

Guardr is operated from Israel. Your data is processed within Cloudflare's global infrastructure, which may include servers in multiple countries. Israel holds an adequacy decision from the European Commission, meaning data transfers from the EU to Israel are recognized as providing adequate protection under GDPR.

9. Children's Privacy

Guardr is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or through a notice on our website. The "Last updated" date at the top reflects the most recent revision.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at support@guardr.io.