🔒 Privacy

Privacy Policy

This Privacy Policy describes how NetGuard CyberSecurity Company WLL collects, uses, shares, and protects your personal information when you use the NetGuard compliance automation platform and related services.

📅 Effective: 9 April 2026🔄 Version: 1.0📍 Bahrain PDPL No. 30 of 2018

ℹ️

Governing LawThis policy is issued in accordance with the Bahrain Personal Data Protection Law No. 30 of 2018 (PDPL) and its implementing regulations. By using our services, you acknowledge the practices described herein.

01 Information We Collect

We collect information you provide directly, information collected automatically when you use our services, and information from third-party services you connect.

1.1 Account & Registration Data

Identity data: Full name, job title, and professional email address provided at registration.
Organisation data: Company name, industry, size, and billing contact information.
Authentication credentials: Hashed passwords and, where applicable, multi-factor authentication data.

1.2 Usage & Log Data

Platform usage: Pages visited, features used, scan frequency, report generation events, and time spent.
Log data: IP addresses, browser type and version, operating system, referring URLs, and timestamps of all requests.
Device information: Device type, screen resolution, and browser capabilities.

1.3 Integration Credentials

When you connect third-party services (AWS, Azure, GCP, Okta, Cisco Meraki, Palo Alto Panorama, GitHub, GitLab, and others), we receive API keys, access tokens, and other credentials. These are encrypted and stored in a secure vault — never in plaintext and never in our application database.

1.4 Compliance Scan Data

The Platform collects configuration metadata from your connected infrastructure (e.g. security group rules, IAM policies, MFA settings) to evaluate compliance controls.

✅

Read-Only Access OnlyNetGuard uses read-only access to your infrastructure. We collect configuration metadata — we do not read, copy, or store the contents of your business data, databases, files, or communications.

1.5 Support & Communications

Information you provide when contacting our support team, including bug reports and feature requests.
Responses to user research surveys or NPS responses you choose to complete.

02 How We Use Your Information

We process personal data only for the purposes and on the lawful bases set out below:

Purpose	Lawful Basis (Bahrain PDPL)
Providing and operating the NetGuard Platform	Contract performance
Running automated compliance scans and generating reports	Contract performance
User authentication and account security	Contract performance / Legitimate interest
Sending service notifications (scan results, alerts)	Contract performance
Providing customer and technical support	Contract performance / Legitimate interest
Improving platform performance and reliability	Legitimate interest
Analytics and product development	Legitimate interest
Sending marketing communications	Consent (opt-in only)
Fraud prevention and enforcing our Terms of Service	Legitimate interest / Legal obligation
Complying with legal obligations	Legal obligation

🚫

We Never Sell Your DataWe do not sell, rent, or share your personal data with advertisers or data brokers. We do not use your compliance scan data to train machine learning models without your explicit written consent.

04 Data Retention

We retain personal data only as long as necessary for the purposes described in this policy or as required by law:

Data Category	Retention Period
Account & profile data	Duration of account + 90 days after deletion
Compliance scan results & reports	7 years (regulatory requirement)
Integration credentials	Deleted immediately upon integration removal or account deletion
Audit & access logs	3 years
Support communications	3 years from last interaction
Billing records	7 years (financial regulations)
Anonymised usage analytics	Indefinitely (non-identifiable)

Upon account deletion, we will delete or anonymise your personal data within 90 days, except where retention is required by applicable law.

05 Security

We implement industry-standard security measures to protect your personal data:

Encryption at rest: All data encrypted using AES-256.
Encryption in transit: All communications secured with TLS 1.2 or higher.
Integration credentials: Stored exclusively in an encrypted vault — never in our database or application code.
Multi-factor authentication (MFA): Enforced for all Platform access.
Role-based access controls (RBAC): Principle of least privilege enforced across all systems.
Tenant isolation: Complete logical data isolation between organisations.
Penetration testing: Regular third-party security assessments.
Audit logging: All data access and modifications logged with user identity and timestamp.

⚠️

Security DisclosureNo method of transmission over the internet or electronic storage is 100% secure. While we use commercially reasonable security measures, we cannot guarantee absolute security. If you discover a security vulnerability, please contact us immediately at [email protected].

06 Your Data Subject Rights

Under the Bahrain Personal Data Protection Law No. 30 of 2018, you have the following rights with respect to your personal data:

Right	Description
Access	Request a copy of the personal data we hold about you.
Rectification	Request correction of inaccurate or incomplete personal data.
Deletion (Erasure)	Request deletion of your personal data, subject to legal retention requirements.
Portability	Receive your data in a structured, machine-readable format for transfer to another controller.
Objection	Object to processing based on legitimate interests or for direct marketing purposes.
Withdraw Consent	Withdraw consent at any time where processing is based on consent, without affecting prior processing.
Lodge a Complaint	File a complaint with the Personal Data Protection Authority in the Kingdom of Bahrain.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. We may need to verify your identity before processing your request.

Marketing Opt-Out

You may opt out of marketing communications at any time by clicking "Unsubscribe" in any marketing email, or by contacting us at [email protected]. Transactional and service communications (e.g. scan results, security alerts, billing notices) cannot be disabled while your account is active.

07 Cookies & Tracking Technologies

We use the following cookies and similar technologies to operate and improve the Platform. Essential cookies are deployed without consent. Analytics and marketing cookies require your opt-in consent.

Cookie Name	Category	Purpose	Duration
session_id	Essential	Session management and user state tracking	Session
csrf_token	Essential	Cross-site request forgery protection	Session
auth_cookie	Essential	Authentication and session persistence	24 hours
user_preferences	Preferences	UI settings (theme, layout preferences)	1 year
_ga, _gid	Analytics (opt-in)	Google Analytics — anonymous usage statistics	90 days / 24 hours
Auth0 cookies	Authentication	Auth0 SSO session management	Session

Essential cookies are strictly necessary for the Platform to function and cannot be disabled without impairing core functionality. Analytics cookies (Google Analytics) are only activated after you provide explicit opt-in consent via our cookie consent banner. You may withdraw consent at any time through our cookie settings or your browser settings.

08 Data Residency

Your data is stored and processed in the Middle East / Kingdom of Bahrain region (AWS me-south-1 or equivalent). We do not transfer Customer Data to regions outside the Middle East by default.

Where we engage sub-processors located outside the Kingdom of Bahrain, we ensure appropriate safeguards are in place (such as contractual data protection clauses consistent with the Bahrain PDPL) to protect your personal data during any such transfer.

09 Third-Party Services

The Platform may contain links to third-party websites or integrate with third-party services. This Privacy Policy applies only to NetGuard's processing of your data. We are not responsible for the privacy practices of any third-party services you connect to or interact with through our Platform. We encourage you to review the privacy policies of any such services before connecting them.

10 Children's Privacy

NetGuard is a business-to-business (B2B) platform intended for use by organisations and their employees. Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal data from a person under 18, we will take prompt steps to delete that information.

11 Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the law, or the way we operate. When we make material changes, we will:

Post the updated policy on our website and within the Platform.
Update the "Effective Date" at the top of this policy.
Send an email notification to the primary contact for each organisation account.
For significant changes, provide at least 30 days' advance notice before the changes take effect.

Your continued use of the Platform after the effective date of any changes constitutes your acceptance of the updated policy.

12 Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us through any of the following channels:

✉️

NetGuard CyberSecurity Company WLL — Privacy TeamEmail: [email protected]
Phone: +973 39935151
Address: Seef District, Manama, Kingdom of Bahrain
CR No.: 196069-1

We will acknowledge your request within 5 business days and provide a full response within 30 days. For complex requests, we may extend this period by up to an additional 30 days with prior notice.

NetGuard CyberSecurity Company WLL
Commercial Registration No. 196069-1
Seef District, Manama, Kingdom of Bahrain
Privacy contact: [email protected] · +973 39935151