This Privacy Policy describes how NetGuard Technologies, Inc. ("NetGuard", "we", "us", or "our") collects, uses, shares, and protects your personal information when you use our compliance automation platform and related services. Please read this policy carefully.
We collect information you provide to us directly, information collected automatically when you use our services, and information from third-party sources.
When you connect third-party services (AWS, Okta, Azure, GCP, GitHub, GitLab, Cisco Meraki, Palo Alto Panorama), we collect configuration data and security metadata from those services strictly for the purpose of evaluating compliance controls. We do not collect, store, or access the contents of your data stored in those services.
Important: NetGuard uses read-only access to your infrastructure. We collect configuration metadata (e.g., security group rules, IAM policies, MFA settings) — we do not read your business data, databases, files, or communications.
We use the information we collect for the following purposes:
| Purpose | Legal Basis |
|---|---|
| Providing and operating the NetGuard platform | Contract performance |
| Running automated compliance scans and generating reports | Contract performance |
| User authentication and account security | Contract performance / Legitimate interest |
| Sending service notifications (scan results, alerts) | Contract performance |
| Providing customer support | Contract performance / Legitimate interest |
| Improving platform performance and reliability | Legitimate interest |
| Analytics and product development | Legitimate interest |
| Sending marketing communications (with opt-in) | Consent |
| Complying with legal obligations | Legal obligation |
| Preventing fraud and enforcing our Terms of Service | Legitimate interest / Legal obligation |
We do not sell your personal information to third parties. We do not use your compliance data to train machine learning models without explicit consent.
We may share your information in the following limited circumstances:
We engage trusted third-party service providers who process data on our behalf, including cloud infrastructure (AWS), database hosting, email delivery, payment processing, and analytics. All providers are contractually bound to handle data in accordance with this policy and applicable law.
Users within your organisation may view compliance scan results, control statuses, and reports as permitted by the role-based access controls configured by your organisation's administrator.
We may disclose your information if required by law, court order, or governmental authority, or if we believe disclosure is necessary to protect the rights, property, or safety of NetGuard, our customers, or the public.
If NetGuard is involved in a merger, acquisition, or asset sale, your information may be transferred as part of that transaction. We will notify you before your data is transferred and becomes subject to a different privacy policy.
We may share your information for any other purpose with your explicit consent.
We never: sell your data to advertisers, share your compliance results with competitors, or use your infrastructure credentials for any purpose other than running your authorised compliance scans.
We retain your data for as long as your account is active or as needed to provide services. Specific retention periods:
| Data Type | Retention Period |
|---|---|
| Account and profile data | For the duration of the account, plus 90 days after deletion |
| Compliance scan results and reports | 3 years (or as required by applicable regulations) |
| Integration credentials | Deleted immediately upon integration removal or account deletion |
| Audit logs and access logs | 2 years |
| Support communications | 3 years from last interaction |
| Billing records | 7 years (as required by financial regulations) |
| Anonymised usage analytics | Indefinitely (non-identifiable) |
Upon account deletion, we will delete or anonymise your personal data within 90 days, except where retention is required by applicable law.
We implement industry-standard security measures to protect your information:
No method of transmission over the internet or electronic storage is 100% secure. While we use commercially reasonable security measures, we cannot guarantee absolute security. If you discover a security vulnerability, please contact us at [email protected] immediately.
Depending on your location, you may have the following rights regarding your personal data:
| Right | Description |
|---|---|
| Access | Request a copy of the personal data we hold about you. |
| Rectification | Request correction of inaccurate or incomplete personal data. |
| Erasure | Request deletion of your personal data, subject to legal retention requirements. |
| Restriction | Request restriction of processing of your personal data in certain circumstances. |
| Portability | Receive your data in a structured, machine-readable format. |
| Objection | Object to processing based on legitimate interests or for direct marketing. |
| Withdraw Consent | Withdraw consent at any time where processing is based on consent. |
| Lodge a Complaint | File a complaint with your local data protection authority. |
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. We may need to verify your identity before processing your request.
You may opt out of marketing communications at any time by clicking "Unsubscribe" in any marketing email, or by contacting us at [email protected]. Transactional and service communications (e.g., scan results, security alerts) cannot be disabled while your account is active.
We use cookies and similar technologies to operate our platform:
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential / Session | Authentication tokens (JWT), session management, CSRF protection | Session / 24 hours |
| Preferences | User interface preferences (theme, layout settings) | 1 year |
| Analytics | Anonymous usage analytics to improve the platform | 90 days |
| Security | Fraud detection and abuse prevention | Session |
We do not use third-party advertising cookies. You can manage cookie preferences through your browser settings. Disabling essential cookies will prevent you from using the platform.
NetGuard operates globally. Your data may be transferred to and processed in countries outside your country of residence, including the United States. When we transfer personal data from the European Economic Area (EEA), United Kingdom, or Switzerland to countries not recognised as providing adequate data protection, we use:
By using our services, you acknowledge and consent to these transfers.
NetGuard is a business-to-business (B2B) platform intended for use by organisations and their employees. Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a person under 18, we will take steps to delete that information promptly.
The NetGuard platform may contain links to third-party websites or integrate with third-party services. This Privacy Policy applies only to NetGuard. We are not responsible for the privacy practices of any third-party websites or services. We encourage you to review the privacy policies of any third-party services you connect to or interact with through our platform.
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the way we operate our platform. When we make material changes, we will:
Your continued use of the platform after the effective date of any changes constitutes your acceptance of the updated policy.
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
NetGuard Technologies, Inc.
Attn: Privacy Team
Email: [email protected]
Security concerns: [email protected]
Website: netguard.io
For EU/EEA residents, our Data Protection Officer can be reached at [email protected]. You also have the right to lodge a complaint with your local supervisory authority.