GuardLayer

Privacy Policy

Last updated: June 11, 2026

This is a general template provided for convenience and is not legal advice. Have it reviewed by qualified counsel and replace the bracketed placeholders (e.g. [Company Legal Name], [Jurisdiction]) before you rely on it.

This Privacy Policy explains how [Company Legal Name] ("we") collects, uses, and protects information when you use GuardLayer. We aim to collect as little as possible and never sell your data.

1. Information We Collect

  • Code you submit. Files, pasted code, or (later) connected repositories you scan. This may incidentally contain secrets or personal data present in your code.
  • Account data. If you sign in, we receive your name, email, and avatar from GitHub OAuth, or your email address for email sign-in.
  • Waitlist email. If you join the waitlist, we store the email you provide.
  • Technical data. IP address (used for rate limiting and abuse prevention) and basic server logs.
  • Cookies.Only essential cookies (e.g. to keep you signed in). No advertising or tracking cookies. See "Cookies" below.

2. How We Use Information

  • To run security scans and generate your reports and PDF exports.
  • To authenticate you and operate your account and subscription.
  • To prevent abuse, secure the Service, and debug issues.
  • To contact you about the Service or your waitlist request.

3. How Your Code Is Handled & Retained

Your code is processed to produce findings. Scan reports (including the offending code snippets needed to show results) are stored so you can revisit them via their link. In the current version, reports are stored without a user account and are accessible to anyone who has the report's URL — they are not yet tied to individual accounts. We delete stored scan data on request. If you enable AI-written fixes, the relevant code snippet is sent to our AI processor (Anthropic) to generate that fix; it is not used to train models. We do not use your code to train any model.

4. Service Providers (Sub-processors)

We share data only with providers that help us run the Service:

  • Vercel — hosting and delivery.
  • Supabase — database (accounts, reports, waitlist).
  • Anthropic — optional AI-written fixes (only when you enable them).
  • Stripe — payment processing for paid plans (we never see full card details).
  • GitHub — authentication (if you sign in with GitHub).

5. Cookies

We use only strictly necessary cookies required for the site to function (such as your session). We do not use analytics or advertising cookies. You can manage cookies in your browser settings.

6. Data Sharing

We do not sell your personal data. We share it only with the providers above, when required by law, or to protect our rights and users.

7. Security

We use industry-standard measures (encryption in transit, access controls, locked-down database policies) to protect your data. No method is 100% secure, but we work to protect it and to limit what we store.

8. Your Rights

Depending on your location (e.g. GDPR/UK GDPR/CCPA), you may have rights to access, correct, delete, or export your data, and to object to certain processing. To exercise these, contact [privacy@your-domain].

9. International Transfers

Your data may be processed in countries other than your own. Where required, we rely on appropriate safeguards for such transfers.

10. Children

The Service is not directed to children under 16, and we do not knowingly collect their data.

11. Changes

We may update this Policy; material changes will be posted here with an updated date.

12. Contact

Privacy questions: [privacy@your-domain].

Terms · Privacy · Home