Guardrly

Privacy Policy

Last updated: April 2026

1. What We Collect

We collect the following categories of data:

  • Account data: Email address and password hash when you register.
  • Operation logs: Metadata about API calls your AI Agent makes (endpoint, HTTP method, status code, timestamp, platform name). Raw request/response bodies are PII-scrubbed before transmission (see Section 3).
  • Usage data: Dashboard page views, feature usage, and plan tier — used to improve the product.
  • Billing data: Subscription status and plan tier, synced from Paddle. We never store raw payment card information.

2. What We Do NOT Collect

  • Raw business data — ad creatives, product content, customer records, or audience data.
  • API credentials or access tokens for external platforms (Meta, Google, Shopify, etc.).
  • Personal information about your end-customers or users.
  • Any data beyond what is required for operation monitoring and alerting.

3. PII Scrubbing

Guardrly runs a PII scrubber at the local MCP layer before any data is transmitted to our servers. The following are automatically redacted:

  • Authorization headers and bearer tokens → [REDACTED]
  • Access tokens in URLs → [REDACTED]
  • Email addresses → [EMAIL]
  • Phone numbers → [PHONE]
  • Credit card number patterns → [CARD_CANDIDATE]

This means sensitive credentials and personal data never leave your machine in readable form.

4. Data Retention

Operation logs are retained according to your plan:

  • Free — 7 days
  • Starter — 30 days
  • Pro — 90 days
  • Agency — 365 days

Logs older than your plan's retention window are automatically deleted. If you downgrade your plan, historical logs beyond your new retention window become inaccessible but are not immediately deleted (30-day grace period).

Account data is retained until you delete your account. After deletion, all data is purged within 30 days.

5. How We Use Your Data

  • To provide the monitoring, alerting, and reporting service.
  • To send alert notifications via email or Telegram.
  • To generate appeal-ready operation reports on your request.
  • To enforce plan limits and prevent abuse.
  • To improve the semantic parsing and alert rules (aggregate, anonymized analysis only).

We do not sell your data to third parties. We do not use your operation logs to train AI models without your explicit consent.

6. Your Rights

  • Export: You can export all your operation logs in JSON or PDF format from the Dashboard at any time.
  • Delete: You can delete your account and all associated data from Settings → Account → Delete Account.
  • Correct: You can update your email address and notification preferences at any time.
  • GDPR / CCPA: If you are located in the EU or California, you have additional rights under GDPR and CCPA. Contact us at privacy@guardrly.com to exercise these rights.

7. Third-Party Services

  • Paddle — payment processing. Subject to Paddle's own privacy policy.
  • Telegram — optional alert delivery. Only your Telegram chat ID is stored; no message content is retained on our side.
  • Resend — transactional email delivery.

8. Contact

For privacy-related questions or requests, contact us at privacy@guardrly.com.