Privacy & Policy

Welcome to Guardline Systems. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you access or use our security scanning, code analysis, and repository monitoring services (collectively, the 'Services'). Protecting your privacy and maintaining the confidentiality of your data is central to our mission of building trust with our Users.

By accessing or using Guardline Systems, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree with the terms of this Policy, you must immediately discontinue use of the Services. Your continued use of the platform will be deemed as acceptance of this Privacy Policy and any updates made to it over time.

The data we process may include, but is not limited to: source code and repository content submitted for scanning, account information provided during registration, metadata generated from integrations (such as GitHub, GitLab, Bitbucket, or CI/CD pipelines), and diagnostic or usage information collected to ensure platform security and reliability.

Guardline Systems uses a combination of proprietary technologies and trusted third-party providers to deliver its Services. Where external services are used, your information is encrypted, anonymized where possible, and shared strictly on a need-to-know basis, solely for the purpose of providing analysis, generating reports, or enhancing platform functionality. Guardline Systems does not sell, rent, or repurpose your submitted content for marketing or unrelated commercial purposes without explicit consent.

By using the Services, you consent to the collection and processing of your data in accordance with this Privacy Policy. This includes the use of your information to generate reports, provide recommendations, ensure compliance with security standards, and improve overall platform performance. In cases where AI-driven insights are generated, you acknowledge that such outputs are derived from your submitted content and must be validated before use.

Guardline Systems complies with applicable privacy and data protection laws, including GDPR, CCPA, and other regional frameworks where relevant. We are committed to transparency and will provide notice of any significant updates to this Privacy Policy through email or platform notifications.

Finally, you acknowledge that Guardline Systems is an evolving platform. As we introduce new features, integrations, or technologies, we may update this Privacy Policy to reflect changes in how we collect, use, or protect your data. Continued use of the Services after such updates constitutes your acceptance of the revised Privacy Policy.

For the purposes of this Privacy Policy, the following definitions apply:

Guardline Systems is committed to collecting only the minimum information necessary to provide, improve, and secure our Services. The information we collect is used solely for the purposes described in this Privacy Policy and is handled under strict confidentiality and security measures.

We collect data directly from Users, automatically through use of the Platform, and in some cases from integrated third-party services such as GitHub, GitLab, or Bitbucket when authorized by the User. All collected data is processed in accordance with applicable data protection laws, including GDPR, SOC 2, and ISO 27001 standards.

• Account Information: Includes name, email address, organization, billing details, and authentication credentials necessary to create and maintain an account.
• Repository and Project Data: Source code, configuration files, documentation, and repository metadata submitted for analysis. Guardline treats all User Content as confidential.
• Usage Data: Information about how the Platform is accessed and used, including IP addresses, device identifiers, browser type, and activity logs.
• Security and Diagnostic Data: Logs, scan histories, error reports, and performance metrics used to detect, investigate, and remediate technical or security issues.
• Integration Data: Information obtained when Users connect third-party services (e.g., GitHub, GitLab, Bitbucket, or CI/CD pipelines) to the Platform, including repository metadata and access tokens. Tokens are encrypted and stored securely.
• Communications: Records of communications with Guardline Systems, including support requests, feedback, and responses to security alerts.
• External Processing Data: In limited cases, anonymized and encrypted portions of User Content may be transmitted to carefully selected external Large Language Model (LLM) providers to enhance analysis and generate natural language explanations. No personal identifiers are shared, and processing is restricted to the scope of delivering the Services.

As part of Guardline Systems’ commitment to safeguarding privacy, Users also share responsibility for how data is submitted, managed, and protected when using the Services. Guardline provides strong technical and organizational safeguards, but Users must handle their repositories, code, and related data in ways that uphold security and privacy standards.

By accessing the Services, you acknowledge your role in protecting both your own data and the data of others. This includes ensuring that only authorized and appropriate content is uploaded, avoiding the submission of unnecessary personal information, and complying with applicable privacy and data protection laws.

Misuse of the Services that results in privacy violations, exposure of sensitive information, or infringement of third-party rights is strictly prohibited. Guardline reserves the right to monitor for such misuse and take action, which may include suspension, termination, or legal proceedings if required.

• Only submit code, repositories, or materials that you are legally authorized to share and process.
• Avoid uploading sensitive personal data or confidential records unless strictly necessary for your use of the Services.
• Protect your login credentials, API tokens, and access keys. Notify Guardline immediately of any unauthorized access or suspected compromise.
• Ensure compliance with relevant privacy, data protection, and intellectual property regulations, such as GDPR or industry-specific frameworks.
• Do not upload malicious, harmful, or unauthorized content that could compromise Guardline Systems’ infrastructure or other Users’ data.
• Handle Guardline-generated reports with care, as they may contain sensitive information about your projects. Share them only with authorized individuals within your organization.
• Respect the privacy rights of third parties and do not attempt to extract, misuse, or disclose data that does not belong to you.
• Refrain from tampering with or attempting to bypass Guardline Systems’ privacy and security protections.

At Guardline Systems, protecting the privacy, confidentiality, and integrity of user data is one of our most critical responsibilities. We recognize that our Users trust us with highly sensitive materials, including proprietary codebases, private repositories, and configuration files, and we handle that data with the same rigor and diligence as we apply to our own internal systems.

Our approach to privacy is designed to safeguard data throughout its entire lifecycle—from the moment it is collected, through storage and processing, until its secure deletion. Guardline employs a multi-layered security architecture that includes technical safeguards, administrative controls, and continuous monitoring to ensure that unauthorized access, misuse, or disclosure is prevented at all times.

To reinforce these protections, Guardline complies with recognized international data protection and security frameworks. Our platform undergoes regular independent audits, penetration testing, and vulnerability assessments to validate that our security posture remains resilient against emerging threats. Findings are remediated promptly, and our policies are updated to reflect evolving legal, regulatory, and industry requirements.

We also prioritize the principle of data minimization: collecting and processing only the information that is strictly necessary to deliver the Services. Where feasible, data is anonymized or pseudonymized before analysis, especially when external services or third-party providers are involved. This ensures that sensitive or personally identifiable information is never shared unnecessarily and that data remains protected even in distributed processing environments.

Guardline’s data handling practices are guided by three core commitments: (1) minimal and purposeful data collection, (2) restricted and accountable access on a need-to-know basis, and (3) transparency in how information is processed, retained, and secured. Users are kept informed of retention schedules, third-party engagements, and significant updates to our data protection practices.

Finally, Guardline maintains comprehensive incident detection and response procedures. In the event of a data security incident, affected Users will be notified in accordance with applicable legal and regulatory requirements. Our incident response team works to quickly identify the root cause, contain the risk, and restore secure operations while providing transparency to Users throughout the process.

• All data is encrypted in transit using Transport Layer Security (TLS) and at rest using Advanced Encryption Standard (AES-256).
• Repository data, scan results, and generated reports are automatically deleted within 90 days unless Users explicitly request extended retention or legal/regulatory requirements dictate longer storage.
• No Guardline employee or third party has access to User content without explicit written consent, except where necessary for authorized support, troubleshooting, or legal compliance.
• Infrastructure and processes are aligned with industry-recognized frameworks, including GDPR, SOC 2, ISO 27001, and relevant local data protection laws.
• Regular independent penetration testing, security audits, and vulnerability assessments are performed to validate and strengthen platform defenses against new threats.
• Role-Based Access Control (RBAC) ensures that only authorized individuals within a User’s organization can access reports, with permissions customizable based on team roles and project ownership.
• Continuous monitoring, anomaly detection, and automated alerting systems are used to identify and respond rapidly to suspicious activity or unauthorized access attempts.
• When third-party providers are engaged (e.g., for hosting, integrations, or secure report delivery), only the minimum necessary data is shared. All such providers are contractually obligated to uphold equivalent privacy and security protections.
• Incident response and breach notification procedures are established to ensure rapid communication and remediation in the unlikely event of a security compromise.

Guardline Systems uses collected information solely for legitimate purposes connected to the delivery, improvement, and protection of the Services. We do not sell, rent, or exploit user data for commercial gain, nor do we share information with unauthorized third parties. All processing is conducted under lawful bases permitted by applicable data protection regulations, including GDPR and CCPA, such as contract performance, legitimate interests, consent (where applicable), and legal compliance.

Our data usage practices are guided by principles of purpose limitation, proportionality, and transparency. This means that data is only used for the purposes clearly communicated to Users, kept no longer than necessary, and safeguarded against unauthorized use. Below is a breakdown of the primary ways Guardline Systems uses information and the safeguards that apply in each context.

• Delivering and Maintaining the Services: Information is used to provide Users with security scans, vulnerability assessments, compliance checks, and detailed reporting. This includes repository analysis, continuous monitoring, and report generation. All submitted content is treated as confidential and used solely for fulfilling service requests.
• Third-Party Integrations: At the User’s direction, Guardline may connect with platforms such as GitHub, GitLab, Bitbucket, or CI/CD systems. Data from these integrations (e.g., repository metadata, commit history, access tokens) is used only for enabling the requested functionality and is encrypted both in storage and during transmission.
• User Communications: Contact details are used to provide important service-related updates, such as maintenance notifications, policy changes, account alerts, and security advisories. Where marketing communications are offered, these are sent only with explicit consent, and Users retain the right to opt out at any time.
• Platform Improvement and Analytics: Guardline analyzes anonymized or aggregated usage data to understand how features are used, identify performance bottlenecks, and prioritize enhancements. Personal identifiers are stripped wherever possible to protect privacy, and insights are used strictly to improve platform functionality and user experience.
• Support and Troubleshooting: Information provided through support tickets, logs, or error reports is used to diagnose problems, resolve technical issues, and improve stability. Access to this information is restricted to authorized personnel and is retained only as long as necessary to address the issue.
• Legal and Regulatory Compliance: Data may be processed to fulfill obligations under applicable laws, respond to lawful requests from authorities, or demonstrate compliance with industry standards such as GDPR, SOC 2, and ISO 27001. Any disclosure in these circumstances is carefully reviewed and limited to what is legally required.
• Fraud Prevention and Security: Logs, monitoring data, and authentication details are used to detect and prevent unauthorized access, abuse of the platform, or fraudulent activity. Automated and manual checks are combined to safeguard both the User’s data and Guardline’s infrastructure against threats.
• Service Customization: Guardline may use non-sensitive User preferences, account settings, and usage patterns to tailor the presentation of dashboards, reports, or alerts to improve relevance and efficiency.
• Research and Development: With appropriate safeguards, anonymized datasets may be used internally to train, test, and validate new security detection techniques, machine learning models, and threat intelligence capabilities. No personally identifiable or user-attributable data is used for this purpose without explicit consent.

Guardline Systems treats User data with strict confidentiality and does not sell, rent, or trade personal or project data under any circumstances. Any sharing of information is limited to what is strictly necessary for delivering the Services, maintaining platform functionality, or fulfilling legal and regulatory obligations.

Where data is shared, it is governed by robust contractual and technical safeguards to ensure that third parties uphold equivalent privacy and security protections. Guardline exercises due diligence when selecting and monitoring external partners to ensure they comply with industry standards and applicable data protection laws.

We may disclose information under the following carefully controlled circumstances:

• Service Providers: We work with trusted third-party providers that support the delivery of our Services, including secure cloud hosting, encrypted data storage, payment processing, analytics, and optional integrations. These providers are contractually obligated to handle data in accordance with confidentiality, security, and privacy requirements equivalent to Guardline’s own standards.
• Compliance with Law: Data may be disclosed when required to comply with applicable laws, lawful processes, court orders, or binding requests from government authorities. Such disclosures are limited to the scope of the legal requirement, and whenever possible, affected Users are notified unless prohibited by law.
• Security and Fraud Prevention: Information may be shared to detect, investigate, or prevent malicious activity, unauthorized access, abuse of the Services, fraudulent transactions, or potential security threats. This includes collaboration with cybersecurity specialists or law enforcement where appropriate.
• Corporate Transactions: In the event of a merger, acquisition, reorganization, or sale of Guardline Systems’ assets, User data may be transferred as part of the transaction. In such cases, data will remain subject to the same or stronger privacy protections, and Users will be informed of any material changes affecting their rights.
• User Consent: Guardline will only share data with third parties outside the above circumstances when Users provide explicit, informed consent—for example, when enabling optional integrations, connecting repositories from external platforms, or exporting reports for use with third-party systems.
• Aggregated and Anonymized Data: Guardline may share non-identifiable, aggregated insights (e.g., statistical trends, performance metrics) with partners, researchers, or industry groups. This data cannot be traced back to any individual User or specific project.

Guardline Systems retains personal and project data only for as long as necessary to fulfill the privacy-related purposes outlined in this Privacy Policy, comply with applicable privacy laws, resolve disputes, or enforce agreements.

Unless extended retention is requested by the user or required by law, personal and project data including user-submitted code, repositories, and reports are automatically deleted after 90 days to protect user privacy.

Data retention periods are designed to minimize exposure and ensure compliance with privacy best practices.

• Account Information: Retained for the duration of the account and a limited period thereafter solely to comply with privacy and record-keeping obligations, including username, email, and authentication data.
• Repository and Scan Data: Deleted within 90 days of collection unless the user requests extended retention, ensuring private project data is not stored longer than necessary.
• Usage Logs: Maintained temporarily for diagnostic, security, and privacy compliance purposes, then securely purged to protect user information.
• Support Communications: Retained only as necessary to provide customer support, improve services, or meet privacy-related regulatory obligations.

Guardline Systems provides its services to users across multiple countries and may therefore process personal and project-related data on servers located outside the User’s home jurisdiction. These international transfers are conducted in full compliance with applicable privacy and data protection laws to ensure that User data remains secure and confidential.

Whenever data is transferred internationally, we implement robust safeguards to maintain the privacy, integrity, and security of User information. These safeguards may include legally recognized mechanisms such as Standard Contractual Clauses (SCCs), binding corporate rules, or other transfer frameworks approved under applicable data protection regulations.

Additionally, international transfers are limited to the minimum data necessary for the provision of our services. Data is encrypted during transit, and access is restricted to authorized personnel only. Guardline Systems ensures that third-party processors involved in international data transfers adhere to equivalent privacy standards and contractual obligations to protect User data.

Our international data transfer policies are regularly reviewed and updated to align with evolving global privacy regulations, ensuring that Users’ rights are consistently respected regardless of where their data is processed.

Guardline Systems is committed to respecting your privacy and protecting your personal data. Depending on your jurisdiction, you may have specific rights regarding the personal data we process about you. These rights are designed to give you control over your information and ensure transparency in how your data is handled.

We provide clear mechanisms for Users to exercise these rights, and we handle all requests in accordance with applicable data protection laws. Exercising your rights does not affect your access to Guardline Systems services, except where restrictions are necessary to comply with legal or contractual obligations.

• Right of Access: You can request a copy of the personal data we hold about you, including any information related to your account, activities, and interactions with our services.
• Right to Rectification: You may request corrections to any inaccurate or incomplete personal data to ensure the information we hold is accurate and up to date.
• Right to Erasure: You can request the deletion of your personal data, subject to any retention obligations required by law or necessary to maintain service integrity.
• Right to Restrict Processing: You may request that we limit how your personal data is used under certain circumstances, such as when the accuracy of the data is contested or processing is unlawful.
• Right to Data Portability: You can request a copy of your personal data in a structured, commonly used, and machine-readable format, allowing you to transfer it to another service provider if desired.
• Right to Object: You have the right to object to certain types of processing, including direct marketing or automated profiling, unless otherwise required by law.
• Right to Withdraw Consent: Where we rely on your consent to process personal data, you can withdraw it at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before it was withdrawn.

Guardline Systems may periodically update this Privacy Policy to reflect changes in privacy laws, regulatory requirements, technological advancements, or updates to the Services we provide. Our goal is to ensure that Users are informed about how their personal and project data is collected, processed, and protected.

Any material changes that significantly affect how we handle personal data or User rights will be clearly communicated through email notifications, in-app alerts, or other appropriate channels. Users are encouraged to review the Privacy Policy regularly to stay informed of any updates.

Continued use of Guardline Systems Services after updates to the Privacy Policy have been published indicates that you accept and agree to the revised terms. We recommend reviewing the changes carefully to understand any new practices or obligations regarding your personal and project data.

Guardline Systems is committed to transparency and upholding your privacy rights. If you have any questions, concerns, or requests related to this Privacy Policy, the handling of your personal data, or the exercise of your data protection rights, you may contact us using the details provided below.

For privacy-specific inquiries, including data access requests, corrections, deletions, or complaints, communications should be directed to our Data Protection Officer (DPO) or Privacy Team. For general technical support or product-related questions, Users may also reach out through the Guardline Systems support portal or customer success channels as indicated within the platform.

All privacy-related notices or requests should be submitted in writing. Such communications will be considered effective upon confirmed receipt by Guardline Systems. We recommend retaining proof of delivery (e.g., certified mail, courier receipt, or confirmation email) when submitting critical or time-sensitive privacy requests.