Privacy Policy

Last updated: December 8, 2025

Guardantix LLC (“Guardantix,” “we,” “us,” or “our”) is a Pennsylvania, USA limited liability company that provides business-to-business (“B2B”) cybersecurity and IT consulting services. This Privacy Policy explains how we collect, use, disclose, and safeguard personal information when you visit https://guardantix.com/ or any other online resource that links to this Privacy Policy (the “Website”), and when you otherwise interact with us online (together, the “Online Services”).

This Policy also explains, at a high level, how we handle personal information that we process for our clients during paid consulting engagements. Those engagements are primarily governed by the applicable master services agreement (“MSA”), statement(s) of work (“SOW”), and, for certain healthcare clients, a business associate agreement (“BAA”), and are referenced separately from the Website practices described here.

We primarily operate in the United States and Canada. By using the Online Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Online Services.

If you have any questions or concerns about this Privacy Policy or our data practices, you can contact us at hello@guardantix.com or through our online contact form at https://guardantix.com/contact/.

Summary of key points

This summary highlights some important points. Please read the full Privacy Policy below for more detail on any topic.

What personal information do we collect? We collect business contact details (such as your name, work email address, company, and job title), information you submit through forms or communications, and technical and usage data collected automatically when you visit our Website. We also process certain personal information on behalf of our clients during consulting engagements. Learn more.
Do we process sensitive personal information? We do not intentionally collect sensitive personal information (such as health, financial, or government ID numbers) through our public Website. In our consulting work, however, we may process sensitive or regulated data (for example, protected health information) strictly under contract as a service provider, processor, or business associate. Learn more.
Do we collect information from third parties? For the Website, we generally collect personal information directly from you or automatically from your device. We do not typically obtain Website visitor information from third-party data brokers.
How do we use personal information? We use personal information to operate, secure, and improve the Website; respond to inquiries; manage leads and client relationships; provide information about our services; comply with legal obligations; and protect our rights. When working for clients, we use personal information only as instructed in the governing contracts. Learn more.
Do we share personal information? We share personal information with service providers that support our operations (such as hosting, analytics, customer relationship management, communications, project management, AI-powered tools, and professional advisors), and in connection with legal obligations or business transactions. We do not sell personal information for money. Some uses of analytics or advertising cookies may be considered “sharing” or “targeted advertising” under certain state privacy laws, and you can opt out of those uses. Learn more.
How do we protect personal information? We use reasonable administrative, technical, and organizational safeguards appropriate for a cybersecurity and IT consulting firm. However, no system can be guaranteed to be completely secure. Learn more.
What are your rights? Depending on where you live (for example, certain U.S. states or Canada), you may have rights such as access, correction, deletion, portability, and the right to opt out of certain uses (including targeted advertising or “sale”/“sharing” where applicable). Learn more. U.S. state-specific rights are described in Section 12.
How can you exercise your rights? You can contact us at hello@guardantix.com or via our contact form at https://guardantix.com/contact/. We may need to verify your identity and location before fulfilling your request. Learn more.
Children’s privacy. The Website is intended for business and professional users and is not directed to children. We do not knowingly collect personal information from children under the age of 13 (or the minimum age in your jurisdiction). Learn more.

WHAT INFORMATION DO WE COLLECT?
HOW DO WE PROCESS YOUR INFORMATION?
WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR INFORMATION?
WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?
WHAT IS OUR STANCE ON THIRD-PARTY WEBSITES?
DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?
HOW LONG DO WE KEEP YOUR INFORMATION?
HOW DO WE KEEP YOUR INFORMATION SAFE?
DO WE COLLECT INFORMATION FROM MINORS?
WHAT ARE YOUR PRIVACY RIGHTS?
CONTROLS FOR DO-NOT-TRACK FEATURES
DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?
DO WE MAKE UPDATES TO THIS POLICY?
HOW CAN YOU CONTACT US ABOUT THIS POLICY?
HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

1. WHAT INFORMATION DO WE COLLECT?

1.1 Personal information you provide to us

In short: We collect personal information that you choose to provide, mainly in a professional or business context.

We collect personal information that you voluntarily provide when you:

request information about our cybersecurity or IT consulting services;
fill out a form on the Website (for example, to request a consultation, download materials, or subscribe to updates);
communicate with us by email, phone, video conference, text message, or other channels; or
otherwise interact with us in connection with the Online Services.

The personal information we collect depends on how you interact with us and the choices you make, and may include:

Identifiers and contact information. For example, your name, business or professional email address, company or organization name, job title or role, phone number, and other similar identifiers.
Professional and company details. Such as your department, team, or functional area; the type, size, or industry of your organization; and other information you choose to share about your business needs.
Communications and content. The contents of messages you send to us, including free-text fields in forms, email correspondence, support or sales inquiries, feedback, and any files or documentation you choose to upload or send.
Marketing and communication preferences. Your preferences for receiving communications from us, such as newsletter subscriptions or opt-out choices.
Other information you choose to provide. Any other personal information you voluntarily submit, such as information shared in connection with events, webinars, or surveys.

Sensitive personal information on the Website. We do not intentionally request sensitive personal information (for example, health information, government-issued identifiers, or payment card numbers) through our public Website forms. Please do not include such information in free-text fields or attachments submitted via the Website unless we specifically ask for it and provide secure means for doing so.

All personal information you provide should be accurate, complete, and up to date. If any of your information changes, please let us know so we can update our records.

1.2 Information collected automatically

In short: We automatically collect certain technical and usage information when you visit our Website.

When you access or use the Online Services, we automatically collect certain information about your device and how you interact with the Website. This information does not typically identify you by name but may be considered “personal information” or “personal data” under some laws. It helps us operate, secure, and improve the Website.

The information we collect automatically may include:

Log and usage data. Information about your interactions with the Online Services, such as the pages or content you view, the links you click, the referring site, search terms, the time and date of your visit, and diagnostic or performance data (such as error logs and crash data).
Device data. Information about the device and browser you use to access the Online Services, such as IP address (or proxy server), browser type and settings, device identifiers, operating system, internet service provider or mobile carrier, and system configuration.
Approximate location data. We may infer an approximate geographic location (such as city, state or province, and country) based on your IP address or other technical data. This helps us understand where visitors are located and support security and fraud-prevention efforts.
Cookies and similar technologies. We use cookies, pixels, web beacons, and similar technologies to collect or store information about your use of the Website. For more information, see Section 6 and our Cookie Policy.

1.3 Information processed during client engagements (not collected via the Website)

In short: In the course of providing consulting services, we may process more sensitive or regulated data on behalf of our clients, under contract and their instructions.

Separate from the Website, Guardantix provides cybersecurity and IT consulting services to organizations. In that context, our clients may provide us with access to systems, environments, and data that can include personal information about their employees, contractors, customers, patients, or other individuals. Depending on the engagement, this client data may include:

network, endpoint, and system logs that include user identifiers;
security event data and forensic information relating to potential incidents;
business contact information for client personnel and stakeholders; and
in some cases, regulated data such as protected health information (“PHI”) or other sensitive personal information, where needed for the engagement.

When we process personal information in this context, we generally act as a service provider, processor, or business associate (as those terms are used in applicable privacy and data protection laws). Our clients are responsible for deciding what data to provide and for giving appropriate privacy notices to their own data subjects. Our use of such data is governed by the relevant MSA, SOW, BAA, or similar agreement and is typically limited to:

providing our cybersecurity and IT consulting services;
meeting our legal and regulatory obligations (for example, under HIPAA, where applicable); and
protecting the security and integrity of our systems and the services we provide.

We do not use client data from consulting engagements for our own independent marketing, profiling, or unrelated purposes.

2. HOW DO WE PROCESS YOUR INFORMATION?

In short: We use personal information to operate, secure, and improve our Website and services, respond to inquiries, manage relationships, comply with legal obligations, and, for client engagements, to provide services under contract.

2.1 Website and general business purposes

We process personal information collected through the Website and other Online Services for purposes that include:

Providing and operating the Online Services. For example, to display content, maintain the Website, troubleshoot issues, and ensure the Online Services function as intended.
Responding to inquiries and providing customer support. To respond to your requests, questions, and feedback; schedule meetings or demonstrations; and otherwise communicate with you about our services.
Managing leads, sales, and marketing communications. To create and maintain records in our customer relationship management (“CRM”) and marketing tools, understand your organization’s needs, send you information about our services (where permitted by law and your preferences), and measure the effectiveness of our outreach.
Operating, securing, and improving the Website and our services. To monitor and protect the security and integrity of the Website; detect, prevent, and respond to fraud, abuse, and security incidents; conduct analytics to understand usage trends; and improve the design, performance, and content of our Website and services.
Personalizing content. To tailor certain communications, content, or marketing messages to your organization’s interests, for example based on your role, industry, or prior interactions with us.
Supporting business operations. To manage our internal processes, including finance and accounting, vendor management, project management, and corporate governance.
Complying with legal obligations and protecting rights. To comply with applicable laws and regulations, respond to lawful requests and legal processes, enforce our contracts and policies, and protect our rights, property, users, and the public.
Creating de-identified or aggregated information. We may de-identify or aggregate personal information so that it no longer identifies an individual, and use or share that information for analytics, research, and other lawful purposes.

2.2 Processing personal information using service providers and AI-powered tools

We use various service providers and tools to support the purposes above, including:

website hosting and content delivery providers;
data analytics providers and tools;
CRM and marketing automation platforms;
email, VoIP, SMS, and other communications providers;
project management and collaboration platforms; and
AI-powered tools used internally to assist with tasks such as log analysis, drafting and organizing communications, or improving our operations and security.

Where these tools process personal information, we require that they handle the information in accordance with our instructions and applicable law. We do not authorize our service providers to use Website personal information for their own unrelated advertising or to sell it to others.

2.3 Processing client data during consulting engagements

When we process personal information as part of a consulting engagement (see Section 1.3):

we do so only as necessary to deliver the services described in the applicable MSA, SOW, BAA, or similar agreement;
we act as a service provider, processor, or business associate to our client, who remains responsible for identifying its legal bases for processing and for providing appropriate privacy notices to individuals whose data is involved; and
we use, disclose, retain, and secure such data strictly in accordance with our contracts and applicable laws.

3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR INFORMATION?

In short: Where a legal basis is required (for example, in Canada), we rely on consent and other lawful bases recognized under applicable privacy laws.

Different laws apply depending on where you are located. In many jurisdictions, including the United States, we are not required to identify a specific “legal basis” for each processing activity, but we process personal information only when we believe we have a legitimate business need or legal obligation to do so.

If you are located in Canada or another jurisdiction that requires us to identify legal bases for processing, we generally rely on one or more of the following:

Your consent. For example, when you submit a form, sign up for marketing communications, or otherwise choose to provide information to us. Consent may be express (e.g., by ticking a box) or implied (e.g., when you voluntarily provide business contact details so we can respond).
Performance of a contract. To enter into and perform our contracts with you or your organization, including responding to pre-contractual requests.
Legitimate interests. For our legitimate business interests, such as operating and improving the Website, maintaining security, preventing fraud, and managing our client and vendor relationships, provided such interests are not outweighed by your privacy rights.
Compliance with legal obligations. To comply with applicable laws, regulations, and legal processes, including record-keeping and responding to lawful requests from authorities.
Protection of vital interests or the public interest. In rare cases, to protect someone’s life, health, or safety, or to act in the public interest as authorized by law.

Under Canadian federal and provincial privacy laws, there are limited circumstances in which we may collect, use, or disclose personal information without consent, such as:

if the collection is clearly in your interests and consent cannot be obtained in a timely way;
for fraud detection, security, or law-enforcement-related investigations;
in connection with certain business transactions, subject to legal conditions;
when required to comply with subpoenas, warrants, court orders, or other legal processes;
to respond to emergencies or to identify and communicate with next of kin; or
when the information is publicly available as defined by applicable regulations.

You may withdraw your consent at any time where consent is the basis for processing, as described in Section 10. Withdrawal of consent does not affect processing that has already occurred or processing based on other lawful grounds.

In short: We share personal information with service providers and other recipients that help us operate our business, with our affiliates, and when required by law or necessary to protect our rights or in connection with a business transaction. We do not sell personal information for money.

4.1 Service providers and vendors

We share personal information with carefully selected third parties that perform services on our behalf and need access to the information to do that work. These service providers act under written agreements that require them to:

use personal information only as instructed by Guardantix;
protect personal information with appropriate security measures; and
not use personal information for their own unrelated purposes.

Depending on our business needs, the categories of service providers may include:

website hosting and infrastructure providers;
analytics and reporting providers;
CRM and marketing automation platforms;
email, VoIP, SMS, and other communications providers;
project management and collaboration platforms;
payment processing and finance and accounting tools (for example, to manage invoices and payments from clients and vendors);
security monitoring, incident response, and vulnerability management tools; and
AI-powered tools that assist with internal operations, security, or service delivery.

4.2 Affiliates and professional advisors

We may share personal information with our current or future affiliates (entities that control, are controlled by, or are under common control with Guardantix) for purposes consistent with this Privacy Policy. We may also share personal information with professional advisors, such as lawyers, accountants, auditors, and insurers, when necessary in the course of obtaining professional services.

4.3 Business transfers

We may disclose or transfer personal information in connection with, or during negotiations of, any merger, sale of company assets, financing, acquisition, reorganization, or similar corporate transaction. If such a transaction occurs, the successor entity may use your personal information as described in this Privacy Policy, unless you are notified otherwise.

4.4 Legal obligations and protection of rights

We may disclose personal information to third parties when we believe in good faith that such disclosure is reasonably necessary to:

comply with any applicable law, regulation, legal process, or governmental request;
enforce our agreements or policies;
protect the security or integrity of the Online Services;
protect Guardantix, our clients, or the public from harm or illegal activities; or
exercise, establish, or defend legal claims.

4.5 Aggregated or de-identified information

We may share aggregated or de-identified information that cannot reasonably be used to identify an individual, for example with our clients or partners for analytics, benchmarking, or research. We do not attempt to re-identify such information, except as permitted by law and necessary for security or fraud-prevention purposes.

5. WHAT IS OUR STANCE ON THIRD-PARTY WEBSITES?

In short: We are not responsible for the privacy practices of websites or services we do not own or control.

The Online Services may contain links to third-party websites, online services, or applications that are not operated or controlled by Guardantix. These links are provided for convenience and informational purposes only. We do not endorse or make any representations about such third parties, and we are not responsible for their content, privacy practices, or security.

Any personal information you provide to or that is collected by a third-party website or service is governed by that third party’s privacy policies and terms, not this Privacy Policy. We encourage you to review the privacy policies and practices of any third-party websites or services you visit.

6. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?

In short: Yes. We use cookies and similar technologies to operate the Website, understand how it is used, and, where permitted, to support marketing and analytics.

We and our service providers use cookies, web beacons, pixels, and similar tracking technologies (“cookies”) when you interact with the Online Services. Cookies are small data files stored on your browser or device that help the Website function and collect certain technical and usage information.

We may use the following types of cookies:

Strictly necessary cookies. Required for the Website to function properly and to provide security and core features. You cannot opt out of these cookies through our cookie settings because they are essential to the Online Services.
Functional cookies. Help remember your preferences and settings (for example, language or region) to provide a more personalized experience.
Analytics and performance cookies. Help us understand how visitors use the Website, which pages are most frequently visited, and how the Website performs, so we can improve it.
Advertising or targeting cookies. May be used to deliver or measure advertising and marketing messages, including on third-party websites, based on your browsing behavior and interests. These may also be used to limit how often you see a particular ad.

Some cookies are set directly by us, while others are set by third-party service providers (for example, analytics or advertising providers). To the extent that the use of advertising or analytics cookies by third parties is considered a “sale,” “sharing,” or “targeted advertising” under applicable U.S. state privacy laws, you may have the right to opt out, as described in Section 12.

You can manage cookies in several ways:

By adjusting your browser or device settings to block or delete cookies;
By using any cookie or consent tools we make available on the Website; and
For interest-based advertising, by using industry opt-out tools where available.

Blocking or deleting cookies may impact the functionality of the Website. For more information about our use of cookies and your choices, please review our Cookie Policy.

7. HOW LONG DO WE KEEP YOUR INFORMATION?

In short: We keep personal information only as long as reasonably necessary for the purposes described in this Policy or as required by law.

We retain personal information for as long as needed to:

provide the Online Services and our consulting services;
manage our relationships with clients, prospects, and vendors;
comply with legal, regulatory, accounting, or reporting obligations; and
resolve disputes, enforce our agreements, and protect our rights.

Retention periods vary depending on the type of data and the context in which it was collected. For example:

basic business contact information and communications with you may be retained for the duration of our relationship and for a period afterward to maintain business records;
technical logs and security-related data may be stored for a shorter period, unless needed for investigations, incident response, or legal reasons; and
aggregated or de-identified data may be retained indefinitely, as it no longer identifies an individual.

When personal information is no longer needed, we will delete or de-identify it, or if that is not feasible (for example, because it is stored in backup archives), we will securely store it and isolate it from further processing until deletion is possible.

8. HOW DO WE KEEP YOUR INFORMATION SAFE?

In short: We use reasonable security measures, but no method of transmission or storage is completely secure.

As a cybersecurity and IT consulting firm, we take the security of information seriously. We implement a combination of organizational, technical, and physical safeguards designed to protect personal information from unauthorized access, use, alteration, or disclosure. These safeguards may include:

access controls and role-based permissions;
network and application security measures;
encryption of data in transit and/or at rest, where appropriate;
logging and monitoring for security events;
security policies, procedures, and training for our personnel; and
vendor due diligence and contractual security commitments.

Despite these efforts, no system or transmission over the internet can be guaranteed to be 100% secure. We cannot guarantee that unauthorized third parties will never be able to defeat our security measures. You use the Online Services and provide personal information at your own risk, and you should use appropriate security measures on your own systems and devices.

9. DO WE COLLECT INFORMATION FROM MINORS?

In short: The Website is intended for adults in a business or professional context. We do not knowingly collect personal information from children under the age of 13 (or the minimum age in your jurisdiction).

The Online Services are directed to business and professional users and are not intended for or directed to children. We do not knowingly collect, solicit, or maintain personal information from children under 13 years of age (or a higher age where required by local law), and we do not knowingly sell or share such information.

If you are under the minimum age in your jurisdiction, please do not use the Online Services or provide any personal information to us.

If we learn that we have collected personal information from a child in violation of applicable law, we will take reasonable steps to delete that information. If you believe a child has provided personal information to us, please contact us at hello@guardantix.com so we can investigate and take appropriate action.

10. WHAT ARE YOUR PRIVACY RIGHTS?

In short: Depending on where you live, you may have rights to access, correct, delete, or restrict the use of your personal information, and to opt out of certain processing.

Your rights will depend on your location and the applicable laws. Regardless of where you are located, we will consider any request you make and respond in accordance with applicable law.

10.1 Rights that may be available to you

Subject to legal limits and exemptions, you may have some or all of the following rights:

Access. To request confirmation of whether we process your personal information and, if so, to receive a copy of that information.
Correction. To request that we correct or update inaccurate or incomplete personal information about you.
Deletion. To request that we delete your personal information, for example where it is no longer needed for the purposes for which it was collected.
Restriction. To request that we limit the processing of your personal information in certain circumstances.
Portability. To request a copy of certain personal information in a structured, commonly used, and machine-readable format, where technically feasible.
Objection. To object to certain processing activities, such as processing based on legitimate interests or for direct marketing.
Not to be subject to certain automated decisions. To request human review of decisions made solely by automated means that produce legal or similarly significant effects, where such rights exist.
Withdraw consent. Where we rely on your consent, to withdraw that consent at any time, without affecting the lawfulness of processing that occurred before withdrawal.

10.2 Additional rights for individuals in Canada

If you are in Canada, you have additional rights under the Personal Information Protection and Electronic Documents Act (“PIPEDA”) and, where applicable, substantially similar provincial laws. These rights generally include:

the right to request access to the personal information that we hold about you and to obtain information about how it is used and disclosed;
the right to request correction of any inaccurate or incomplete personal information;
the right to challenge our compliance with applicable privacy laws and raise concerns with our privacy contact; and
the right to file a complaint with the Office of the Privacy Commissioner of Canada or your provincial privacy commissioner, if you are not satisfied with our response.

10.3 How to exercise your rights

To exercise your rights, please contact us using any of the methods in Section 14. To help us respond efficiently, please:

indicate the right(s) you wish to exercise;
provide sufficient information for us to verify your identity and, where applicable, your residency; and
provide any additional details that will help us understand and respond to your request.

We will respond to your request within the timeframes required by applicable law. In some cases, we may need to request additional information from you to verify your identity or clarify your request. If we decline your request, we will explain the reasons, unless we are legally prohibited from doing so.

10.4 Marketing communications

You can opt out of marketing or promotional emails from us at any time by following the unsubscribe instructions in those emails or by contacting us at hello@guardantix.com. Even if you opt out, we may still send you non-marketing messages related to your existing or past relationship with us (for example, transactional messages, security alerts, or updates about an ongoing engagement).

If we ever send SMS or similar mobile messages for marketing purposes (which we do not routinely do), we will provide appropriate opt-out instructions (such as replying “STOP”). For purposes of this paragraph and the required disclosure below, “third parties” does not include our contracted service providers who assist us in delivering text messages and who are bound to use the information solely to provide those services to us. All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

10.5 Cookies and interest-based advertising

You can manage your cookie preferences as described in Section 6 and in our Cookie Policy. Adjusting your browser or device settings may also allow you to block or delete cookies and other tracking technologies. Please note that disabling certain cookies may affect the functionality of the Website.

11. CONTROLS FOR DO-NOT-TRACK FEATURES

Most web browsers and some mobile operating systems and applications include a “Do-Not-Track” (“DNT”) setting or signal you can activate to indicate your preference regarding online tracking. There is currently no widely adopted industry standard for how websites should respond to DNT signals, and we do not respond to DNT signals at this time.

12. DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?

In short: If you are a resident of certain U.S. states, you may have additional rights regarding your personal information.

Residents of California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, and Virginia (collectively, the “U.S. Privacy States”) may have specific rights regarding their personal information under applicable state privacy laws. This section supplements the rest of this Privacy Policy and applies only to residents of those states.

12.1 Categories of personal information we collect

The table below summarizes the categories of personal information, as defined by certain U.S. privacy laws, that we have collected from consumers in the twelve (12) months preceding the date of this Policy, in relation to our Online Services and general business operations. Not every category will apply to every individual.

Category	Examples	Collected in last 12 months?
A. Identifiers	Real name, alias, business contact details, email address, IP address, online identifiers	Yes
B. Personal information as defined in California Customer Records statute	Name, business contact information, employment-related information you choose to provide	Yes
C. Protected classification characteristics under state or federal law	Race, ethnicity, gender, date of birth, disability, or similar protected characteristics	No (not collected via the Website, and not intentionally collected in our ordinary business operations)
D. Commercial information	Records of products or services purchased, purchasing or consuming histories or tendencies	Limited (for example, records of consulting engagements with our business clients, but not payment card numbers on the Website)
E. Biometric information	Fingerprints, faceprints, voiceprints, scans of hand or face geometry	No
F. Internet or other electronic network activity information	Browsing history, search history, information regarding your interactions with the Website, applications, or advertisements	Yes
G. Geolocation data	Approximate location derived from IP address	Yes
H. Audio, electronic, visual, or similar information	Voicemail or recorded calls related to our business communications (if we choose to record and you are notified), or images you choose to send	Possibly, in limited business contexts
I. Professional or employment-related information	Business contact details, job title, employer, and related professional information	Yes
J. Education information	Education records subject to the Family Educational Rights and Privacy Act (FERPA)	No
K. Inferences drawn from other personal information	Inferences about your professional interests or preferences used to tailor our communications	Yes, in a limited B2B context
L. Sensitive personal information	Government identifiers, precise geolocation, financial account credentials, health or biometric data, information about children, or other sensitive categories	No (we do not intentionally collect sensitive personal information via the Website)

We may also collect other personal information you voluntarily provide to us in a business context, such as in connection with RFPs, security questionnaires, or due-diligence processes.

12.2 Sources of personal information

We collect the categories of personal information described above from the following sources:

directly from you (for example, via forms, emails, calls, and text messages);
automatically from your device when you visit or interact with the Website (for example, through cookies and similar technologies); and
from your employer or organization, in the context of our B2B relationship.

12.3 Purposes for collecting personal information

We collect and use personal information for the business and commercial purposes described in Section 2, including to provide and manage our services, conduct analytics, maintain security, and comply with legal requirements.

12.4 Disclosures of personal information for a business purpose

In the twelve (12) months preceding the date of this Policy, we have disclosed the following categories of personal information to service providers and other recipients for our business purposes:

Identifiers (Category A);
Personal information as defined in the California Customer Records statute (Category B);
Commercial information, in a B2B context (Category D);
Internet or other electronic network activity information (Category F);
Geolocation data (Category G);
Audio or similar information, in limited contexts (Category H);
Professional or employment-related information (Category I); and
Inferences (Category K).

We disclose these categories only for the purposes described in this Policy and only to the types of recipients described in Section 4.

12.5 Sale or sharing of personal information and targeted advertising

We do not sell personal information for money. However, some U.S. state privacy laws define “sell” and “share” broadly to include certain disclosures of personal information to third parties, such as analytics or advertising partners, in exchange for valuable consideration or for cross-context behavioral advertising.

In the preceding twelve (12) months, we may have “shared” (as that term is defined in some laws) identifiers (Category A), internet or electronic network activity information (Category F), approximate geolocation (Category G), and inferences (Category K) with analytics or advertising partners through cookies and similar technologies for purposes that may be considered targeted or cross-context behavioral advertising.

If you are a resident of a U.S. Privacy State, you may have the right to opt out of such “selling,” “sharing,” or targeted advertising. You can exercise this right by:

adjusting your cookie preferences through any cookie tools we provide;
using a browser or extension that sends a valid Global Privacy Control (GPC) signal, which we honor as described in Section 11; or
contacting us at hello@guardantix.com and specifying that you wish to opt out of sale/sharing or targeted advertising.

12.6 Your rights under U.S. state privacy laws

Subject to certain limitations and exceptions, residents of U.S. Privacy States may have some or all of the following rights with respect to their personal information:

Right to know / access. To confirm whether we process your personal information and to access that information, including, in some states, to obtain information about the categories of personal information collected, sources, purposes, and categories of third parties with whom we share it.
Right to correct. To request correction of inaccurate personal information we maintain about you.
Right to delete. To request deletion of certain personal information we have collected from you.
Right to data portability. To obtain a copy of certain personal information in a portable and, to the extent technically feasible, readily usable format.
Right to opt out. To opt out of:
- the sale of personal information;
- the sharing or processing of personal information for targeted advertising or cross-context behavioral advertising; and
- certain forms of profiling in furtherance of decisions that produce legal or similarly significant effects.
Right to limit use and disclosure of sensitive personal information. In states where we process sensitive personal information and where this right applies (for example, California), to limit our use and disclosure of such information. We do not intentionally collect sensitive personal information via the Website.
Right to non-discrimination. We will not discriminate against you for exercising your privacy rights, such as by denying services, charging different prices, or providing a different level of service, unless permitted by law (for example, in connection with loyalty or similar programs).

Some states provide additional rights, such as the right to obtain a list of specific third parties to whom certain personal information was disclosed. Where such rights apply, you may exercise them using the methods described below.

12.7 How to exercise your U.S. state privacy rights

If you are a resident of a U.S. Privacy State and wish to exercise any of the rights described above, you may contact us using any of the methods in Section 14, including by emailing hello@guardantix.com. Please include the following in your request:

that you are making a state privacy law request and the state in which you reside;
the specific right(s) you wish to exercise; and
enough information for us to verify your identity (and, if applicable, your authority to act on behalf of another person).

We will respond to your request in accordance with the requirements of applicable state law.

12.8 Verification of requests

To protect your privacy and maintain security, we may take steps to verify your identity before fulfilling your request. The verification steps may vary depending on the sensitivity of the information involved and the type of request. We will use any personal information collected for verification only to verify your identity or authority and to process your request.

12.9 Authorized agents

You may designate an authorized agent to submit a request on your behalf where your state’s law allows it. If you do so, we may require:

proof that the authorized agent is authorized to act on your behalf (for example, a signed written authorization or power of attorney); and
verification of your identity directly with us, unless not required by applicable law.

12.10 Appeals

If we deny your request (in whole or in part) and your state law provides a right to appeal, you may appeal our decision by contacting us at hello@guardantix.com and indicating that you are appealing a privacy request decision. We will review your appeal and notify you in writing of our response, including an explanation of our decision. If your appeal is denied, you may have the right to complain to your state Attorney General or other regulator.

13. DO WE MAKE UPDATES TO THIS POLICY?

In short: Yes. We may update this Policy from time to time.

We may modify this Privacy Policy to reflect changes in our practices, technologies, legal requirements, or other factors. When we do, we will update the “Last updated” date at the top of this page. If we make material changes, we may also provide additional notice (for example, by posting a prominent notice on the Website or by contacting you directly, where appropriate).

We encourage you to review this Privacy Policy periodically to stay informed about how we handle personal information.

14. HOW CAN YOU CONTACT US ABOUT THIS POLICY?

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, or if you wish to exercise your privacy rights, you can contact us using any of the following methods:

Email: hello@guardantix.com
Online contact form: https://guardantix.com/contact/

When you contact us, please do not include sensitive personal information unless we specifically request it and provide a secure means for transmitting it.

15. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

Based on the laws that apply to you, you may have the right to request access to the personal information we hold about you, to correct or update that information, or to request that we delete it, as described in Section 10 and, for certain U.S. residents, Section 12.

To make such a request, please contact us at hello@guardantix.com or through our contact form at https://guardantix.com/contact/. We may provide you with a form or additional instructions to help us process your request efficiently.