GuardianKey logo Painless Cybersecurity!

Privacy Policy for GuardianKey

Effective date: September 22, 2018

GuardianKey (“us”, “we”, or “our”) operates the http://guardiankey.io website (the “Service”). This page informs you of our policies regarding the collection, use, and disclosure of personal data when you use our Service and the choices you have associated with that data.

We use your data to provide and improve the Service. By using the Service, you agree to the collection and use of information in accordance with this policy. By using the Service, you also confirm that you have the ownership or proper authorization to use the data sent to our servers. Unless otherwise defined in this Privacy Policy, terms used in this Privacy Policy have the same meanings as in our Terms and Conditions, accessible from http://guardiankey.io.

We state that, as one of our best values, we respect the User Data sent to our servers and we implement mechanisms to protect the privacy of our users.

GuardianKey provides a Service to evaluate risks on events sent to our servers by “Our Users”. Our Users usually are administrators of other systems, and collect the events on those systems regarding the access of users on those systems, which we refer here as “Your Users”.

Information Collection and Use

We collect several different types of information for various purposes to provide and improve our Service to you. At the effective date of this policy, we have three systems, described below, with needs distinct types of User Data collected.

  • Our Website, at http://guardiankey.io (or other domains) – used to inform our users about our services and about us.
  • The Administration Panel (at https://panel.guardiankey.io).
  • The GuardianKey Detection Engine – used to calculate risks for the events sent by our users, aiming to protect their systems against malicious activities.

Types of Data Collected by Our Website

Personal Data

While using our Website, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you (“Personal Data”). Personally identifiable information may include, but is not limited to:

  • Cookies and Usage Data

Usage Data

We may also collect information about how the Service is accessed and used (“Usage Data”). This Usage Data may include information such as your computer’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data. This information is used to protect our system against attacks and to identify the access to our website.

Tracking & Cookies Data

We use cookies and similar tracking technologies to track the activity on our Service and hold certain information.

Cookies are files with small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyze our Service.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

Examples of Cookies we use:

  • Session Cookies. We use Session Cookies to operate our Service.
  • Preference Cookies. We use Preference Cookies to remember your preferences and various settings.
  • Security Cookies. We use Security Cookies for security purposes.

We may use a visit analytics system (such as Google Analytics) to enable us to analyze the accesses to our site.

Types of Data Collected by the Administration Panel and API

The main purpose of the information collected by the Administration Panel and API systems are to:

  • enable the navigation in the system
  • enable contacting you via e-mail, when required
  • configure the detection engine to your needs
  • improve our services
  • protect our systems against attacks

Personal Data

While using our Administration Panel, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you (“Personal Data”). Personally identifiable information may include, but is not limited to:

  • Email address
  • Information posted by the user, such as Organization’s name, details, etc.
  • Preferences, thresholds, your name, etc.
  • Cookies and Usage Data
  • Usage Data

We may also collect information about how the Service is accessed and used (“Usage Data”). This Usage Data may include information such as your computer’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

Tracking & Cookies Data

We use cookies and similar tracking technologies to track the activity on our Service and hold certain information.

We may use a visit analytics system (such as Google Analytics) to enable us to analyze the accesses to our site.

Types of Data Collected by the GuardianKey Detection Engine

The main purpose of the information collected by the GuardianKey Detection Engine is to:

  • evaluate the risks on the sent events to provide you a risk and other information to be used for protecting your systems against malicious or improper activities.
  • enable contacting Your Users, when expressly configured by you, to inform them about atypical accesses on their account at your system.
  • detect malicious IPs on the Internet and use this information to protect all of our users and the Internet global community.

Personal Data

While using our Detection Engine, we may ask you to send events to us with certain personally identifiable information that can be used to contact or identify you or Your Users (“Personal Data”). Personally identifiable information may include, but is not limited to:

  • Email address
  • Psychometric data (e.g., mouse movement patterns or keystroke patterns)
  • IP addresses
  • User Agent data (information sent by the browsers, about their versions and brands)
  • local time and timezone
  • Usage Data
  • Other information described in our API, available on our website

Usage Data

We may also collect information about how the Service is accessed and used (“Usage Data”). This Usage Data may include information such as your computer’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

Use of Data

GuardianKey uses the collected data for various purposes:

  • To provide and maintain the Service
  • To notify you about changes to our Service
  • To allow you to participate in interactive features of our Service when you choose to do so
  • To provide customer care and support
  • To improve our Service
  • To provide analysis or valuable information so that we can improve the Service
  • To monitor the usage of the Service
  • To detect, prevent and address technical issues
  • To notify you about new features, commercial conditions, and other information about your plan

The events sent to be processed by The GuardianKey Detection Engine have the user’s e-mail as an optional field. We use this information uniquely to send notification by e-mails about their access and when expressly configured by Our Users, in the Administration Panel or via our API. We never use these e-mails (from “Your Users”) to any other purpose! We also do not sell this data to other parties!

We may use the information sent by you to detect malicious IP addresses on the Internet and use this information to widely protect other systems, commercially or not. In any case, we will never disclose IP addresses related to other information sent in the events, aiming to protect the privacy of users.

Transfer Of Data

Your information, including Personal Data and Your User’s data, sent by you, may be transferred to – and maintained on – computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.

If you are located outside Canada and choose to provide information to us, please note that we transfer the data, including Personal Data, to Canada and process it there.

Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

GuardianKey will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information.

Disclosure Of Data

GuardianKey may disclose your Personal Data in the good faith belief that such action is necessary to:

  • To comply with a legal obligation
  • To protect and defend the rights or property of GuardianKey
  • To prevent or investigate possible wrongdoing in connection with the Service
  • To protect the personal safety of users of the Service or the public
  • To protect against legal liability

Security Of Data

The security of your data is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.

Service Providers

We may employ third party companies and individuals to facilitate our Service (“Service Providers”), to provide the Service on our behalf, to perform Service-related services or to assist us in analyzing how our Service is used.

These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

Links to Other Sites

Our Service may contain links to other sites that are not operated by us. If you click on a third party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy of every site you visit.

We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

Children’s Privacy

Our Service does not address anyone under the age of 18 (“Children”).

We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your Children has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers. In case you have children data in Your Users, you are responsible to provide and keep the proper authorizations and required constraints to legally send this data to our servers.

Changes To This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.

We will let you know via email and/or a prominent notice on our Service, prior to the change becoming effective and update the “effective date” at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Contact Us

If you have any questions about this Privacy Policy, please contact us: