Privacy Policy

iotguardian (“we,” “our,” or “us”) is committed to protecting the privacy of our users. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform, website, and related services (collectively, the “Service”). By accessing or using the Service, you consent to the practices described in this policy.

1. Information We Collect

1.1 Information You Provide

• Account Information: Name, email address, company name, job title, and password when you register for an account.
• Device Data: IoT device identifiers, metadata, configuration details, firmware versions, and compliance records you submit to the platform.
• Communications: Any messages, feedback, or support requests you send to us.
• Billing Information: Payment card details and billing address, processed securely through our third-party payment processor. We do not store full card numbers on our servers.

1.2 Information Collected Automatically

• Usage Data: Feature usage, pages visited, actions taken, login timestamps, and session duration.
• Device and Browser Data: IP address, browser type and version, operating system, device type, and screen resolution.
• Cookies and Tracking: We use essential cookies for authentication and session management, and analytics cookies (with your consent) to understand how the Service is used.

2. How We Use Your Information

• Provide, operate, and maintain the Service, including compliance monitoring, reporting, and alerting.
• Process transactions and send related billing and account notifications.
• Respond to your inquiries, provide customer support, and communicate about updates or changes to the Service.
• Improve and personalize the Service, including analyzing usage patterns and developing new features.
• Detect, prevent, and address security incidents, fraud, and technical issues.
• Comply with legal obligations, enforce our Terms of Service, and protect the rights and safety of our users and the public.

3. How We Share Your Information

We do not sell, rent, or trade your personal information. We may share your data only in the following circumstances:

• Service Providers: With trusted third-party vendors who assist in operating our Service (e.g., cloud hosting, payment processing, analytics), bound by data processing agreements.
• Legal Requirements: When required by law, regulation, legal process, or governmental request.
• Business Transfers: In connection with a merger, acquisition, or sale of assets, with appropriate notice provided to you.
• With Your Consent: When you have given explicit permission to share your information for a stated purpose.

4. Data Security

We implement industry-standard security measures to protect your data, including:

• Encryption of data in transit (TLS 1.2+) and at rest (AES-256).
• Role-based access control and multi-factor authentication for administrative access.
• Regular vulnerability assessments, penetration testing, and security audits.
• Isolated tenant data environments to prevent cross-account data access.
• Automated backups with encryption and disaster recovery procedures.

While we strive to protect your data, no method of transmission or storage is completely secure. We cannot guarantee absolute security but will notify affected users promptly in the event of a data breach.

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. Upon account deletion or termination, we will delete your personal data within 30 days, except where retention is required by law or for legitimate business purposes (e.g., compliance audit records that must be retained per regulatory requirements). Anonymized, aggregated data that cannot identify you may be retained indefinitely for analytics and product improvement.

6. Your Rights

Depending on your jurisdiction, you may have the following rights:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your personal data, subject to legal retention obligations.
• Portability: Request your data in a structured, machine-readable format.
• Objection: Object to processing of your data for certain purposes, including direct marketing.
• Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at privacy@iotguardian.com.

7. International Data Transfers

Your data may be processed in countries other than your country of residence. When we transfer data internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by applicable regulatory authorities, or other legally recognized transfer mechanisms.

8. Children’s Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

9. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any external sites you visit.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and, where appropriate, by email. Your continued use of the Service after changes are posted constitutes your acceptance of the revised policy. We encourage you to review this page periodically.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: