Privacy Policy

• Engagement contact info: names, business emails, phone numbers, and business addresses provided when you contact us or sign an SOW.
• Contract details: billing information, signatories, and engagement scope.
• Environment data from engagement work: device inventories, configuration snapshots, network diagrams, firmware versions, vulnerability findings, and other technical information necessary to deliver the assessment.
• Communications: the content of emails, calls, and chats with the IoTGuardian team related to your engagement.

• To deliver the Services you have contracted with us.
• To communicate findings, scheduling, deliverables, and follow-ups.
• To support regulatory or audit reviews that you participate in where our work is part of the evidence base.
• To meet our own legal, tax, and security obligations as a service provider.

Information is stored in Microsoft Azure datacenters in the United States (primary: East US 2; failover: West US 2). IoTGuardian does not host engagement data on personal devices, consumer cloud storage, or third-party SaaS outside the subprocessors named below.

Data is encrypted in transit (TLS 1.2 or higher) and at rest (AES-256). Backups are encrypted with separate keys and stored in geographically separate Azure regions.

Engagement data is accessible only to IoTGuardian analysts assigned to your engagement. We do not sell or trade personal information. We do not share engagement data with third parties for marketing or analytics. Disclosure to law enforcement happens only when legally compelled, and we notify you unless prohibited from doing so.

We use the following subprocessors to deliver the Services:

• Microsoft Azure — compute, storage, identity, and email delivery (US regions).
• Stripe — payment processing for invoicing. Stripe receives billing contact and payment data only; it does not receive engagement data.

No other third-party subprocessors are used.

We retain engagement records for seven (7) years to support regulator audits and historical comparison across re-engagements. Personally identifying contact details may be retained longer where required by tax or contracting law.

Raw evidence collected during an engagement (configuration dumps, packet captures, screenshots) is purged from active systems within 60 days of engagement close on written request, and from backups on the next scheduled rotation.

Depending on where you live, you may have the right to access, correct, delete, or export the personal data we hold about you, and to object to or restrict our processing of it.

To exercise these rights, contact privacy@iotguardian.iqcloud.cloud. We respond within 30 days. We may need to verify your identity before acting on the request.

This site uses minimal first-party cookies for session state and CSRF protection on the contact form. We do not use third-party analytics or advertising trackers on the public marketing surface. Operator and console surfaces use authenticated session cookies that are described in those surfaces’ own privacy notices.

Our Services are delivered from the United States. If you contact us from outside the United States, your information will be transferred to and processed in US Azure regions. Where required by applicable law (UK, EEA, etc.) we rely on Standard Contractual Clauses for international transfers.

IoTGuardian’s Services are intended for businesses and the adults representing them. We do not knowingly collect personal information from anyone under the age of 16. If you believe a minor has provided information through this site, contact us at privacy@iotguardian.iqcloud.cloud and we will delete it.

We may update this Privacy Policy from time to time. Material changes — expanding the categories of data we collect, adding a new subprocessor, or extending retention — are communicated to active clients at least 30 days before the change takes effect. Non-material edits (typos, clarifications) are made without notice and reflected by the “Last updated” line above.

Questions about this policy or how we handle your data: privacy@iotguardian.iqcloud.cloud.