Privacy Policy

Panguard AI, Inc. ("Panguard," "we," "us," or "our") is committed to protecting the privacy of individuals who visit our website at panguard.ai, use our products and services, or otherwise interact with us. This Privacy Policy describes how we collect, use, disclose, and safeguard your information.

By accessing or using any Panguard service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree, you must discontinue use of our services immediately.

1. Information We Collect

1.1 Account Information

When you register for a Panguard account, we collect your name and email address. Panguard is free and open-source software — we do not collect payment information or billing addresses.

1.2 System Telemetry (Anonymized)

Our endpoint protection agent collects anonymized system telemetry data, including operating system version, hardware configuration identifiers (hashed), installed software inventory, and network configuration metadata. All telemetry data is stripped of personally identifiable information before transmission and is used exclusively to improve threat detection accuracy.

1.3 Usage Analytics

We collect information about how you interact with our platform, including pages visited, features used, session duration, and interface interactions. This data helps us improve our product experience and is processed in aggregate form.

1.4 Threat Data (Anonymized)

When our security agent detects potential threats, anonymized indicators of compromise (IOCs), file hashes, and behavioral signatures are transmitted to our threat intelligence platform. This data does not contain personal files, documents, or identifiable user content. Threat data is used to improve detection capabilities across all Panguard customers.

2. How We Use Your Information

We use the information we collect for the following purposes:

• To provide, maintain, and improve our security products and services
• To detect, prevent, and respond to security threats on your behalf
• To communicate with you about service updates and security advisories
• To send you technical alerts, security advisories, and support messages
• To conduct research and analysis to enhance our AI threat detection models
• To comply with legal obligations and enforce our agreements
• To communicate with you about product updates, if you have opted in

3. Data Sharing

We do not sell, rent, or trade your personal information to third parties. We may share your information in the following circumstances:

• Service Providers: We engage trusted third-party service providers who perform services on our behalf, such as cloud hosting (infrastructure providers), payment processing, and customer support tools. These providers are contractually obligated to protect your data and may only use it to perform services for us.
• Legal Requirements: We may disclose information if required by law, regulation, subpoena, court order, or other governmental request.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control.
• Aggregated or De-identified Data: We may share aggregated, non-identifiable threat intelligence data with industry partners and security researchers to advance collective cybersecurity efforts.

4. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you services. Account information is retained for up to 12 months after account closure for legal and audit purposes. Anonymized telemetry and threat data may be retained indefinitely as it cannot be linked to individual users. You may request deletion of your account data at any time by contacting us at [email protected].

5. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data under the General Data Protection Regulation (GDPR) and other applicable privacy laws:

• Right of Access: You may request a copy of the personal data we hold about you.
• Right to Rectification: You may request that we correct inaccurate or incomplete personal data.
• Right to Erasure: You may request that we delete your personal data, subject to certain legal exceptions.
• Right to Restrict Processing: You may request that we restrict the processing of your personal data in certain circumstances.
• Right to Data Portability: You may request a machine-readable copy of your personal data.
• Right to Object: You may object to the processing of your personal data for direct marketing purposes.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days.

5b. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purposes for collecting it, and the categories of third parties with whom we share it.
• Right to Delete: You have the right to request that we delete your personal information, subject to certain exceptions.
• Right to Opt-Out of Sale: Panguard does not sell personal information. We do not exchange personal data for monetary or other valuable consideration.
• Right to Non-Discrimination: You will not receive discriminatory treatment for exercising any of your CCPA rights.
• Right to Correct: You may request that we correct inaccurate personal information that we maintain about you.

To exercise your California privacy rights, please contact us at [email protected]. We will verify your identity before processing your request and respond within 45 days. You may also designate an authorized agent to make a request on your behalf.

6. Cookies

We use cookies and similar tracking technologies to operate and improve our website. For detailed information about the cookies we use and how to manage them, please refer to our Cookie Policy.

7. International Data Transfers

Panguard AI, Inc. is headquartered in Taipei, Taiwan. Your information may be transferred to, stored, and processed in jurisdictions other than your own. When we transfer personal data internationally, we ensure that appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, adequacy decisions, or other legally recognized transfer mechanisms. Our data processing infrastructure is hosted on SOC 2 Type II certified cloud providers with data centers in Asia-Pacific, North America, and Europe.

8. Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that a child under 16 has provided us with personal information, we will take steps to delete such information promptly. If you believe that a child under 16 has provided us with personal data, please contact us at [email protected].

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the updated policy on our website and updating the "Last updated" date. For significant changes, we will provide additional notice via email or through our platform. Your continued use of our services after any changes constitutes your acceptance of the updated Privacy Policy.

10. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: