Privacy Policy

Effective Date: February 19, 2026
Last Updated: March 6, 2026

1. Introduction

This Privacy Policy explains how we handle information when you use AI Security Guard (the "Service"). We have written it to be clear about what we do and do not do with your data.

The short version: we process your content to scan it, then we delete it. We do not need your email, we do not track you, and we do not build profiles. If that sounds good, read on for the details.

2. Information We Do NOT Collect

Unlike many services, we are designed specifically to minimize data collection:

• No Account Registration: We do not require user accounts. There is no username or password collection.
• No Personal Identifiers (for service use): Using the scanning service does not require names, addresses, phone numbers, or other personally identifiable information.
• No Tracking Cookies: We do not use tracking cookies or third-party analytics that identify individual users.
• No Behavioral Profiling: We do not build profiles of users based on their usage patterns.
• No Connection Between Newsletter and Scans: If you subscribe to our newsletter, your email address is never linked to scan activity, content, or API usage.

3. Information We Process

When you submit content to the Service for security scanning, we process the following:

3.1 Scanned Content

Content you submit for security analysis ("Your Content") is processed to provide the scanning service. This content:

• Is held in memory only for the duration necessary to complete the scan
• Is retained for a maximum of 15 minutes to enable follow-up Q&A functionality
• Is automatically and permanently deleted after 15 minutes
• Is never stored permanently on our systems
• Is never shared with third parties

3.2 Content Hashes

We generate and retain SHA-256 cryptographic hashes of scanned content:

• Retention Period: 7 days
• Purpose: Enable faster processing of repeated identical content
• Important: SHA-256 hashes are irreversible. The original content cannot be reconstructed from the hash. We cannot read or access your original content from these hashes.

3.3 Session Metadata

We retain limited session metadata for operational purposes:

• Retention Period: 1 hour
• Includes: Scan verdict, threat types detected, confidence scores
• Does NOT Include: Original content, excerpts, or any readable portion of your scanned material

3.4 Technical Information

We automatically collect minimal technical information necessary for service operation:

• IP Addresses: Used for rate limiting and abuse prevention; not linked to content or stored long-term
• Request Timestamps: For operational monitoring
• Content Size: For pricing tier determination

3.5 Newsletter Subscription (Optional)

If you voluntarily subscribe to our newsletter, we collect:

• Email Address: Used solely for sending security research updates and product news

Important distinctions:

• Newsletter subscription is entirely optional and separate from service usage
• Your email is never linked to scan activity, content, or API usage
• Email data is stored by our email service provider, Brevo (formerly Sendinblue), under their privacy policy
• Every email includes an unsubscribe link for immediate removal
• We do not share your email with third parties for marketing purposes

4. Data Retention Summary

5. How We Use Information

Information processed is used solely for:

• Providing the Service: Scanning content for security threats and returning analysis results
• Follow-Up Q&A: Enabling agents to ask clarifying questions about scan results (within 15-minute window)
• Performance Optimization: Using content hashes to accelerate repeat scans
• Abuse Prevention: Rate limiting to prevent service abuse
• Aggregate Analytics: Understanding service usage patterns (fully de-identified)
• Newsletter Communications: If you subscribe, sending security research updates and product news (opt-in only)

6. AI Model Training Commitment

Your Content is never used to train AI models.

Our detection systems are improved exclusively through:

• Public threat intelligence (CVE databases, security research)
• Synthetic attack generation using public data
• Internal red team testing

Customer scan content is never incorporated into training data, pattern databases, or any form of machine learning improvement.

7. Data Sharing and Disclosure

We do not sell, rent, or share your information with third parties except:

• Legal Requirements: If required by law, court order, or governmental authority
• Safety: To protect the rights, property, or safety of Enspektos, LLC, our users, or the public
• Business Transfer: In connection with a merger, acquisition, or sale of assets (any successor would be bound by this Privacy Policy)
• Service Providers: We use Brevo (formerly Sendinblue) to manage newsletter subscriptions. Brevo processes email addresses solely for email delivery and is bound by their privacy policy and GDPR compliance obligations.

We do not share Your Content with any third-party AI providers, analytics services, or data brokers.

8. Payment Information

The Service uses the x402 payment protocol for micropayments in USDC cryptocurrency. Payment processing is handled entirely by the x402 protocol infrastructure. We:

• Do not store your wallet private keys
• Do not have access to your cryptocurrency wallet
• Only verify payment completion through the x402 protocol

9. Data Security

We implement appropriate technical and organizational measures to protect information during processing:

• TLS encryption for all data in transit
• Encrypted memory processing
• Automatic content deletion after retention windows
• Access controls limiting employee access to systems
• Regular security assessments

10. Your Rights

Given our minimal data collection and short retention periods, most traditional data rights are satisfied by design:

• Right to Access: Your content is deleted within 15 minutes; hashes cannot be reversed
• Right to Deletion: Content is automatically deleted; no action required
• Right to Portability: We do not maintain user accounts or profiles to export
• Right to Object: You control what content you submit; simply do not submit content you do not want processed

For any privacy-related inquiries, contact us at support@aisecurityguard.io.

11. International Users

The Service is operated from the United States in New York and shall be governed by the laws of New York State. If you access the Service from outside the United States, please be aware that information may be transferred to, stored, and processed in the United States. By using the Service, you consent to this transfer.

For users in the European Economic Area (EEA), United Kingdom, or other jurisdictions with data protection laws, our minimal data collection and short retention periods are designed to substantially exceed standard privacy requirements.

12. Children's Privacy

The Service is not intended for use by individuals under the age of 18. We do not knowingly process content submitted by minors. If you believe a minor has submitted content to the Service, please contact us immediately.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify users of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. Your continued use of the Service after any changes constitutes acceptance of the updated Privacy Policy.

14. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us:

Enspektos, LLC
Email: support@aisecurityguard.io
Website: aisecurityguard.io