Privacy Policy
Your Content Is Not Our Product
At AI Security Guard, you pay us to scan your content—not the other way around. We don't collect your personal information, we don't keep your content, and we never use it to train AI models. Privacy isn't a feature we added; it's why we built this service the way we did.
1. Introduction
This Privacy Policy explains how we handle information when you use AI Security Guard. We've written it to be clear about what we do and don't do with your data.
The short version: we process your content to scan it, then we delete it. We don't need your email, we don't track you, and we don't build profiles. If that sounds good, read on for the details.
2. Information We Do NOT Collect
Unlike many services, we are designed specifically to minimize data collection:
- No Account Registration: We do not require user accounts. There is no email, username, or password collection.
- No Personal Identifiers: We do not collect names, addresses, phone numbers, or other personally identifiable information.
- No Tracking Cookies: We do not use tracking cookies or third-party analytics that identify individual users.
- No Behavioral Profiling: We do not build profiles of users based on their usage patterns.
3. Information We Process
When you submit content to the Service for security scanning, we process the following:
3.1 Scanned Content
Content you submit for security analysis ("Your Content") is processed to provide the scanning service. This content:
- Is held in memory only for the duration necessary to complete the scan
- Is retained for a maximum of 15 minutes to enable follow-up Q&A functionality
- Is automatically and permanently deleted after 15 minutes
- Is never stored permanently on our systems
- Is never used to train AI models
- Is never shared with third parties
3.2 Content Hashes
We generate and retain SHA-256 cryptographic hashes of scanned content:
- Retention Period: 7 days
- Purpose: Enable faster processing of repeated identical content
- Important: SHA-256 hashes are irreversible. The original content cannot be reconstructed from the hash. We cannot read or access your original content from these hashes.
3.3 Session Metadata
We retain limited session metadata for operational purposes:
- Retention Period: 1 hour
- Includes: Scan verdict, threat types detected, confidence scores
- Does NOT Include: Original content, excerpts, or any readable portion of your scanned material
3.4 Technical Information
We automatically collect minimal technical information necessary for service operation:
- IP Addresses: Used for rate limiting and abuse prevention; not linked to content or stored long-term
- Request Timestamps: For operational monitoring
- Content Size: For pricing tier determination
4. Data Retention Summary
| Data Type | Retention Period | Purpose |
|---|---|---|
| Original Scanned Content | 15 minutes | Enable follow-up Q&A |
| Content Hash (SHA-256) | 7 days | Faster repeat scan processing |
| Session Metadata | 1 hour | Q&A context (no original content) |
| Aggregate Usage Statistics | Indefinite | Service improvement (de-identified) |
5. How We Use Information
Information processed is used solely for:
- Providing the Service: Scanning content for security threats and returning analysis results
- Follow-Up Q&A: Enabling agents to ask clarifying questions about scan results (within 15-minute window)
- Performance Optimization: Using content hashes to accelerate repeat scans
- Abuse Prevention: Rate limiting to prevent service abuse
- Aggregate Analytics: Understanding service usage patterns (fully de-identified)
We Do NOT Use Your Content For:
Training AI models, improving detection patterns, sharing with third parties, advertising, profiling, or any purpose other than providing the requested security scan.
6. AI Model Training Commitment
Your Content is never used to train AI models.
Our detection systems are improved exclusively through:
- Public threat intelligence (CVE databases, security research)
- Synthetic attack generation using public data
- Internal red team testing
Customer scan content is never incorporated into training data, pattern databases, or any form of machine learning improvement.
7. Data Sharing and Disclosure
We do not sell, rent, or share your information with third parties except:
- Legal Requirements: If required by law, court order, or governmental authority
- Safety: To protect the rights, property, or safety of Enspektos, LLC, our users, or the public
- Business Transfer: In connection with a merger, acquisition, or sale of assets (any successor would be bound by this Privacy Policy)
We do not share Your Content with any third-party AI providers, analytics services, or data brokers.
8. Payment Information
The Service uses the x402 payment protocol for micropayments in USDC cryptocurrency. Payment processing is handled entirely by the x402 protocol infrastructure. We:
- Do not store your wallet private keys
- Do not have access to your cryptocurrency wallet
- Only verify payment completion through the x402 protocol
9. Data Security
We implement appropriate technical and organizational measures to protect information during processing:
- TLS encryption for all data in transit
- Encrypted memory processing
- Automatic content deletion after retention windows
- Access controls limiting employee access to systems
- Regular security assessments
10. Your Rights
Given our minimal data collection and short retention periods, most traditional data rights are satisfied by design:
- Right to Access: Your content is deleted within 15 minutes; hashes cannot be reversed
- Right to Deletion: Content is automatically deleted; no action required
- Right to Portability: We do not maintain user accounts or profiles to export
- Right to Object: You control what content you submit; simply do not submit content you do not want processed
For any privacy-related inquiries, contact us at aisecurityguard@enspektos.com.
11. International Users
The Service is operated from the United States. If you access the Service from outside the United States, please be aware that information may be transferred to, stored, and processed in the United States. By using the Service, you consent to this transfer.
For users in the European Economic Area (EEA), United Kingdom, or other jurisdictions with data protection laws, our minimal data collection and short retention periods are designed to exceed standard privacy requirements.
12. Children's Privacy
The Service is not intended for use by individuals under the age of 18. We do not knowingly process content submitted by minors. If you believe a minor has submitted content to the Service, please contact us immediately.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify users of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. Your continued use of the Service after any changes constitutes acceptance of the updated Privacy Policy.
14. Contact Us
If you have questions about this Privacy Policy or our privacy practices, please contact us:
Enspektos, LLC
Email: aisecurityguard@enspektos.com
Website: aisecurityguard.io