Last updated: May 10, 2026 · Effective date: May 10, 2026
1001549742 Ontario Inc. · Ontario, Canada
Your data stays in Canada. All personal information collected by Guardlyne is processed in accordance with Canada's PIPEDA and Quebec Law 25. Our designated privacy officer can be reached at privacy@guardlyne.ca.
Guardlyne is a product of Guardlyne We are the cybersecurity assessment platform for Canadian small and medium-sized businesses. We are the "organization" responsible for the personal information you provide to us under PIPEDA. Our designated privacy officer can be reached at: privacy@guardlyne.ca
We collect the following categories of information: Account information: Your name, business name, email address, and domain when you register. Microsoft 365 security data: When you connect your M365 environment, we read security configuration data including email authentication records (SPF, DKIM, DMARC), user account settings, multi-factor authentication status, device management configurations, and security audit logs. We do not read the content of emails, documents, or messages. Self-reported assessment answers: Your responses to our security questionnaire covering network security, human risk, vendor management, and data classification practices. Security assessment results: Grades, findings, and recommendations generated from your data. Usage data: Log files, page views, and feature usage to improve the service. Payment information: Processed by Stripe — we do not store your credit card numbers.
We use your information to: • Provide and improve the Guardlyne security assessment service • Generate your security grade, findings, and insurance-ready PDF reports • Send your weekly security digest email (you can unsubscribe at any time) • Process your subscription payments through Stripe • Respond to your support requests • Comply with legal obligations under Canadian law We do not sell your personal information to third parties. We do not use your security data for advertising purposes.
Under PIPEDA, we collect and use your personal information based on your consent, which you provide when you create an account and connect your Microsoft 365 environment. You may withdraw consent at any time by cancelling your account. Withdrawal of consent will result in deletion of your data as described in Section 8.
Your data is stored on servers operated by Render.com in the United States under a data processing agreement that requires equivalent privacy protections to Canadian law. We are working toward Canadian data residency and will notify customers when this is available. We protect your data using: • AES-256 encryption for sensitive tokens and credentials • TLS encryption for all data in transit • JWT authentication with expiring tokens • Role-based access controls limiting who can access your data • Regular security reviews of our own platform We practice what we assess. Our platform undergoes the same security assessment we provide to our customers.
We share your information only with: Service providers: Render (hosting), Stripe (payments), Resend (email), Anthropic (AI analysis) — each under data processing agreements requiring them to protect your data. MSP partners: If you are a client of a Managed Service Provider using our MSP portal, your security grade and assessment results are visible to your MSP. Your MSP is bound by their own client agreement and applicable privacy law. Legal requirements: We may disclose information if required by Canadian law, court order, or to protect the rights and safety of our users. We will never sell your data.
As a Canadian resident, you have the right to: Access: Request a copy of the personal information we hold about you. Correction: Ask us to correct inaccurate information. Withdrawal of consent: Stop us from using your personal information, subject to legal or contractual restrictions. Complaint: File a complaint with the Office of the Privacy Commissioner of Canada at priv.gc.ca if you believe we have violated PIPEDA. To exercise these rights, email us at privacy@guardlyne.ca. We will respond within 30 days.
For Quebec residents and businesses, we comply with Quebec's Act respecting the protection of personal information in the private sector (Law 25), which includes: Privacy impact assessments for new data processing activities involving personal information. Data minimisation: We collect only the information necessary to provide the service. Retention limits: We do not keep personal information longer than necessary for its purpose. Third-party agreements: All service providers handling personal information are bound by written agreements. Right to data portability: You can request an export of your data in a structured format. To exercise your Quebec Law 25 rights, contact our privacy officer at privacy@guardlyne.ca.
We retain your data for as long as your account is active. Specifically: Account and assessment data: Retained while your subscription is active and for 30 days after cancellation. Security scan results: Retained for 24 months to allow you to track your security posture over time. Payment records: Retained for 7 years as required by Canadian tax law. Upon account deletion, we permanently delete your personal information within 30 days, except where retention is required by law. To request deletion of your data, email privacy@guardlyne.ca.
Guardlyne uses minimal cookies. We use session cookies required for authentication and platform operation. We do not use advertising cookies or third-party tracking cookies. You can disable cookies in your browser settings but this may affect your ability to use the platform.
In the event of a breach of security safeguards involving your personal information that creates a real risk of significant harm, we will notify you and the Office of the Privacy Commissioner of Canada as required by PIPEDA. We maintain an incident response plan and will notify affected users as quickly as possible with information about what happened, what data was involved, and what steps we are taking.
We may update this privacy policy from time to time. We will notify you of material changes by email at least 14 days before they take effect. The current version is always available at guardline-app.onrender.com/privacy.
For any privacy questions, requests, or concerns: Privacy Officer Guardlyne Email: privacy@guardlyne.ca Office of the Privacy Commissioner of Canada www.priv.gc.ca 1-800-282-1376
Privacy questions? Email our privacy officer at privacy@guardlyne.ca — we respond within 2 business days.