Privacy Notice

1. Who we are

Policy Guard LLC ("TrustLayer", "we", "us") operates the TrustLayer service. We are the data controller for personal data we process about you in connection with the Service.

2. Data we collect

• Account data: email address, hashed password, sign-in identifiers.
• Usage data: URLs and policy text you submit for analysis, analyses generated, monthly usage counts.
• Technical data: IP address, browser type, device identifiers, log data.
• Support data: messages you send to our support team.
• Payment data: handled by Paddle, our Merchant of Record. We receive subscription status and a customer identifier, but do not store full payment card details.

3. How we use your data

• Create and manage your account (legal basis: contract).
• Provide policy analyses and maintain your history (contract).
• Enforce usage limits and prevent abuse (legitimate interests, contract).
• Communicate with you about the Service and respond to support (contract, legitimate interests).
• Improve the Service, including AI quality (legitimate interests).
• Comply with legal obligations such as tax and accounting (legal obligation).

4. Sharing your data

We share personal data with:

• Paddle — our Merchant of Record, for sale of the product, subscription management, payments, tax compliance, and invoicing.
• Service providers / subprocessors — hosting, database, authentication, AI model providers, and analytics tools, all bound by contract to protect your data.
• Professional advisers — legal, accounting, and audit professionals where necessary.
• Authorities — when required by law or to protect rights, safety, or property.

We do not sell your personal data.

5. International transfers

Your data may be processed in the United States and in other countries where our service providers operate. Where data is transferred outside the UK or EEA, we rely on appropriate safeguards such as Standard Contractual Clauses or adequacy decisions.

6. Data retention

We keep account and analysis data for as long as your account is active. If you delete your account, we will delete or anonymise your personal data within a reasonable period, except where we are required to retain it for legal, tax, or fraud-prevention purposes.

7. Your rights

Depending on where you live, you may have rights to access, correct, delete, restrict, or port your personal data, to object to certain processing, and to withdraw consent. EEA/UK users have these rights under GDPR/UK GDPR and may complain to their local supervisory authority. We aim to respond to verified requests within one month. To exercise your rights, email privacy@policyguard.app.

8. Security

We use appropriate technical and organisational measures to protect your data, including encryption in transit, access controls, and infrastructure provided by reputable cloud vendors. No system is perfectly secure, and we cannot guarantee absolute security.

9. Cookies

We use essential cookies and similar technologies to keep you signed in and to operate the Service. We may use limited analytics cookies to understand usage patterns. You can manage cookies through your browser settings; disabling essential cookies may break parts of the Service.

10. Changes to this notice

We may update this Privacy Notice from time to time. Material changes will be communicated via the Service or by email.

11. Contact

Questions about your data or this notice? Contact privacy@policyguard.app.