Privacy Policy (GuardIT AI)

Last updated: October 6, 2025

Who we are

GuardIT AI (“we”, “us”, “our”) provides executive security, cloud, identity, and AI governance services.
Registered office: 935 N Beneva Rd, Sarasota, FL 34232, U.S.
Email: love at guarditai.com
Website: https://guarditai.com

This policy explains what we collect, why, how we use it, and your choices. It covers the website, our newsletter (Thrive Leads), scheduling (TidyCal), and light A/B testing.

What we collect

We collect the minimum needed to run the site, communicate, and improve.

You provide

  • Contact details you submit (e.g., email via Thrive Leads forms / 2-step lightbox id=222).

  • Messages you send (briefing notes, inquiries).

  • Booking details you provide when scheduling via TidyCal.

Collected automatically

  • Device and usage data (IP address, user-agent, pages, timestamps).

  • Cookies and similar tech (see “Cookies & tracking”).

  • LocalStorage test flag: ab_head_v1 (stores which headline variant you saw).

  • Security logs (e.g., failed requests, spam detection).

From third parties

  • Scheduling metadata from TidyCal (available slots, booking confirmations).

  • Email deliverability and analytics from our email service provider (open/clicks, anonymized).

We don’t want or need sensitive information (e.g., PHI/PII beyond contact basics). Please don’t submit confidential data via public forms; request an NDA and we’ll proceed accordingly.

How we use data (purposes)

  • Communications: send the insights you requested; respond to inquiries; schedule briefings.

  • Performance & security: diagnose issues, prevent abuse, and keep the site fast and available.

  • Consent and preferences: remember your cookie choices and A/B test variant.

  • Compliance: maintain necessary records (consents, unsubscribes, audit trails).

Legal bases (where applicable, e.g., EU/UK):

  • Consent (newsletter, certain cookies).

  • Contract (when you book time or request materials).

  • Legitimate interests (site security, minimal analytics, A/B testing).

  • Legal obligations (records, statutory requests).

Cookies & tracking (including local storage)

We use strictly necessary cookies (security, load balancing) and limited functional measurement.

  • A/B testing: localStorage key ab_head_v1 stores “A” or “B”. No cross-site tracking.

  • Thrive Leads may set cookies to remember if you closed or completed a form.

  • WordPress may set session/login cookies if you authenticate (admins/editors).

  • TidyCal may set cookies to enable in-page scheduling.

  • We push simple events to window.dataLayer (e.g., ab_head_impression, email_signup_thank_you) for aggregate measurement.

Your choices:
Use your browser settings to block cookies; use private browsing; clear localStorage; or opt out via our Cookie Preferences link (add your CMP link if applicable). Blocking certain cookies may degrade experience (e.g., in-page booking).

Embedded content & links

Pages may include embeds (e.g., videos, calendars). Embedded content behaves like visiting that site directly. Those third parties may collect data; please review their privacy notices.

Data sharing & processors

We don’t sell your personal data. We share it only with:

  • Service providers (processors) who help us run the site and communications (hosting, email, scheduling, form handling, security). They’re bound by confidentiality and only process on our instructions.

  • Legal & safety: if required by law or to protect rights, security, and integrity.

  • Business transfers: if we undergo a merger, acquisition, or similar event, your data may transfer consistent with this policy.

International transfers

If we transfer data internationally, we use lawful mechanisms (e.g., SCCs, UK IDTA/ATPs, or adequacy decisions). We keep security controls in place.

Retention

  • Newsletter/contact data: retained until you unsubscribe or request deletion, plus up to 24 months for suppression logs and compliance.

  • Security logs: up to 12 months unless needed longer to investigate incidents.

  • Scheduling records: up to 24 months after the last interaction unless required longer.

  • Web server/application logs: typically 90–180 days (hosting defaults).

We delete or anonymize when no longer needed.

Your rights

Depending on your location, you may have rights to access, correct, delete, port, restrict, or object to processing; to withdraw consent; and to appeal automated decisions (we don’t make them).
Residents of California and other US states with privacy laws may request:

  • Know/access data categories and specific pieces.

  • Delete personal information.

  • Correct inaccuracies.

  • Opt-out of “sale” or “sharing” for cross-context behavioral advertising (we don’t sell or share for ads).

  • Limit use of sensitive data (we don’t use any for the website).

How to exercise: email love at guarditai.com with “Privacy Request” and your region. We’ll verify and respond within statutory timeframes. You won’t be discriminated against for exercising rights.

Security

We use TLS, access controls, least-privilege, and monitoring. No internet service is 100% secure; please use discretion when submitting information.

Children

Our site is for professionals. We don’t knowingly collect data from children. If you believe a child provided data, contact us to remove it.

Changes

We’ll update this policy as needed. Material changes will be signaled on-page with a new “Last updated” date.

Contact: love at guarditai.com