Privacy Policy

Last Updated: December 4, 2025

1. Introduction

This Privacy Policy explains how MBGuards ("we", "our", "us") collects, uses, and protects your personal data.

We are committed to safeguarding your privacy and complying with:

  • GDPR (EU)
  • CCPA (California)
  • Other applicable data protection laws

By using the Service, you agree to the practices described in this Policy.

2. Information We Collect

We collect:

2.1. Account Information

  • Name
  • Email address
  • Password (hashed)
  • Company name (optional)

2.2. Domain Information

  • Domains you register
  • DNS verification records
  • Scan logs
  • Publicly accessible website metadata

2.3. Payment Information

Processed securely by Stripe. We do NOT store:

  • Credit card numbers
  • Billing addresses
  • Payment tokens

2.4. Usage Information

  • IP address
  • Browser and device info
  • Log timestamps
  • Rate limit activity
  • HTTP access logs

2.5. AI Processing Data

We may send limited non-sensitive data to AI providers (OpenRouter) to generate reports.

3. How We Use Your Information

We use your data to:

  • Provide and operate the Service
  • Verify domain ownership
  • Perform passive security scans
  • Generate AI reports
  • Improve platform performance
  • Enforce terms and prevent abuse
  • Send security alerts and notifications
  • Comply with legal requirements

We never sell personal data.

4. Data Sharing

We share data only with trusted providers:

4.1 Supabase

Hosting of database, authentication, and storage.

4.2 Stripe

Payment processing and subscription management.

4.3 OpenRouter / AI Providers

Used only for generating analysis text.

We NEVER share:

  • Private scanning results
  • Account credentials
  • Billing information

We NEVER sell user data.

5. Cookies and Tracking

We may use:

  • Session cookies
  • Analytics cookies
  • Security cookies
  • Preference cookies

You can disable cookies in your browser; however, some features may not work.

6. Data Retention

We retain data as long as necessary for:

  • Providing the Service
  • Complying with legal obligations
  • Preventing fraud
  • Maintaining system logs (typically 90 days)

You may request account deletion at any time.

7. Security

We use best practices:

  • Encryption in transit (HTTPS)
  • Rate limiting
  • Firewall rules
  • Hashed passwords
  • Role-based access control
  • Isolation of sensitive credentials
  • Outbound restrictions to prevent SSRF

However, no system can be 100% secure.

8. Your Rights

Depending on your jurisdiction, you may:

  • Access your data
  • Request correction
  • Request deletion
  • Request export of your data
  • Object to processing
  • Withdraw consent

To exercise rights: privacy@mbguards.com

9. Children's Privacy

Our Service is not intended for individuals under 18 years old.

We do not knowingly collect information from minors.

10. International Data Transfers

Data may be processed or stored in:

  • United States
  • European Union
  • Other secure cloud regions

We use providers that comply with GDPR and international standards.

11. Changes to This Policy

We may update this Privacy Policy periodically. The latest version will always be available on our website.

12. Contact

For privacy concerns:

privacy@mbguards.com

← Back to Home