Privacy Policy

How GuardRail collects, uses, stores, discloses, and otherwise handles personal information.

Effective date: November 1, 2025

Introduction

This Privacy Policy explains how GuardRail collects, uses, stores, discloses, and otherwise handles personal information in connection with the Services.

We aim to manage personal information in an open and transparent way and to comply with applicable local and international privacy laws where they apply.

Who We Collect Information About

We may collect information about:

  • account holders,
  • client organisation users,
  • vendor organisation users,
  • individuals listed in vendor profiles,
  • website visitors,
  • support contacts,
  • billing contacts.

What We Collect

We may collect:

  • names, job titles, organisation names,
  • email addresses, phone numbers, contact details,
  • login credentials and authentication information,
  • user role and entitlement information,
  • vendor profile information submitted by users,
  • uploaded documents and metadata,
  • reminder and schedule information,
  • communications with us,
  • usage, device, browser, IP, and log data,
  • billing and transaction records,
  • website interaction analytics.

We do not intentionally request sensitive information unless it is reasonably necessary for the Services and supplied by users.

How We Collect Information

We collect personal information:

  • directly from you when you register, submit forms, upload information, contact us, or use the Services,
  • from your organisation,
  • from other users who invite you or enter your contact details,
  • automatically through cookies, logs, analytics, and security tools,
  • from third-party service providers such as payment, email, hosting, and analytics providers.

Why We Collect, Hold, Use, and Disclose Information

We use personal information to:

  • provide and operate the Services,
  • create and manage accounts,
  • authenticate users and secure accounts,
  • facilitate client-vendor workflows,
  • send reminders, notices, alerts, and service communications,
  • provide support,
  • manage billing and memberships,
  • improve, monitor, and secure the Services,
  • investigate misuse, fraud, or security incidents,
  • comply with legal obligations,
  • create aggregated or de-identified analytics.

Legal Basis / Basis for Processing

Where privacy laws apply, we handle information where reasonably necessary for our functions or activities and may rely on performance of a contract, legitimate interests, compliance with legal obligations, or consent where required.

Cookies and Analytics

We may use cookies and similar technologies to:

  • keep users signed in,
  • remember preferences,
  • understand website and product usage,
  • support security, fraud prevention, and troubleshooting.

You may control cookies through browser settings, though some features may not work properly if cookies are disabled.

Disclosure of Personal Information

We may disclose personal information to:

  • your organisation and its authorised users,
  • organisations you interact with through the Services,
  • hosting, infrastructure, email, analytics, payment, support, and security providers,
  • professional advisers,
  • regulators, law enforcement, or courts where required,
  • a purchaser or successor if we sell, merge, or reorganize our business.

We do not sell personal information as that term is commonly understood.

Overseas Disclosure

We may store or process information in countries outside the users’ jurisdiction, depending on our service providers and infrastructure. Where we disclose personal information overseas, we take reasonable steps to ensure recipients handle it in a manner consistent with applicable legal obligations.

Data Retention

We retain personal information for as long as reasonably necessary to provide the Services, comply with legal obligations, resolve disputes, enforce agreements, maintain backups, and protect the integrity and security of the Services. We may retain de-identified information indefinitely.

Security

We use administrative, technical, and organisational controls designed to protect personal information, including access controls, encryption in transit, secure hosting, role-based access, logging, and other reasonable security measures.

No internet transmission or storage system is completely secure, and we cannot guarantee absolute security.

Access and Correction

Subject to applicable law, you may request access to, or correction of, personal information we hold about you by contacting us. We may require verification of identity and may refuse or limit requests where permitted by law.

Direct Marketing

We may send service-related communications necessary for the Services. We may also send marketing or promotional communications where permitted by law.

You can opt out of marketing messages using the unsubscribe mechanism in the message or by contacting us. Service and transactional messages may still be sent where necessary.

Data Breaches

If a data breach occurs, we will respond in accordance with our incident response processes and applicable legal requirements. Where required, we will notify affected individuals and relevant regulators.

Children

The Services are not directed to children and should not be used by minors without proper authority.

Complaints

If you have a privacy complaint, contact us first using the details below. We will review the complaint and respond within a reasonable time.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time. If changes are material, we will provide notice through the Services, email, or both.

Contact

For privacy requests or complaints, contact: support@guardrail.club

Download this Document