Privacy Policy - Gardiyan System Security Inc.

Privacy Policy

Privacy Policy of Gardiyan System Security Inc.

Effective Date: 16.07.2025

This Privacy Policy (“Policy”) outlines the privacy practices of Gardiyan System Security Inc. (“Gardiyan,” “we,” “our,” or “us”) and applies to all websites owned or operated by Gardiyan that link to this Policy, including but not limited to www.gardiyan.com, and to all products and services offered through such websites and related mobile or desktop applications (collectively, the “Services”).

This Policy describes the types of personal data we collect, the purposes for which such data is processed, the legal bases on which we rely, how data is stored and shared, and the rights individuals have in connection with their personal data.

For all inquiries regarding this Policy or the exercise of any data protection rights, individuals may contact us at info@gardiyan.com.

1. Privacy Commitment

Gardiyan is committed to upholding the highest standards of privacy and data protection. We do not sell personal information to third parties, nor do we display third-party advertisements using our users’ data. Our data handling practices are designed to ensure that information is only collected, stored, and processed when necessary to provide our Services or as otherwise permitted by law.

2. Scope of the Policy

This Policy applies to all personal information collected by Gardiyan from users who access or interact with our Services, including website visitors, prospective customers, registered users, business partners, and service providers. It does not apply to third-party websites or services that may be linked from our website, nor does it govern the data practices of those third parties.

3. Information We Collect

Gardiyan collects information in three principal ways: information that users voluntarily provide, information collected automatically, and information obtained from third parties.

When a user creates an account, registers for events, submits contact forms, makes purchases, or communicates with Gardiyan, we may collect identifying details such as name, email address, phone number, company name, mailing address, and payment information (excluding full credit card numbers, unless explicitly authorized for secure storage by the user).

Automatically collected data includes information such as the user’s IP address, browser type, language preferences, device identifiers, access times, navigation history, and usage patterns across our website and applications. Cookies and other standard technologies may be used to enhance user experience and security. Gardiyan does not use third-party advertising cookies or other non-essential tracking tools.

From third-party sources such as identity providers (e.g., Google, LinkedIn), business partners, resellers, or publicly accessible platforms (e.g., social media and review sites), we may receive information necessary to fulfill user requests or analyze product engagement.

When the Gardiyan MDM app is installed on company-owned devices, it collects device location data, including background location, even when the app is closed or not in active use. This collection is required exclusively for enterprise security and management purposes and is not used for advertising or consumer tracking.

4. Legal Basis for Processing

Gardiyan processes personal data under lawful bases as defined by applicable data protection legislation. The primary bases include the necessity of processing for the performance of a contract, compliance with legal obligations, the pursuit of legitimate business interests that do not override the rights of the data subject, and user consent where required by law. Where consent is the lawful basis, it may be withdrawn at any time without affecting the lawfulness of prior processing.

5. Purpose of Data Collection

Personal information is collected and processed for purposes including, but not limited to, user account creation and maintenance, customer support, service delivery, transaction processing, fraud prevention, system monitoring, usage analysis, internal research, policy compliance, direct communication regarding Services, and notification of updates or policy changes. Additionally, data may be used to improve and develop Gardiyan’s offerings through anonymized analytics and service feedback.

5.1 Data Processing

Information provided in connection with services: You may entrust information that you or your organization (“you”) control, to Gardiyan in connection with use of our services or for requesting technical support for our products. This includes information regarding your customers and your employees (if you are a controller) or data that you hold and use on behalf of another person for a specific purpose, such as a customer to whom you provide services (if you are a processor). The data may either be stored on our servers when you use our services, or transferred or shared to us as part of a request for technical support or other services.

Information from mobile devices: When you elect to allow it, some of our mobile applications have access to the camera, call history, contact information, photo library, and other information stored on your mobile device. Our applications require such access to provide their services. Similarly, when you elect to provide access, location-based information is also collected for purposes including, but not limited to, locating nearby contacts or setting location-based reminders. This information will be exclusively shared with our mapping providers and will be used only for mapping user locations. The data stored on your mobile device and their location information to which the mobile applications have access will be used in the context of the mobile application, and transferred to and associated with your account in the corresponding services (in which case the data will be stored on our servers) or products (in which case the data will remain with you unless you share it with us).

Background location data is used solely to:

  • Enforce organizational geofencing and compliance policies,
  • Locate lost or stolen company devices,
  • Support remote security actions (e.g., lock or wipe).

This data is only accessible to authorized IT administrators within the organization and is never shared with third parties for marketing or analytics.

6. Data Retention

Personal data is retained for as long as necessary to fulfill the purposes for which it was collected or as required by law. When the data is no longer needed, it is securely deleted, anonymized, or isolated to prevent unauthorized access. Upon account termination, user data is removed from active systems.

7. Data Subject Rights

Gardiyan respects the rights granted to individuals under applicable data protection laws. These rights include the right of access to personal data, the right to rectification of inaccurate information, the right to erasure (the “right to be forgotten”), the right to restrict processing, the right to object to certain types of processing, the right to data portability, and the right to lodge a complaint with a supervisory authority. Gardiyan ensures that these rights are available to all users, regardless of geographic location.

Requests to exercise these rights can be directed to info@gardiyan.com. Gardiyan will respond in accordance with applicable legal timelines.

8. Data Shared with Third Parties

Gardiyan may grant access to personal data to its employees and authorised independent contractors, but only to the extent necessary for them to perform their duties and deliver, maintain, or improve the Services. All such personnel are bound by written confidentiality obligations and are subject to internal policies requiring them to protect personal data and to use it solely for legitimate, predefined business purposes.

Beyond its workforce, Gardiyan shares personal data only with external parties that are contractually obligated to safeguard that information. These parties may include service providers such as payment processors, hosting and IT-support vendors, resellers, event organisers, domain registrars, and authorised affiliates within the Gardiyan corporate structure. Whenever data is disclosed to any of these parties, Gardiyan executes appropriate data-protection agreements and limits access to the minimum necessary to fulfil the intended purpose.

Gardiyan does not sell personal data under any circumstances. Personal information may, however, be disclosed when required to comply with applicable laws, lawful court orders, or valid law-enforcement requests.

9. International Data Transfers

Gardiyan operates globally and may transfer personal data across jurisdictions where it or its authorized processors operate. In cases involving international transfers of personal data, appropriate safeguards such as Standard Contractual Clauses or equivalent data protection agreements are implemented to ensure compliance with the General Data Protection Regulation (GDPR) and other applicable laws. Copies of applicable transfer agreements may be requested by contacting info@gardiyan.com.

10. Children’s Privacy

Our Services are not directed to individuals under the age of 16. Gardiyan does not knowingly collect personal information from minors. If it is discovered that such data has been collected inadvertently, it will be promptly deleted. Individuals who become aware of such activity are requested to report it immediately to info@gardiyan.com.

However, using our products, you can collect information about individuals who may be children. If you process information relating to children, you acknowledge and agree that you will be responsible for complying with the applicable laws and regulations related to protection of such personal information.

12. Security Measures

Gardiyan implements and maintains administrative, technical, and physical safeguards to protect the confidentiality, integrity, and availability of personal data. These measures are reviewed and updated periodically to reflect current threats and industry best practices. Data access is restricted to authorized personnel who are subject to strict confidentiality obligations. For more information, users may consult our Security Policy or contact info@gardiyan.com.

13. Artificial Intelligence and Automation

Gardiyan may utilize machine learning, artificial intelligence, and pattern recognition technologies to enhance user productivity and product performance. Such features are designed to operate with anonymized or organization-specific data and do not expose user content to public training models. Service data is not used for external AI training purposes.

14. Changes to This Policy

Gardiyan reserves the right to modify this Privacy Policy at any time. Any material changes will be communicated to users via email or through a prominent notice on our website at least 30 days prior to their effective date. Continued use of the Services after the effective date constitutes acceptance of the modified Policy. Users who disagree with the changes may discontinue use of the Services and request data deletion.

15. Enterprise Device Management – Gardiyan MDM App

The Gardiyan MDM mobile application is not a consumer-facing product. It is deployed exclusively on company-owned devices in enterprise environments under IT administrator control.

  • The application operates as a background agent to enforce organizational policies.
  • Users are notified during enrollment that location and other sensitive data may be collected in the background for security purposes.
  • This process satisfies Google Play’s Prominent Disclosure & Consent requirements and complies with Android Enterprise standards.

16. Contact Information

All questions, concerns, or data-related requests under this Privacy Policy should be directed to:

Email: info@gardiyan.com
Mailing Address:
Gardiyan System Security Inc.