ANGUARDIA

Privacy Policy

Last updated: March 26, 2026

1. Introduction

Anguardia ("we", "us", "our") provides a cloud infrastructure scanning platform that helps engineering teams identify and resolve AWS security findings. This Privacy Policy explains how we collect, use, store, and protect your information when you use our service at app.anguardia.com (the "Service").

2. Information We Collect

Account Information

When you create an account, we collect your email address, full name, and company name. This information is used to identify your account and personalise your experience.

AWS Account Metadata

When you connect an AWS account, we store the IAM Role ARN, an external ID (UUID), a friendly account name you provide, and metadata generated from scanning (findings, severity levels, resource identifiers, remediation guidance). We do not store AWS access keys, secret keys, or session tokens beyond the duration of a scan.

Billing Information

Payment processing is handled entirely by Stripe. We store your Stripe customer ID, subscription plan, and subscription status. We do not store credit card numbers, bank account details, or other payment instruments. See Stripe's Privacy Policy for how they handle your payment data.

Usage Data

We collect standard server logs (IP address, browser type, pages visited, timestamps) to maintain and improve the Service. We do not use third-party analytics or tracking scripts.

3. How We Access Your AWS Environment

Anguardia accesses your AWS account exclusively through IAM AssumeRole with an external ID for confused-deputy protection. Our access is strictly read-only. We use temporary credentials that expire after each scan session.

Specifically, we request the following IAM permissions:

  • iam:GenerateCredentialReport
  • iam:GetCredentialReport
  • iam:GetAccountAuthorizationDetails
  • iam:GetAccountPasswordPolicy
  • iam:ListAccessKeys
  • iam:GetAccessKeyLastUsed
  • iam:ListUserTags
  • iam:GetRole
  • iam:GetUser
  • sts:GetCallerIdentity

We never create, modify, or delete any resources in your AWS account. The CloudFormation template we provide creates a single read-only IAM role scoped to these permissions.

4. How We Use Your Information

  • To provide the Service — scanning your AWS environment, generating findings, and displaying your security backlog.
  • To manage your account — authentication, profile settings, and subscription billing.
  • To communicate with you — transactional emails related to your account (e.g., password reset). We do not send marketing emails.
  • To improve the Service — aggregated, anonymised usage patterns to improve scanning accuracy and user experience.

5. Data Storage and Security

Your data is stored in a Supabase-hosted PostgreSQL database with Row Level Security (RLS) enforced at the database level. Each user's data is isolated — you can only access your own accounts, findings, and scans.

All data is encrypted in transit (TLS) and at rest. Authentication is handled by Supabase Auth with secure, httpOnly session cookies.

6. Data Sharing

We do not sell, rent, or trade your personal information. We share data only with:

  • Supabase — as our database and authentication provider.
  • Stripe — as our payment processor, only for billing purposes.
  • AWS — temporary read-only API calls to your account using credentials you explicitly provision.

We may disclose information if required by law or to protect our rights, but we will notify you where legally permitted.

7. Data Retention and Deletion

Your data is retained for as long as your account is active. When you delete an AWS account from Anguardia, all associated findings, scans, and metadata are permanently deleted from our database.

To delete your entire Anguardia account and all associated data, contact us at the email below. We will process deletion requests within 30 days.

8. Cookies

We use a single authentication cookie managed by Supabase to maintain your session. We do not use advertising cookies, tracking pixels, or third-party analytics cookies.

9. Your Rights

You have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate information in your profile.
  • Delete your account and all associated data.
  • Withdraw consent for data processing (by closing your account).

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by displaying a notice in the Service. Your continued use of the Service after changes constitutes acceptance of the updated policy.
Back