Skip to main content

Privacy Policy

Last updated: June 8, 2026

Our Commitment to Privacy

Illya LLC (“we,” “our,” or “us”), the company behind the Guardimesh platform, is committed to protecting your privacy. We do not sell, trade, or share your personal information with third parties for marketing purposes. This Privacy Policy explains the minimal data we collect to operate our container malware scanning service, process billing, and prevent abuse.

Information We Collect

Account Information (Required)

When you register for an account, we collect only what is necessary:

  • Email address - Used for account identification, login, and service notifications
  • Password - Stored as a secure hash using Argon2 (we never store passwords in plain text)
  • Account creation timestamp and IP address - Used for fraud prevention and abuse detection

Billing Information (If You Subscribe)

For paid subscriptions, we collect:

  • Payment information - Processed securely through our payment processor (we do not store credit card numbers)
  • Billing email - For invoices and payment receipts
  • Subscription tier and billing dates - To manage your account and service access

Service Usage Data (Operational Necessity)

When you use our malware scanning service, we collect technical information necessary to provide the service:

  • Container scan results - Malware detections, scan timestamps, image names (stored for your access via the web console)
  • Pod and namespace information - To identify which workloads were scanned
  • API usage metrics - To monitor service health and enforce rate limits

Security and Anti-Abuse Data (Minimal Collection)

To protect our service and prevent abuse, we automatically collect:

  • IP addresses - We collect your IP address during account registration and login for fraud prevention, security monitoring, and abuse detection. This includes:
    • Registration IP address (stored with your account)
    • Last 10 login IP addresses (stored with your account for quick reference)
    • Complete IP audit log (separate from your account, includes registration and login events)
  • Access timestamps - To detect unusual activity patterns
  • Failed login attempts - To prevent brute force attacks
  • Rate limit violations - To identify and prevent service abuse
  • User agent strings - Browser/client information for security analysis

Duplicate Account Detection: We use IP addresses to detect and flag accounts that may be attempting to abuse our free trial or service limits. If we detect multiple accounts registered from the same IP address, these accounts may be flagged for manual review by our administrators. This is based on legitimate interest in preventing fraud and abuse under GDPR Article 6(1)(f).

Data Persistence After Account Deletion: To prevent immediate re-registration abuse, IP audit logs are retained for 90 days even if you delete your account. This is necessary to prevent bad actors from repeatedly creating and deleting accounts to abuse service limits. After 90 days, all IP addresses are permanently deleted from our systems.

We retain IP addresses and access logs for a maximum of 90 days for security purposes only. IP addresses are stored in plaintext in secure databases and are not shared with third parties except as required by law.

How We Use Your Information

We use your information only for these specific purposes:

  • Service Delivery: To provide malware scanning, store your scan results, and maintain your account
  • Billing: To process payments, send invoices, and manage subscriptions
  • Security: To detect and prevent fraud, abuse, and unauthorized access
  • Communication: To send service-related notifications (scan alerts, billing updates, security notices)
  • Support: To respond to your questions and troubleshoot issues
  • Legal Compliance: To comply with applicable laws and regulations

We do not:

  • Sell your personal information to anyone
  • Share your data with third parties for their marketing
  • Use your data for advertising or profiling
  • Track you across other websites or services

Data Sharing (Strictly Limited)

We never sell or trade your personal information. We share data only in these limited circumstances:

  • Service Providers (Minimal Access): We use trusted service providers for specific functions:
    • Google Cloud Platform - For hosting and infrastructure (subject to their privacy policy)
    • Payment processors - For secure billing (they do not receive your scan data)
    • Email service - For sending account activation and service notifications only

    These providers have access only to the data necessary to perform their functions and are contractually obligated to protect your information.

  • Legal Requirements: When required by law, court order, or to protect rights and safety (we will notify you unless legally prohibited).
  • Business Transfers: In the unlikely event of a merger or acquisition, your data would transfer under the same privacy commitments.

Data Security

We take security seriously and implement industry-standard measures to protect your information:

  • Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Password Security: Passwords are hashed using Argon2id (not reversible)
  • Access Controls: Strict role-based access to production systems
  • Network Security: Firewalls, intrusion detection, and regular security patches
  • Monitoring: 24/7 security monitoring for suspicious activity
  • Auditing: Regular security assessments and penetration testing

While we implement strong security measures, no system is 100% secure. We will notify you of any data breach affecting your account as required by law.

Data Retention (Clear Timelines)

Data TypeRetention Period
Account informationWhile account is active + 30 days after deletion
Scan resultsWhile account is active + 30 days after deletion
Billing records7 years (legal requirement for tax purposes)
IP addresses and access logs90 days maximum (for security/abuse prevention)
Support tickets3 years after closure

When you delete your account, we permanently delete all account data and scan results within 30 days, except billing records which we must retain for legal compliance.

Your Rights (Easy to Exercise)

You have full control over your data:

  • Access: View and download your scan results anytime via the web console
  • Correct: Update your email address in account settings
  • Delete: Delete your account and all associated data (except billing records required by law)
  • Export: Download your scan results in CSV or JSON format
  • Object: Contact us to object to any processing (we will respond within 30 days)

To exercise these rights, log into your account or email privacy@guardimesh.com

Cookies (Minimal Use)

We use cookies only for essential functions:

  • Session cookies - To keep you logged in (deleted when you close your browser)
  • CSRF tokens - To prevent cross-site request forgery attacks

We do not use: Advertising cookies, tracking cookies, or analytics cookies.

By using our service, you consent to these essential cookies. You can disable cookies in your browser, but the service will not function properly without them.

No Third-Party Tracking

Unlike many services, we do not use:

  • Google Analytics or similar tracking tools
  • Social media pixels or widgets
  • Third-party advertising networks
  • Cross-site tracking or behavioral profiling

Your activity on Guardimesh stays on Guardimesh.

Children's Privacy

Our service is intended for enterprise and professional use. We do not knowingly collect personal information from anyone under 18 years of age. If you are under 18, please do not register for an account.

International Data Transfers

Our infrastructure is hosted on Google Cloud Platform, primarily in United States data centers. If you access our service from outside the United States, your data will be transferred to and processed in the United States.

We ensure appropriate safeguards are in place for international transfers, including relying on GCP's compliance certifications and data processing agreements.

Data Processing Locations

For transparency, here is where your data is processed:

  • Application hosting: Google Cloud Platform (US)
  • Scan results storage: Google BigQuery (US)
  • Account data: Google Firestore (US)
  • Email delivery: Transactional email service (US)

California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information we collect and how we use it
  • Right to delete your personal information (subject to legal retention requirements)
  • Right to opt-out of sale of personal information (we do not sell your data)
  • Right to non-discrimination for exercising your privacy rights

To exercise these rights, email privacy@guardimesh.com with “CCPA Request” in the subject line.

European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):

  • Right of access to your personal data
  • Right to rectification of inaccurate data
  • Right to erasure (“right to be forgotten”)
  • Right to restriction of processing
  • Right to data portability
  • Right to object to processing

Our legal basis for processing your data is:

  • Contract: To provide the malware scanning service you signed up for
  • Legitimate interests: For security, fraud prevention, and service improvement
  • Legal obligation: For billing records and legal compliance

Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of material changes by:

  • Posting the updated policy on this page with a new “Last updated” date
  • Sending an email to your registered email address
  • Displaying a notice in your account dashboard

Your continued use of the service after changes take effect constitutes acceptance of the updated policy.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

  • Company: Illya LLC
  • Email: privacy@guardimesh.com
  • Subject Line: Include “Privacy Request” for faster processing
  • Response Time: We respond to privacy requests within 30 days

Summary

In short: We collect only what is necessary to provide our malware scanning service, process billing, and prevent abuse. We never sell or trade your data. You have full control over your information and can delete your account at any time.