What data we collect
Guardian stores the information you give it: your account email, your profile details, the documents you upload, and the data extracted from those documents (such as names, dates, and policy numbers).
We also keep basic operational records — like when a document was uploaded — so the product can work reliably. We do not collect data from your device beyond what you explicitly provide.
If email reminders are enabled, we send deadline reminder emails to your sign-in address. You can turn these off at any time from the Settings page.
How authentication works
Sign-in is handled through Supabase Auth. When you log in, you receive a session token that identifies you on every request. Pages and APIs that touch your data require a valid session — without one, requests are rejected.
Your password is never stored in plain text; Supabase Auth stores only a secure hash.
How user access is separated
Every document, profile, alert, and document chat in the database is tied to an account and a vault. Row Level Security (RLS) policies are enforced at the database level, which means the database itself refuses to return rows you are not allowed to see — even if application code contains a bug.
By default, vaults belong to one owner. On business and client vaults, the owner can invite another signed-in Guardian user as an Editor. Editors can add documents and Daily Logs and Ask Gideon on that exact vault. Gideon conversations stay private to each person. Other vaults on either account remain private.
Where your files are stored
Uploaded files are stored in Supabase Storage in a bucket scoped to your account. Files are transferred over HTTPS, so they are encrypted in transit between your device and our servers.
Access to stored files goes through the same authenticated session checks as the rest of the product.
How AI processing works
When you choose to analyze a document, Guardian sends it to Anthropic's Claude API to extract key facts and generate plain-language explanations and recommendations. Analysis only happens when you request it. Guardian labels the source of each statement: which facts came directly from your document, which dates were calculated, and which recommendations were generated by AI.
You can also ask follow-up questions about a document you own after it has been analyzed. Chat answers are grounded in that document's analysis, stay private to your account, and use the same Claude AI provider. Chat history is stored with your account and deleted when you delete the document or your account.
Ask Gideon searches only the active Guardian profile's vault and relevant Daily Logs (embeddings via OpenAI for documents, keyword retrieval for logs; answers via Claude). One login can own multiple profiles; each profile has separate documents, Daily Logs, analyses, attention items, and conversations. Retrieval and chat history are limited to your account via Row Level Security, and to the active profile by profile_id. Daily Logs are user-entered notes and are labeled separately from document facts.
AI output can be wrong. Always verify important dates and decisions against the original document, which stays available to you at all times.
Document sharing
You can create an expiring share link for a single document from your vault. Recipients open a public link that shows the document's name and, when available, its analysis summary and key facts. By default the file itself is not included; you can optionally allow temporary file access.
Share links expire after 1, 7, or 30 days (your choice) and can be revoked at any time. Sharing one document does not grant access to your account, other profiles, chats, Daily Logs, or the rest of your vault.
What is not yet implemented
We believe accurate wording matters more than impressive wording. The following are NOT currently in place, and we will not claim them until they are built and independently verified:
- End-to-end or zero-knowledge encryption (our systems can technically access stored files in order to process them)
- HIPAA compliance
- SOC 2 certification
- Guaranteed protection from all breaches — no service can honestly promise this
What we can accurately say today: data is encrypted in transit, protected by authenticated access, and separated by account and vault membership. Opt-in document share links are time-limited and revocable. Business/client vault collaborator invites are owner-controlled and revocable.
How you can delete your data
You can delete any document from within the app. Deleting a document removes its database record, the stored file, and the extracted data, alerts, and chat history tied to it.
You can also delete your entire account from the Settings page. That permanently removes your account, profile, all uploaded documents and stored files, extracted data, alerts, and document chat history.
How to report a security concern
If you believe you have found a vulnerability or notice anything that looks wrong, email security@guardian.app with a description of the issue. Please do not publicly disclose the issue until we have had a chance to investigate and fix it.
We read every report and will respond as quickly as we can.