ConsentGuard is operated by an individual founder during the preview period. This policy describes what data we collect and how we handle it.
What we collect:
- Account information (email address, name, organization name)
- API usage data (timestamps, action names, decision outcomes, audit metadata)
- Standard server logs (IP address, user agent)
What we do not collect:
- Personally identifiable information (PII) of your end users — do not submit this through the SDK
- Payment card data
- Sensitive personal data covered by DPDP Act 2023 special categories
How we use it:
- To operate the service (governance evaluation, audit logging, your dashboard)
- To prevent abuse (rate limiting, account verification)
- To communicate with you about your account
Where data is stored:
- Supabase Postgres in Mumbai (ap-south-1) for India data residency
- Email delivery via Resend (transactional email only)
Your rights (DPDP Act 2023):
- Request access to your account data
- Request deletion of your account
- Withdraw consent and stop using the service at any time
To exercise any of these rights: hello@getconsentguard.com
This policy applies to the preview release. A more comprehensive policy will be published before general availability.