JustGuard Privacy Policy

Last updated: April 18, 2026

This Privacy Policy explains how JustGuard ("the Company," "We," "Us"), a Belgian cybersecurity platform, collects, uses, protects, and discloses Your information when You use Our Service. It also outlines Your privacy rights under the General Data Protection Regulation (GDPR). By using the Service, You agree to this policy.

Interpretation and Definitions

The following definitions apply:

  • Company (We, Us, Our) refers to JustGuard, (BE0804.357.949), located in Belgium.

  • Personal Data is information relating to an identified or identifiable individual.

  • Service refers to the JustGuard cybersecurity platform and Website.

  • Service Provider is any third party processing data on Our behalf (e.g., hosting, analytics).

  • Usage Data is data collected automatically from the Service infrastructure (e.g., page duration, IP address).

  • You is the individual or entity accessing the Service.

Collecting and Using Your Personal Data

Data We Collect

Directly Provided Data

When you create an account, we collect:

  • Email & Password: Your email address and a secure, hashed password (if using email sign-up).
  • Name: First and last name (if provided).
  • Support Data: Information shared when contacting our support.

Data from Third-Party Logins (GitHub & Google)

If you use GitHub or Google to sign in, we collect the unique ID, name, and email address associated with that account.

Payment Data

When you subscribe to a paid plan or purchase services (e.g., domain takedowns), payment processing is handled by Stripe. We store a Stripe customer identifier linked to your account and subscription metadata (plan, billing interval, status, period dates). We do not store your full credit card number — card data is tokenized and held exclusively by Stripe in accordance with PCI-DSS standards. Stripe may collect your name, email, billing address, and card details directly during checkout.

Session & Technical Data

When you sign in, we create a session record that includes your IP address and browser user agent. This data is used to detect unauthorized access and is automatically deleted when the session expires (24 hours).

Usage Data and Tracking

We collect Usage Data (IP address, browser type, pages visited) to monitor, secure, and improve the Service.

Cookies & Tracking Technologies: We use cookies to enhance your experience. For essential functions (authentication, security), we use Necessary Cookies which cannot be disabled. For analytics (PostHog), we use Optional Cookies which are only set if you explicitly give your consent via our Cookie Banner. You can withdraw your consent at any time.

How and Why We Use Your Data (Legal Basis - GDPR)

We use your Personal Data only when we have a legal basis to do so:

  • Performance of a Contract: To provide and maintain the Service, manage Your Account, and fulfill essential services (e.g., running scans).
  • Legitimate Interest: To improve our Service, prevent fraud, and send essential service communications.
  • Consent: For marketing and optional data processing, where required.
  • Legal Obligation: To comply with applicable laws and regulations.

Disclosure of Your Data

We may share your data in the following circumstances:

  • Service Providers: With third parties under contract to perform functions on Our behalf.
  • Business Transfers: In connection with a merger, sale, or acquisition of assets.
  • Affiliates: With Our parent company or subsidiaries, bound by this policy.
  • Legal Requirements: If required by law, court order, or governmental authorities.
  • Consent: With Your explicit permission for other purposes.

Key Service Providers (Processors)

We engage trusted third-party service providers to help us deliver the Service. These processors act on our behalf and are contractually bound to protect your data:

  • PostHog (EU):We use PostHog for product analytics to understand how users interact with our platform. Data is hosted in the European Union (Frankfurt). PostHog is configured to anonymize data where possible and respects your "Do Not Track" and cookie consent preferences.
  • Sentry (EU/US): We use Sentry for real-time error tracking and performance monitoring to identify and fix bugs. We filter personally identifiable information (PII) before sending data to Sentry. Our Sentry instance is configured to use data residency within the EU (Germany) where applicable.
  • Microsoft Azure (EU): Cloud hosting and infrastructure provider. All primary data processing occurs within the European Union.
  • Stripe (EU/US): We use Stripe for payment processing, subscription management, and invoicing. Stripe receives your name, email address, and payment card details (tokenized) when you subscribe to a paid plan or purchase services. Stripe acts as both a data processor (on our behalf) and an independent controller (for fraud prevention and regulatory compliance). For more information, see Stripe's Privacy Policy.
  • Resend (EU/US):We use Resend to send transactional emails, including account verification, password reset, and service notification emails. Resend receives the recipient's email address and name to deliver these messages on our behalf.
  • Google reCAPTCHA (EU/US): We use Google reCAPTCHA to protect certain forms (e.g., demo requests) against automated abuse. reCAPTCHA may collect your IP address, browser and device characteristics, and interaction data. Google acts as a data processor under the Google Cloud Data Processing Addendum and uses this data solely to provide and maintain the reCAPTCHA service. reCAPTCHA is only active on specific public forms and is not used on authenticated pages.

Data Retention and Transfer

Data Retention

We retain Personal Data only as long as necessary for the outlined purposes, legal compliance, and security. The following retention periods apply:

  • Account data (name, email, profile): retained for the lifetime of your account. Deleted upon account closure, subject to any legal retention obligations.
  • Session data (IP address, user agent): automatically deleted after 24 hours.
  • Authentication tokens (email verification, password reset): expire after 1 hour.
  • Payment & subscription data: retained for the duration of the subscription plus the period required by Belgian accounting and tax law (currently 7 years for invoicing records).
  • Analytics data (PostHog): subject to PostHog's retention settings, currently configured to retain data for 12 months.
  • Error logs (Sentry): retained for 90 daysper Sentry's default retention policy.

International Transfer

We primarily process data within the European Economic Area (EEA). If data is transferred outside the EEA, we ensure adequate safeguards are in place, typically through Standard Contractual Clauses (SCCs), to maintain equivalent data protection standards.

Your Data Protection Rights (GDPR)

As an EEA resident, you have the right to:

  • Access your data.
  • Rectification (correct errors).
  • Erasure ("right to be forgotten").
  • Restrict Processing or Object to Processing.
  • Data Portability (receive a copy in a standard format).
  • Withdraw Consent at any time.
  • Lodge a complaint with the Belgian Data Protection Authority (GBA/APD).

Contact us to exercise these rights.

Security and Policy Changes

Security of Your Personal Data

As a cybersecurity platform, we implement strong technical and organizational measures (e.g., encryption, access controls) to protect Your data. However, absolute security cannot be guaranteed for data transmitted over the Internet.

Children's Privacy

Our Service is not directed at anyone under the age of 16. If we learn we have collected data from a child under 16 without parental consent, we will take steps to remove it.

Changes to this Policy

We will update this Privacy Policy periodically. We will notify you of any material changes via email and/or a prominent notice on the Service before the change takes effect.

Contact Us

For any questions about this Privacy Policy or to exercise your rights:

  • By Email: hello@justguard.be