This Privacy Policy explains how DriftGuard (“we,” “us,” or “our”) collects, uses, and shares information when you use the hosted service at driftguard.org, including our web console, API, and MCP-hosted endpoints.

Our open-source software on GitHub that you run locally is outside the scope of this Policy unless it connects to our hosted Service.

1. Information we collect

Account and identity

Service data you provide

Payment information

Paid subscriptions are processed by Lemon Squeezy (merchant of record). We receive subscription status, plan tier, customer email, and transaction references—not full payment card numbers. Lemon Squeezy’s privacy policy governs payment data they collect: lemonsqueezy.com/privacy.

Technical and usage data

2. How we use information

We use information to:

We do not sell your personal information. We do not use watch content to train general-purpose AI models.

3. Legal bases (EEA/UK users)

Where GDPR or UK GDPR applies, we rely on: contract (providing the Service you requested); legitimate interests (security, analytics, product improvement); and consent where required (for example, non-essential cookies if we add them). You may withdraw consent without affecting the lawfulness of prior processing.

4. How we share information

We share information only as needed to operate the Service:

Team workspace admins may access organization watches and keys according to their role.

5. International transfers

We operate from Kenya and use global infrastructure providers. Data may be processed in countries other than yours. Where required, we rely on appropriate safeguards such as standard contractual clauses or equivalent mechanisms offered by our processors.

6. Retention

Retention depends on your plan and settings:

You may request deletion of your account by emailing hello@driftguard.org. Some data may persist in encrypted backups for a limited time.

7. Security

We use HTTPS, hashed API keys, encrypted sensitive headers at rest where configured, access controls, and rate limiting. No method of transmission or storage is 100% secure; you are responsible for protecting credentials and avoiding secrets in URLs or logs.

8. Your rights

Depending on your location, you may have rights to access, correct, delete, restrict, or port personal data, and to object to certain processing. To exercise these rights, contact hello@driftguard.org. We will respond within applicable deadlines.

EEA/UK residents may lodge a complaint with their local data protection authority. Kenya residents may contact the Office of the Data Protection Commissioner.

9. Cookies and analytics

We use essential cookies for authentication and session management (dg_session). Sign-in with Google may involve Google Identity Services cookies subject to Google’s privacy policy.

On marketing pages (/, /pricing, /resources, and /docs), we also run:

The authenticated console, admin surfaces, and API routes do not load PostHog or show the marketing consent banner.

You can change your choice by clearing site cookies for driftguard.org and revisiting a marketing page.

10. Children

The Service is not directed to children under 16. We do not knowingly collect personal information from children. Contact us if you believe a child has provided data and we will delete it.

11. Changes

We may update this Policy by posting a new version on this page. Material changes will be communicated where appropriate. Continued use after the effective date constitutes acceptance.

12. Contact

Privacy questions and requests: hello@driftguard.org