Policy

At Guardian, we prioritize your privacy above all else. From leadership to engineering to customer support, privacy is not just a word, it is a persistent state of mind and the starting point to anything that we touch. Our no-logs policy is a cornerstone of our commitment to safeguarding your personal data and ensuring a secure and anonymous online experience. From the moment you connect to our VPN servers, we make certain that none of your identifying information is recorded or stored. The Guardian team has built the service from day one first and foremost for themselves and their families to use, so protecting our customer’s privacy also means protecting our own privacy.

We understand the importance of maintaining your online privacy in an era of pervasive surveillance capitalism, ad micro-targeting, and data breaches. That’s why we have designed our system to operate without logging any information related to your online activities. Our VPN infrastructure is meticulously crafted to prevent any possibility of collecting or retaining personally identifiable information. Guardian has started the process of undergoing regular security and data privacy audits by independent third-party experts, with our initial software security audit occuring in February 2024 and our initial infrastructure security audit occuring in April 2024. These audits help verify that our practices and production configurations align with our stringent stance on data privacy. We share these reports in full in order to provide as much transparency as possible to end users. We plan to continually undergo these audits, on at least an annual basis, in order to help keep us honest and worthy of your trust as an end-user.

Read the API software audit here
Read the Infrastructure security audit here

Our servers are equipped with state-of-the-art technologies that guarantee data encryption and anonymity. We employ advanced security protocols and a strict access control policy to prevent unauthorized access to our systems. With Guardian, you can trust that your digital footprint will remain invisible and your information will stay secure.

Guardian System Architecture: Private By Design

What We Do Not Log

• No DNS traffic is logged
• Network activity is not logged, with the exception of “blocked tracker” alerts, if you use the Alerts feature (This can be switched off in OEM implementations)
• No individual bandwidth usage data is logged
• No originating IP address information is logged
• No account activity information is logged
• No connection metadata is logged

Separation of Subscriber Data and VPN Infrastructure

• If you sign up for a Guardian Pro account, your E-Mail address is stored in our system as well as a payment reference to our payment processing partner Stripe in order to allow you to login and use the service. The E-Mail Address and the payment reference is NOT stored on our VPN servers, and is not accessible from our VPN servers.
• If you sign up through the App Store, Play Store, directly or through an OEM partner who utilizes in-app purchase (IAP) receipts, then only Apple or Google will have access to information about you. We will only “see” and process a cryptographically-signed IAP receipt, attesting to your right to access our service. We do not require an E-Mail address or any other personal information to be paired with your account.
• If you are signed up through an OEM partner, only the partner has access to your information. We are only presented with an opaque unique identifier, for which only the OEM provider can link to your payment information or otherwise. We use this opaque identifier to verify with an OEM attestation server to ensure your subscription is still valid, and to check what the subscription expiration date is.
• The authentication process on our VPN servers, whether from a Guardian Pro account, an IAP receipt, or an anonymized OEM partner credential, uses an cryptographically signed intermediary JSON Web Token to attest to the “fact of” payment to our VPN servers. Our VPN servers do not see or process any personal data in order to verify your ability to connect. They simply perform a cryptographic verification of the attestation to confirm that you are a paying subscriber.

VPN Infrastructure: Data on Disk

• WireGuard or IKEv2 VPN credentials, depending on the selected protocol, are stored on the local disk of each node. These credentials are ephemeral per VPN node, and can be re-generated at any time by using the “Reset Credentials” capability within the Guardian app, or the app of a Guardian Connect OEM provider. There is no stored link between these ephemeral credentials and any subscriber data, as explained in the previous section.
• An API key, associated with your VPN credentials, is generated and present, for the purposes of allowing your device to access alerts for blocked tracking connections, and/or Push Notifications for such alerts. The token and any related data is securely stored on device in the encrypted keychain/keystore secrets store, depending on the device platform.
• Alerts for specific blocked connections are what is used to populate the alert counts and details within the Guardian Firewall app (eg. “Blocked Data Tracker”). The alert content is marked for deletion after your device has downloaded the latest alerts from the VPN server. The alerts capability can also be disabled altogether in Guardian Connect OEM implementations, if there is no desire to observe or count blocked connections
• “Last Disconnect Time” is a timestamp for the last observed network activity for a given ephemeral credential pair. This data never leaves the VPN node. This allows us to prune credentials, and associated alerts, for which we have not seen recent activity. You won’t notice this, because the Guardian Firewall app will generate a new credential pair for you in the background when you connect next.