Legal

GDPR Compliance

Last updated: June 4, 2026

1. Our Commitment to GDPR

ADAGuard is committed to complying with the General Data Protection Regulation (EU) 2016/679 ("GDPR"). This page explains how we handle personal data of EU and EEA residents, what rights you have, and how to exercise them.

Data Controller: ADAGuard is the data controller for personal data collected through our platform.
Contact: [email protected]

2. Legal Bases for Processing

We process personal data under the following lawful bases (Article 6 GDPR):

  • ContractTo provide the ADAGuard service, process payments, and manage your account.
  • Legitimate InterestSecurity monitoring, fraud prevention, and service improvement.
  • ConsentMarketing emails and non-essential analytics cookies — you may withdraw consent at any time.
  • Legal ObligationCompliance with applicable law, including tax and financial record-keeping requirements.

3. Your Rights Under GDPR

As an EU/EEA resident, you have the following rights:

  • Right of Access (Art. 15)Request a copy of the personal data we hold about you.
  • Right to Rectification (Art. 16)Ask us to correct inaccurate or incomplete personal data.
  • Right to Erasure (Art. 17)Request deletion of your personal data where no longer necessary ("right to be forgotten").
  • Right to Restriction (Art. 18)Ask us to restrict processing of your data in certain circumstances.
  • Right to Data Portability (Art. 20)Receive your personal data in a structured, machine-readable format.
  • Right to Object (Art. 21)Object to processing based on legitimate interests or for direct marketing.
  • Right to Withdraw Consent (Art. 7)Withdraw consent for consent-based processing at any time without affecting prior processing.

To exercise any right, email [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with your local supervisory authority.

4. Data We Collect

We collect only the data necessary to deliver the service:

  • Account information: name, email address, hashed password
  • Billing details: passed directly to our payment processor (Dodo Payments); we store only the last-four digits and card type
  • Usage data: scanned URLs, scan results, and settings configured in the dashboard
  • Log data: IP address, browser type, and timestamps retained for security purposes (max 90 days)
  • Cookie data: see our Cookie Policy

5. International Data Transfers

ADAGuard is hosted in the United States. When we transfer personal data from the EU/EEA to the US, we rely on Standard Contractual Clauses (SCCs) as approved by the European Commission, and/or service providers that participate in recognised adequacy frameworks. A list of our sub-processors is available on request.

6. Data Retention

We retain personal data for as long as your account is active, plus a further period required by law (7 years for billing records, per financial record-keeping requirements). Scan results are retained according to your plan limits. You may request earlier deletion via the rights process in Section 3.

7. Data Processing Agreement (DPA)

If you use ADAGuard to process personal data on behalf of your users (e.g., scanning pages that contain user data), ADAGuard acts as a data processor and you are the controller. A Data Processing Agreement is available for Business and Enterprise customers. To request a DPA, email [email protected].

8. Security

We implement technical and organisational measures appropriate to the risk, including TLS encryption in transit, encryption at rest, role-based access controls, and regular security assessments. In the event of a personal data breach affecting EU/EEA residents, we will notify the relevant supervisory authority within 72 hours where required.

9. Cookies and Consent

We use strictly necessary cookies to operate the service and, with your consent, analytics cookies to understand how visitors use our site. You can manage your cookie preferences at any time via the cookie banner or our Cookie Policy. Withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal.

10. Changes to This Page

We may update this GDPR compliance page when our practices change or when required by law. Material changes will be notified by email or a prominent notice on our site at least 14 days before they take effect.

11. Contact

For all privacy-related enquiries including GDPR rights requests:

ADAGuard Privacy Team
[email protected]