Privacy Policy

Last updated: February 2026

1. Introduction

BreachGuard ("we," "us," or "our") operates the website and service at breachguard.app. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our breach monitoring service. Please read this policy carefully. By using BreachGuard, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

Account Information

When you create an account, we collect your name, email address, and password (stored as a salted hash). If you subscribe to a paid plan, payment information is collected and processed by our payment provider.

Monitored Assets

You provide email addresses and domain names you wish to monitor. These are stored encrypted at rest and used solely to check against breach databases on your behalf.

Usage Data

We automatically collect information about how you interact with our service, including IP address, browser type, operating system, pages visited, and timestamps. This data helps us improve the service and diagnose technical issues.

3. How We Use Your Information

  • To provide and maintain the breach monitoring service
  • To check your monitored assets against known data breaches
  • To send you breach alerts and security notifications
  • To process payments and manage your subscription
  • To communicate with you about service updates and support requests
  • To improve, personalize, and expand our service
  • To detect, prevent, and address technical issues or abuse

4. Data Storage & Security

Your data is stored on secure, encrypted servers. We use industry-standard security measures including TLS encryption in transit, AES-256 encryption at rest, and regular security audits. Passwords are never stored in plaintext — we use bcrypt hashing with unique salts. While no method of electronic storage is 100% secure, we strive to use commercially acceptable means to protect your personal information.

5. Third-Party Services

We use the following third-party services to operate BreachGuard:

  • Stripe — Payment processing. Stripe collects and processes your payment information under their own privacy policy. We do not store your full credit card number.
  • Breach Databases — We query public and licensed breach databases (including Have I Been Pwned) to identify compromised records. Only hashed or k-anonymity queries are used where supported; your plaintext email is never shared with third parties unnecessarily.
  • Email Delivery — We use third-party email services to send breach alerts and transactional emails.

6. Cookies

We use essential cookies to maintain your session and authentication state. We may also use analytics cookies to understand how visitors interact with our site. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, disabling cookies may prevent you from using some features of the service.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access — Request a copy of the personal data we hold about you
  • Correction — Request correction of inaccurate or incomplete data
  • Deletion — Request deletion of your personal data and account
  • Export — Request a portable copy of your data in a machine-readable format
  • Restriction — Request that we limit the processing of your data
  • Objection — Object to our processing of your data in certain circumstances

To exercise any of these rights, please contact us at privacy@breachguard.app. We will respond to your request within 30 days.

8. Data Retention

We retain your account information and monitored assets for as long as your account is active. If you delete your account, we will remove your personal data within 30 days, except where we are required to retain it for legal or regulatory purposes. Anonymized usage data may be retained indefinitely for analytics purposes.

9. Children's Privacy

BreachGuard is not intended for use by anyone under the age of 16. We do not knowingly collect personal information from children. If we discover that a child has provided us with personal data, we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new policy on this page and updating the "Last updated" date. Continued use of the service after changes constitutes acceptance of the revised policy.

11. Contact Us

If you have any questions about this Privacy Policy, please contact us at privacy@breachguard.app.