Privacy Policy

This policy applies to all users of the GuardianCircle mobile application (Android), the web dashboard at guardiancircle.ca, and any related services.

When you create an account: your email address and, optionally, your name. If you sign in with Google, we receive your Google account email and display name.

When a senior uses the mobile app: incoming SMS and MMS messages from unknown senders only are analyzed for scams. We collect the sender's phone number or email address and the message body. Messages from anyone saved in the senior's contact list are never read, never sent to our servers, and never stored.

When using call protection: voicemail recordings left by unknown callers are transcribed and analyzed. The transcription text and a reference to the audio file are stored.

When using the notification listener (optional): notification preview text from messaging apps you explicitly enable in Settings is analyzed in the same way as SMS.

Usage data: standard server logs (IP address, browser/app version, request timestamps). Retained for up to 90 days for security and debugging.

• Messages from anyone in the senior's contact list
• Outgoing messages or calls
• Device location or GPS data
• Photos, files, or media on the device
• Passwords or financial account numbers

Message content is used solely to detect scams in real time and generate caregiver alerts. We do not use message content for advertising, profiling, or any purpose other than scam detection.

Account information (email, name) is used to authenticate you, link caregivers to seniors, and send security notifications (sign-in links, OTP codes).

Google Cloud (Gemini AI): Message content (sender number/email + message body) is sent to Google Cloud's Vertex AI API in the Canada (Montréal) region for scam analysis. Data processed through Vertex AI is not used to train Google's AI models. Google Cloud is SOC 2 Type II and ISO 27001 certified. Because inference runs in Canada, this is not a cross-border transfer under PIPEDA.

Twilio Inc.: Phone numbers provisioned for call protection are managed by Twilio. Voicemail recordings are stored on Twilio's infrastructure temporarily for transcription, then the transcription text is copied to our Canadian database and the recording is deleted within 7 days.

Fly.io: Our servers and database run on Fly.io's infrastructure in the Toronto (yyz) region. Message analysis results and account data remain in Canada.

We do not sell, rent, or trade personal information to any third party.

Scam analysis results (event records) are retained until you delete your account or request deletion. You can delete all your data at any time from the app Settings → Account → Delete my data.

Server logs are retained for 90 days. Twilio call recordings are deleted within 7 days of being transcribed.

A caregiver can only see scam alerts for a senior who has explicitly linked them using a 6-digit code generated by the senior. The senior is the sole gatekeeper of their own data.

By default, caregivers see only the scam type and a redacted sender (e.g., "***4321"). Seeing full message content requires the senior to turn on the "Share full messages" toggle in Settings for that specific caregiver.

All data in transit is encrypted using TLS 1.2+. Data at rest is encrypted at the database level. Authentication uses one-time codes and short-lived JWT tokens stored in secure on-device storage. We do not store plaintext passwords.

If you believe there has been a security incident, please contact us immediately at [email protected].

You have the right to:

• Know what personal information we hold about you
• Request correction of inaccurate information
• Request deletion of your account and all associated data
• Withdraw consent at any time (by deleting your account)
• File a complaint with the Office of the Privacy Commissioner of Canada

To exercise any of these rights, email [email protected].

We will notify users of material changes to this policy by email and by a notice in the app at least 14 days before the changes take effect.

GuardianCircle
Email: [email protected]
Website: guardiancircle.ca