Start Free

Privacy Policy

Effective: June 12, 2026Version 2.0AuxDynamics Inc. · Calgary, Alberta, Canada

This Privacy Policy explains how AuxDynamics Inc. ("AuxDynamics", "we", "us") collects, uses, stores, and protects information when you use the MastGuard platform at mastguard.io and app.mastguard.io, our SDKs, and our APIs (together, the "Service").

1. Who we are

AuxDynamics Inc. is a corporation headquartered in Calgary, Alberta, Canada. For account data, billing data, and website analytics, AuxDynamics is the data controller. For AI agent event data that customers submit to the Service, the customer is the controller and AuxDynamics acts as a data processor on the customer's documented instructions.

2. Data we collect

Account data

  • Name, work email address, and organization details you provide at sign-up.
  • Identity attributes from your Microsoft Entra ID sign-in (email, display name, directory identifier). We do not receive or store your password.

Agent event data

  • Structured governance events submitted by your agents through our SDKs and APIs: agent identifier, action type, policy decision, risk classification, timestamps, and content hashes.
  • Where a customer enables content-level features, prompt and response content associated with security events. This content is encrypted at rest and is never used to train AI models.

Billing data

  • Subscription plan, usage metering (event counts, scan counts), and invoicing records. Payment card details are collected and processed by Stripe; we never store card numbers.

Usage analytics

  • Service logs (IP address, browser type, pages visited, API endpoints called) used for security, debugging, and capacity planning.

3. How we use data

  • To operate the Service: monitoring, policy evaluation, human review queues, audit trails, and compliance reporting.
  • To meter usage and bill subscriptions through Stripe.
  • To secure the platform, investigate abuse, and meet our legal obligations.
  • To respond to support requests and, where you opt in, send product updates.

We do not sell personal information, and we do not use customer agent event data to train AI models.

4. Storage and security

  • The Service runs on Microsoft Azure. Production databases and storage are deployed in Azure regions operated by Microsoft, with private network isolation.
  • Sensitive event content is encrypted at rest using AES-256-GCM, with keys held in Azure Key Vault. All traffic is encrypted in transit using TLS.
  • Audit ledgers are append-only and integrity-protected with SHA-256 hash chaining, so records can be verified and cannot be silently edited or deleted.
  • Access to production systems is restricted, logged, and reviewed. Administrative actions on the platform are themselves written to an append-only audit record.

5. Data retention

  • Free plan: agent event data is retained for 7 days.
  • Pro plan: agent event data is retained for 90 days.
  • Enterprise plan: agent event data and audit exports can be retained for up to 7 years in immutable storage to satisfy regulatory audit obligations.
  • Account and billing records are retained for as long as your account is active and thereafter as required by Canadian tax and corporate law.

6. GDPR rights

Where the EU General Data Protection Regulation applies, you have the right to access, rectify, port, and erase your personal data, to restrict or object to processing, and to lodge a complaint with a supervisory authority.

Erasure is implemented as a production workflow, not a manual promise: on a verified request, personal identifiers are removed or anonymized and stored event content is overwritten with an erasure marker. One narrow carve-out applies: integrity-protected audit ledger entries (which contain hashes and metadata, with content tombstoned) are retained where required for compliance with legal obligations under GDPR Article 17(3)(b). Each erasure produces a certificate enumerating what was removed.

7. PIPEDA compliance

As a Canadian company, AuxDynamics is subject to the Personal Information Protection and Electronic Documents Act (PIPEDA). We apply its ten fair information principles to our own processing, and the platform generates PIPEDA compliance reports for customers from their audit data. You may challenge our compliance by contacting us (Section 13) and, if unresolved, the Office of the Privacy Commissioner of Canada.

8. HIPAA considerations

Enterprise customers handling protected health information (PHI) can enter into a Business Associate Agreement (BAA) with AuxDynamics. Customers must not submit PHI to the Service on the Free or Pro plans or without a signed BAA. Under a BAA, PHI in event content is encrypted at rest, access-controlled, and subject to the immutable retention controls described above.

9. Data sharing

We share data only with the subprocessors needed to run the Service:

  • Microsoft Azure: cloud infrastructure, databases, storage, and identity.
  • Stripe: payment processing and subscription billing (PCI DSS compliant).

We do not sell data to third parties, ever. We may disclose data where required by law, and we will notify affected customers of legal demands unless legally prohibited.

10. International transfers

Production infrastructure runs in Microsoft Azure data centers. Enterprise customers can select data residency options, including Canadian and EU regions, as part of their order. Where personal data is transferred across borders, we rely on contractual safeguards with our subprocessors, including standard contractual clauses where applicable.

11. Cookies

The Service uses essential cookies only: session authentication and security cookies required for the platform to function. We do not run third-party advertising or tracking cookies. The cookie notice on this site is informational.

12. Changes to this policy

We will post any changes to this policy on this page with an updated effective date and version number, and we will notify account owners by email at least 30 days before material changes take effect.

13. Contact

For privacy requests (access, correction, erasure, or complaints), contact AuxDynamics Inc. at info@auxdynamics.com with the subject line "Privacy Request". Postal address available on request. We respond to verified privacy requests within 30 days.