Privacy Policy

MastGuard is a product of AuxDynamics Inc. (“AuxDynamics,” “we,” “our,” or “us”), a company headquartered in Calgary, Alberta, Canada. We provide a governance, security, and compliance platform for AI agents (the “Service”).

For the personal information described in this policy, AuxDynamics acts as the data controller. For the agent event data, audit records, and scan results that our business customers send to the Service, the customer is the controller and AuxDynamics is the processor. We handle that data on the customer's behalf and under their instructions.

This policy explains what we collect, why, how long we keep it, and the rights you have. It applies to our website, the Service, our SDKs, and our APIs.

Account data. Your name, email address, organization name, and billing details when you create an account or subscribe.

Usage data. Agent event logs, audit records, and scan results that your organization sends to the Service. This data is scoped to your organization and isolated from other customers.

Technical data. IP address, user agent, session tokens, and API key hashes. We store hashes of API keys, never the plaintext keys.

Payment data. Payments are processed by Stripe. AuxDynamics does not store card numbers.

We use data only for clear, stated purposes:

• To operate, secure, and improve the platform.
• To generate compliance reports on behalf of customers.
• To send transactional emails, such as billing alerts and Human-in-the-Loop notifications.
• To respond to support requests and meet our legal obligations.

We do not sell customer data. We do not use customer agent event data to train AI models.

Audit log retention depends on your plan:

• Free plan: 7 days.
• Pro plan: 90 days.
• Enterprise plan: up to 7 years.

Account data is retained for the life of the account, plus 30 days after the account is deleted. After that, we delete it or irreversibly anonymize it. Billing records are kept as long as Canadian tax law requires.

We rely on a small number of vendors, each bound by contract to protect your information:

• Microsoft Azure for hosting, storage, and databases. Customer data is stored in Azure Canada or Azure US East regions.
• Stripe for payment processing.
• Microsoft Entra ID for authentication.

Where the GDPR applies, we process personal data on one of these legal bases: performance of a contract, your consent, or our legitimate interest in operating and securing the Service.

You have the right to access, rectify, erase, port, restrict, or object to the processing of your personal data. To exercise any of these rights, email info@auxdynamics.com. A Data Processing Agreement is available on request at the same address.

As a Canadian company, AuxDynamics is subject to the Personal Information Protection and Electronic Documents Act (PIPEDA). We obtain meaningful consent for the collection, use, and disclosure of personal information, and we limit collection to what we need.

The anonymized threat intelligence data described in our Terms is processed in line with PIPEDA. It contains no organization, session, agent, or user identifiers.

Enterprise plan customers can request a Business Associate Agreement (BAA) by emailing info@auxdynamics.com. The Enterprise HIPAA tier is designed for healthcare workloads that involve protected health information (PHI).

Healthcare customers should not store PHI on the Free or Pro tier without a signed BAA in place.

Our safeguards include:

• Encryption of data in transit (TLS 1.2 or higher) and at rest.
• Secrets stored in Azure Key Vault, never in code or configuration repositories.
• An OWASP-hardened API. Our most recent internal OWASP audit scored 9.6 out of 10, and an OWASP ZAP dynamic scan returned zero high-severity findings.
• Tamper-proof, append-only audit logs.

No system is perfectly secure. If a breach ever creates a real risk of significant harm, we will notify affected customers and the relevant regulator in line with the law.

Our website uses session cookies for authentication only. We do not use advertising cookies or third-party tracking pixels.

To ask a question, exercise a right, or request our Data Processing Agreement, email info@auxdynamics.com. We respond within 30 business days.

AuxDynamics Inc.
Calgary, Alberta, Canada
info@auxdynamics.com

We update this policy when the law changes or when we change how we handle information. The effective date at the top of this page always reflects the current version. For material changes, we notify account owners by email.