Privacy Policy

Last updated: January 1, 2026

1. Overview

AI Malware Guardian ("we", "us", "our") operates the AI Malware Guardian desktop application and the website aimalwareguardian.com. This Privacy Policy explains what information we collect, why we collect it, and how we handle it.

Our product is designed with privacy as a core constraint: no file contents, no behavioral data, and no scan results ever leave your machine. All machine learning inference runs locally.

2. Information We Collect

2a. At Purchase

When you subscribe through Stripe, Stripe collects your name, email address, and payment information. We receive from Stripe only your email address and a Stripe subscription/customer ID. We do not store payment card details.

2b. At Activation & Subscription Verification

When you activate the application or when it checks your subscription status on startup, the following data is transmitted to our Cloudflare Worker API:

• Your email address
• Your activation token
• A machine identifier — a SHA-256 hash derived from hardware characteristics (not reversible to your hardware identity)

This information is used solely to verify that your subscription is active. We do not log or store individual verification requests beyond the subscription record itself.

2c. What We Do NOT Collect

• File contents or file paths from your machine
• Malware scan results or detection events
• Process names, behavior logs, or ETW event data
• Browsing history or network traffic
• Any telemetry or crash reports

3. How We Use Your Information

We use your email address and subscription record to:

• Deliver your activation token after purchase
• Verify your subscription status on application startup
• Contact you about subscription renewals, cancellations, or service announcements

We do not sell your information to third parties. We do not use your information for advertising.

4. Data Storage and Security

Subscription records (email + subscription ID + status) are stored in a Cloudflare D1 database hosted in Cloudflare's data centers. Data is encrypted at rest. Our Cloudflare Worker handles all API requests over HTTPS.

We retain your subscription record for the duration of your subscription and for up to 12 months after cancellation for accounting purposes, after which it is deleted.

5. Third-Party Services

We use the following third-party services:

• Stripe — payment processing. Stripe Privacy Policy.
• Cloudflare — infrastructure (Worker, D1, Pages). Cloudflare Privacy Policy.
• Resend — transactional email delivery. Resend Privacy Policy.

6. Your Rights

You may request deletion of your account data at any time by emailing privacy@aimalwareguardian.com. We will delete your subscription record within 30 days, subject to our accounting retention obligations.

If you are located in the European Economic Area, you have rights under GDPR including access, rectification, erasure, and portability. Contact us at the email above to exercise these rights.

7. Children

Our service is not directed to children under 13. We do not knowingly collect personal information from children.

8. Changes

We may update this policy. If we make material changes, we will update the "Last updated" date above. Your continued use of the application after changes constitutes acceptance.

9. Contact

Questions about this policy: privacy@aimalwareguardian.com