Transparency
Plain-language disclosure of how the product operates, what we subcontract, and known limitations buyers should diligence. Pair with the Trust Center for contracts and formal policies.
What we process
AI-Guardian is designed so prompt text and sensitive content stay on the client. We store aggregated telemetry (counts, categories, severities) and operational metadata needed to run accounts, billing, and security features — not full prompts.
Subprocessors
Enterprise customers should map these to their own vendor register. Exact entity names and regions belong in your signed DPA schedule; this table is a product-facing summary.
| Function | Category | Notes |
|---|---|---|
| Application data & auth | Database / backend | Hosted Postgres and Edge Functions (Supabase). Stores profiles, aggregates, audit metadata — not raw prompts. |
| Transactional email | Messaging | Security notifications (e.g. new device linked) via Resend when configured. Operational emails only. |
| Large language providers | Optional / user-directed | Where users interact with third-party AI surfaces (ChatGPT, Claude, etc.), those vendors act as independent controllers or subprocessors of the end user's employer — not as AI-Guardian subprocessors for prompt content we never receive. Diligence teams should still track commercial LLM terms for shadow-AI risk. |
Security events & audit
High-signal user actions such as revoking a device are written to an append-only immutable audit stream in the database (updates and deletes are blocked at the DB layer). Broader product audit exports for Enterprise are described on the Audit Log feature page.
Known gaps we disclose
- Browser extension updates depend on the browser vendor's signed package pipeline; compromise of that chain is an industry-wide risk we mitigate with publishing controls and hashes in release notes — not eliminated.
- LLM vendor footprint varies by customer stack; AI-Guardian reduces accidental disclosure but cannot remove third-party model terms from the customer's compliance scope.
- Centralised audit storage ultimately lives in our cloud tenant; customers needing WORM/immutable external archives should use export + SIEM retention per Enterprise agreement.