PRIVACY POLICY

Last updated: November 25, 2025

This Privacy Policy describes how Guardian of Compliance ("we," "our," or "us") collects, uses, and shares your personal information when you visit or use our website https://www.guardianofcompliance.com/ (the "Service").

This policy is designed to comply with GDPR, CCPA, PIPEDA, and LGPD regulations and applies to all users regardless of location.

DATA CONTROLLER INFORMATION

The data controller responsible for processing your personal data is:

Guardian of Compliance Email: contact@guardianofcompliance.com

We act as the data controller for all personal information collected through our website and services. This means we determine the purposes and means of processing your personal data.

1. INFORMATION WE COLLECT

We collect information you provide directly to us, such as:

• Personal identification information (name, date of birth, etc.)
• Contact information (email address, phone number, address)
• Payment and billing information
• Location data
• Usage and behavioral data

We automatically collect certain information when you visit our Service:

• Technical information (IP address, browser type, device information)
• Log data (access times, pages viewed, referring URLs)
• Cookies and similar tracking technologies

LGPD PERSONAL DATA CATEGORIES:

Under Brazilian law, we may process the following categories of personal data:

• Basic personal data (name, email, phone)
• Publicly available data
• Anonymous data (aggregated and de-identified)

2. PURPOSE OF DATA COLLECTION

We collect and process your personal data for specific, explicit, and legitimate purposes only:

ESSENTIAL SERVICE PURPOSES:

• Account Creation and Management: To create, maintain, and secure your user account
• Service Delivery: To provide the core functionality of our software as a service solutions
• Transaction Processing: To process payments and fulfill orders
• Communication: To respond to your inquiries and provide customer support
• Security: To protect against fraud, abuse, and unauthorized access
• Legal Compliance: To meet our legal and regulatory obligations

OPTIONAL SERVICE PURPOSES:

• Analytics and Improvement: To understand how users interact with our Service and improve user experience (requires consent)
• Marketing Communications: To send newsletters, promotional content, and service updates (requires consent)
• Personalization: To customize your experience and provide tailored content (requires consent)
• Third-Party Integration: To enable features provided by our service partners (requires consent)

RESEARCH AND DEVELOPMENT:

• Product Development: To develop new features and services (using anonymized or aggregated data)
• Quality Assurance: To test and improve Service performance
• Statistical Analysis: To generate insights for business intelligence

PIPEDA PURPOSE SPECIFICATION:

Under Canadian law, we identify the purposes for which personal information is collected at or before the time of collection. We:

• Clearly communicate why we need your information
• Only use your information for the stated purposes
• Obtain new consent if we need to use your information for a different purpose
• Limit collection to what is necessary for identified purposes

LGPD PURPOSE SPECIFICATION:

Under Brazilian law, we process personal data for legitimate, specific, explicit, and informed purposes. We:

• Clearly inform you of processing purposes at the time of collection
• Do not process data in a manner incompatible with the original purposes
• Obtain explicit consent when processing is based on consent
• Limit processing to what is necessary for the stated purposes

3. LEGAL BASIS FOR PROCESSING YOUR DATA

We process your personal data only when we have a valid legal basis to do so:

GDPR/UK GDPR LEGAL BASES:

We rely on the following legal bases under European data protection law:

• Consent: You have given clear, informed consent for us to process your personal data for specific purposes
• - Marketing communications
• - Analytics and performance tracking
• - N/A
• - Account personalization

• Contract Performance: Processing is necessary for the performance of a contract with you
• - Service delivery and functionality
• - Payment processing and billing
• - Account management

• Legal Obligation: Processing is necessary to comply with legal requirements
• - Tax and accounting obligations
• - Fraud prevention and detection
• - Regulatory reporting
• - Law enforcement requests

• Legitimate Interests: Processing is necessary for our legitimate interests (balanced against your rights)
• - Security and fraud prevention
• - Service improvement and optimization
• - Internal administration
• - Direct marketing to existing customers (with opt-out)

• Vital Interests: Processing is necessary to protect someone's life (rare circumstances)

• Public Task: Processing is necessary for tasks carried out in the public interest

CCPA BUSINESS PURPOSES:

We collect and use personal information for the following business purposes under California law:

• Performing Services: Providing, maintaining, and improving our Service
• Security and Integrity: Detecting security incidents and protecting against malicious or illegal activity
• Debugging: Identifying and repairing errors in our systems
• Transient Use: Short-term use where data is not disclosed to third parties
• Internal Research: Conducting internal research for technological development
• Quality Control: Verifying and maintaining quality or safety of our Service
• Customer Interactions: Processing customer requests and providing support

We do not sell your personal information.

PIPEDA PURPOSES AND LEGAL BASES:

Under Canadian law, we collect, use, and disclose personal information for identified purposes:

• With Your Consent:
• - Marketing communications and newsletters
• - Analytics and usage tracking
• - Account personalization and preferences
• - Non-essential data collection and processing

• For Contractual Necessity:
• - Service delivery and fulfillment
• - Payment processing and billing
• - Customer service and support

• For Legal Requirements:
• - Compliance with Canadian laws and regulations
• - Tax and accounting obligations
• - Law enforcement cooperation when required

• For Legitimate Business Purposes:
• - Security, fraud prevention, and risk management
• - Business operations and administration
• - Service improvement and quality assurance

Your consent is meaningful, informed, and you can withdraw it at any time (see Section 4 below).

LGPD LEGAL BASES (Base Legal):

Under Brazilian data protection law (LGPD), we process personal data based on the following legal bases:

• Consent (Consentimento):
• - You have provided free, informed, and unambiguous consent
• - Email marketing and promotional communications
• - Analytics and behavioral tracking
• - N/A
• - N/A

• Execution of Contract (Execução de contrato):
• - Processing is necessary for contract performance
• - Service delivery and functionality
• - Payment processing

• Legal/Regulatory Obligation (Cumprimento de obrigação legal):
• - Compliance with Brazilian laws and regulations
• - Tax and accounting requirements
• - Regulatory reporting

• Legitimate Interest (Legítimo interesse):
• - Security and fraud prevention
• - Service optimization and improvement
• - Internal administrative purposes
• - Support and customer service

• Protection of Life (Proteção da vida):
• - Emergency situations requiring immediate action

• Health Protection (Tutela da saúde):
• - Not applicable

• Credit Protection (Proteção ao crédito):
• - Credit assessment and risk management

For processing based on consent, you have the right to withdraw consent at any time (see Section 4 below). Withdrawal does not affect the lawfulness of processing before withdrawal.

4. CONSENT WITHDRAWAL AND DATA CONTROL

You have the right to withdraw your consent and control your personal data:

WITHDRAWING CONSENT:

You can withdraw your consent at any time for data processing that is based on consent. To withdraw consent:

1. Email Us: Send a request to contact@guardianofcompliance.com with the subject line "Withdraw Consent" 2. Account Settings: Log into your account and adjust your privacy preferences 3. Unsubscribe Links: Click the unsubscribe link in any marketing email 4. Cookie Settings: Adjust your cookie preferences through our cookie banner or browser settings

IMPORTANT: Withdrawing consent does not affect:

• The lawfulness of processing before withdrawal
• Processing based on other legal bases (contract, legal obligation, legitimate interest)
• Our ability to provide services that require the data you're withdrawing consent for

Response Time: We will process your withdrawal request within:

• 1 month (GDPR) - may be extended by 2 months for complex requests
• 45 days (CCPA) - may be extended by 45 days with notice
• 30 days (PIPEDA) - as soon as reasonably possible
• 15 days (LGPD) - immediate processing where feasible

CONSEQUENCES OF WITHDRAWAL:

Withdrawing consent may result in:

• Inability to provide certain services or features
• No longer receiving marketing communications
• Limited account functionality or account closure
• Less personalized user experience
• Deletion of data associated with withdrawn consent (upon request)

We will inform you of any consequences before processing your withdrawal.

MANAGING YOUR PRIVACY PREFERENCES:

• Cookie Preferences: Adjust cookie settings through our cookie banner
• Account Privacy Settings: Control visibility and data sharing preferences
• Email Preferences: Choose which types of emails you receive
• Browser Settings: Configure Do Not Track and privacy settings in your browser
• Opt-Out Tools: Use industry opt-out tools for advertising preferences

PIPEDA WITHDRAWAL RIGHTS:

Under Canadian law, you have the right to withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. We will:

• Inform you of the implications of withdrawal
• Process your withdrawal without delay
• Stop using your information for the purposes you've withdrawn consent for
• Maintain records of your withdrawal for accountability purposes

LGPD WITHDRAWAL RIGHTS (Revogação do Consentimento):

Under Brazilian law (LGPD Article 8, §5), you have the right to revoke consent at any time by means of express statement, free of charge and facilitated. Withdrawal:

• Must be as easy as giving consent
• Takes effect immediately
• Does not affect processing that occurred before withdrawal
• Can be done through the same channel consent was obtained
• Does not require justification

After withdrawal, we will stop processing your data for the purposes related to the withdrawn consent, unless we have another legal basis for continued processing.

GDPR WITHDRAWAL RIGHTS:

Under GDPR Article 7(3), you have the right to withdraw consent at any time. The withdrawal of consent:

• Does not affect the lawfulness of processing based on consent before its withdrawal
• Must be as easy to withdraw as to give
• Will be processed without undue delay
• Will be clearly communicated regarding its implications

We will stop processing your data for the purposes related to the withdrawn consent, unless we have another lawful basis for the processing.

NO PENALTY FOR WITHDRAWAL:

We will not discriminate against you for withdrawing consent. You will not:

• Be denied services (unless consent is essential for those specific services)
• Be charged different prices
• Receive different quality of service
• Be penalized in any way for exercising your withdrawal rights

DOCUMENTATION:

We maintain records of:

• Your original consent
• The scope and purpose of consent
• Consent withdrawal requests and dates
• Communication regarding consent withdrawal
• Implementation of withdrawal requests

For questions about withdrawing consent or managing your data, contact our privacy team at contact@guardianofcompliance.com.

5. HOW WE USE YOUR INFORMATION

We use the information we collect to:

• Provide, maintain, and improve our Service
• Process transactions and send related information
• Send newsletters and marketing communications (with consent)
• Create and manage user accounts
• Analyze usage patterns and improve user experience
• Comply with legal obligations
• Protect against fraud and abuse

CCPA DISCLOSURES: Within the last 12 months, we have collected and used personal information for the business purposes described above. We do not sell personal information.

LGPD PROCESSING NOTICE: All processing activities are conducted in accordance with the principles of good faith, purpose limitation, adequacy, necessity, transparency, security, prevention, non-discrimination, and accountability as required by LGPD.

6. INFORMATION SHARING AND DISCLOSURE

We may share your personal information with:

• Service providers who assist in our operations
• Google Analytics for website analytics
• Law enforcement or regulatory authorities when required by law
• Business transferees in case of merger, acquisition, or asset sale

CCPA DISCLOSURE STATEMENT: We do not sell personal information for monetary consideration. We may share personal information for business purposes with service providers under contractual restrictions.

7. DATA RETENTION

We retain your personal information for 2 years or as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law.

LGPD RETENTION PRINCIPLES:

• Data is retained only for the minimum period necessary for the specified purposes
• Retention periods consider legal, regulatory, and business requirements
• Data is securely deleted or anonymized when no longer needed

8. YOUR PRIVACY RIGHTS

GDPR/UK GDPR RIGHTS (EU/UK Residents):

• Right to access your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent
• Right to lodge a complaint with a supervisory authority
• Right not to be subject to automated decision-making

CCPA RIGHTS (California Residents):

• Right to know what personal information is collected, used, shared, or sold
• Right to delete personal information
• Right to opt-out of the sale or sharing of personal information
• Right to non-discrimination for exercising privacy rights
• Right to correct inaccurate personal information
• Right to limit use and disclosure of sensitive personal information

PIPEDA RIGHTS (Canadian Residents):

• Right to access personal information we hold about you
• Right to challenge accuracy and completeness of information
• Right to know how your information is being used and disclosed
• Right to withdraw consent (where consent is the legal basis)
• Right to file complaints with the Privacy Commissioner of Canada
• Right to request correction of inaccurate information

LGPD RIGHTS (Brazilian Residents):

• Right to confirmation of processing and access to personal data
• Right to correction of incomplete, inaccurate, or outdated data
• Right to anonymization, blocking, or elimination of unnecessary data
• Right to data portability to another service provider
• Right to information about public and private entities with which we share data
• Right to information about the possibility of denying consent
• Right to revoke consent
• Right to lodge a complaint with ANPD (Brazilian Data Protection Authority)

To exercise these rights, contact us at contact@guardianofcompliance.com. We will respond to your request within the timeframes required by applicable law.

9. AUTOMATED DECISION-MAKING AND PROFILING

We may use automated decision-making processes, including profiling. You have the right to object to automated decision-making and request human review of any automated decisions that significantly affect you.

Under LGPD, we inform you about any automated decision-making processes and provide information about the criteria and procedures used.

10. COOKIES AND TRACKING TECHNOLOGIES

We use cookies and similar tracking technologies to collect and use personal information about you. For more information about our use of cookies, please see our Cookie Policy.

Cookie Consent: We obtain your consent before placing non-essential cookies on your device. You can manage your cookie preferences through our cookie banner or browser settings.

11. DATA SECURITY

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of sensitive data in transit and at rest
• Access controls and authentication systems
• Regular security assessments and updates
• Employee training on data protection
• Incident response procedures

LGPD SECURITY REQUIREMENTS:

We implement security measures proportional to the nature of the data processed, considering technical and economic feasibility.

However, no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

12. DATA BREACH NOTIFICATION

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay, and in any case within 72 hours of becoming aware of the breach.

We will notify the Brazilian Data Protection Authority (ANPD) of data breaches that may cause relevant damage or risk to data subjects.

We will notify affected individuals and relevant authorities of any privacy breaches that create a real risk of significant harm.

12.5. DATA CONTROLLER AND LEGAL BASIS

Guardian of Compliance is the data controller responsible for processing your personal data collected through this website. We determine how and why your personal data is processed in accordance with applicable data protection laws.

DATA PROTECTION CONTACT:

Data Protection Officer (DPO): contact@guardianofcompliance.com Privacy Officer: contact@guardianofcompliance.com Encarregado de Dados (Data Protection Officer): contact@guardianofcompliance.com Email: contact@guardianofcompliance.com

For privacy-related inquiries, contact us about privacy at privacy@guardianofcompliance.com

CALIFORNIA CONSUMER PRIVACY ACT (CCPA) RIGHTS:

As a California resident, you have the right to know what personal information we collect, use, and share. You also have the right to delete your information and access your information at any time.

YOUR CCPA RIGHTS INCLUDE:

- Right to Know: You have the right to know what personal information is collected about you, how it is used, and with whom it is shared - Access Your Information: Request access to the specific pieces of personal information we have collected about you - Right to Delete: Request deletion of your personal information from our systems - Delete Your Information: You have the right to request that we delete your information permanently - Right to Opt-Out: Opt-out of the sale or sharing of your personal information - Right to Non-Discrimination: Exercise your privacy rights without receiving discriminatory treatment

To exercise these rights, contact us at contact@guardianofcompliance.com or visit our Do Not Sell My Personal Information page.

We will respond to verified requests within 45 days.

LEGAL BASIS FOR PROCESSING (LGPD):

Under Brazilian law, we process your personal data based on the following legal grounds:

- Consent (Consentimento) - When you explicitly agree to data processing - Legitimate Interest (Interesse Legítimo) - To improve our services and user experience - Legal Obligation (Obrigação Legal) - To comply with applicable laws and regulations - Contract Performance (Execução de Contrato) - To provide the services you requested - Protection of Life or Physical Safety - When necessary to protect vital interests - Health Protection - For health-related procedures

BASE LEGAL PARA O TRATAMENTO: Processamos seus dados pessoais com base em consentimento, interesse legítimo, obrigação legal e execução de contrato.

YOUR DATA RIGHTS (LGPD):

Under Brazilian law, you have the following rights:

- Right to Access (Direito de Acesso) - Request a copy of your personal data - Right to Rectification (Direito à Retificação) - Correct inaccurate or incomplete data - Right to Delete (Direito à Eliminação) - Request deletion of your data - Delete Your Information - You can request permanent deletion - Right to Portability (Direito à Portabilidade) - Receive your data in structured format - Right to Object (Direito de Oposição) - Object to certain processing activities - Right to Withdraw Consent (Direito de Revogar o Consentimento) - Withdraw consent at any time - Right to Information (Direito à Informação) - Know who we share your data with - Access Your Information - View what personal data we have about you

SEUS DIREITOS: Você tem direito de acesso, retificação, eliminação, portabilidade e revogação do consentimento. Entre em contato conosco para exercer esses direitos.

DATA SHARING / COMPARTILHAMENTO DE DADOS:

We may share your personal data with:

- Service Providers and Third Parties (Prestadores de Serviços e Terceiros) - Companies that help us operate our website and provide services - Third Party Partners (Terceiros) - For analytics and service improvement - Analytics Partners (Parceiros de Análise) - To understand how users interact with our site - Legal Authorities (Autoridades Legais) - When required by law or to protect our rights - Business Partners (Parceiros Comerciais) - Under strict contractual obligations

We do not sell your personal data to third parties.

COMPARTILHAMENTO: Compartilhamos dados com prestadores de serviços, parceiros de análise e terceiros apenas quando necessário para melhorar nossos serviços. Não vendemos seus dados pessoais.

MEANINGFUL CONSENT (PIPEDA):

We use cookies and similar technologies for the purpose of improving our services and analyzing our traffic to enhance your user experience.

You can manage your cookie preferences through your browser settings or our cookie management tool. You have the right to withdraw your consent at any time by contacting us at contact@guardianofcompliance.com.

We will only use your personal information for the purposes we have disclosed to you. If we need to use your information for a different purpose, we will obtain your consent first.

PRIVACY OFFICER: For privacy-related matters, you can contact us about privacy at our Privacy Officer: contact@guardianofcompliance.com Email: privacy@guardianofcompliance.com

13. CHILDREN'S PRIVACY

Our Service is not intended for children under 13. We do not knowingly collect personal information from children under 13.

If we learn that we have collected personal information from a child under 13 without parental consent, we will take steps to delete such information as quickly as possible.

14. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

For significant changes that materially affect your rights, we will provide prominent notice and, where required by law, obtain your consent.

We encourage you to review this Privacy Policy periodically for any changes.

15. CONTACT US

If you have any questions about this Privacy Policy or our privacy practices, please contact us at:

Guardian of Compliance Email: contact@guardianofcompliance.com

Data Protection Officer: contact@guardianofcompliance.com

Data Protection Officer (DPO): contact@guardianofcompliance.com

Privacy Officer: contact@guardianofcompliance.com

SUPERVISORY AUTHORITY (GDPR/UK GDPR):

If you are located in the EU/UK and believe we have not addressed your concerns, you have the right to lodge a complaint with your local supervisory authority.

BRAZILIAN DATA PROTECTION AUTHORITY:

Autoridade Nacional de Proteção de Dados (ANPD) Website: https://www.gov.br/anpd

PRIVACY COMMISSIONER OF CANADA:

Office of the Privacy Commissioner of Canada Website: https://www.priv.gc.ca

This Privacy Policy was generated to comply with applicable privacy regulations and should be reviewed by legal counsel to ensure complete compliance with your specific circumstances.

Last Updated: November 25, 2025