Privacy Policy
Effective 2026-04-28. This is the plain-English version. We will never replace it with something legalese and worse.
The short version
PureGuard is built on the principle that we should know as little about you as possible. Detection runs entirely on your device. URLs of pages you visit are never sent to us. Content of images or videos is never sent to us. The only thing we keep on our servers is what we strictly need to bill you (or not bill you), email you when your platform launches, and tell your accountability partner that something happened — never what.
What we collect
- Email address. So we can send you product updates, payment receipts, and notify you when an app for your platform is ready.
- Plan status. Whether you’re a paid subscriber, on the free tier, in a grace period, or canceled.
- Stripe customer + subscription ID. Required to handle billing.
- Device install tokens. So we can deliver model updates to your installed apps. Random tokens, not tied to your hardware identity.
- Alert summaries (when you opt into accountability mode). Counts and surface families only. Example:
{"surface":"instagram_reels","kind":"block","ts":"..."}. We do not store URLs, screenshots, or content. - Standard server logs. IP addresses for rate-limiting purposes, kept for 7 days, then deleted.
What we do not collect
- The URLs of pages you visit.
- Screenshots, video frames, or any image content from your device.
- Your browsing history.
- The content of social media posts that triggered a block.
- Free-text descriptions of why you signed up, what you struggle with, or anything you might say to an accountability partner. We do not have a place to store that, by design.
What your accountability partner sees
If you opt into Partner Mode, your designated partner sees aggregate count alerts: “PureGuard flagged content on Reels 3 times today.” They do not see which posts, which accounts, or anything resembling content. This is enforced both by what we send and by the data we never collect in the first place.
Who we share data with
- Stripe — for processing payments. Stripe handles your card directly; we never see card numbers.
- Supabase — our database provider, where the small amount of data described above is stored.
- Vercel — our hosting provider.
- Cloudflare — our CDN and DNS provider.
- That’s the entire list. We do not sell, share, or trade your data with any other party. We do not run advertising. We do not have an analytics tracker.
Where data is stored
United States. All vendors above are US-based or US-region. PureGuard is operated as a ministry project of the Prodigal Sons Project, a US 501(c)(3) nonprofit organization.
How long we keep data
- Server logs: 7 days.
- Alert summaries: 90 days for active users, then aggregated counts only.
- Account data: until you ask us to delete it, plus 7 years for any payment records (US tax-record retention requirement for the 501(c)(3)).
Your rights
You can email letsgo@pureguard.ai at any time and:
- See all the data we have on you (we’ll send a JSON export).
- Delete your account and all associated data (we’ll keep payment records for tax purposes; everything else is removed within 7 days).
- Correct anything that’s wrong.
Children
PureGuard is not intended for users under 13 and we do not knowingly collect data from children. If you’re a parent who installed PureGuard on a child’s device, the account is yours and the data above applies to you, not the child.
Security
We use industry-standard encryption in transit (HTTPS, HSTS preload) and at rest. We rate-limit our APIs. Sensitive credentials are stored in encrypted environment variables and never in source code. We never collect URLs, screenshots, or content of any kind from your devices.
Changes
If we ever change this policy in a way that affects what data we collect or who we share with, we’ll email every active account at least 30 days before the change takes effect. We will not slip in the kind of policy change that turns a private product into an ad-targeting one.
Contact
Email letsgo@pureguard.ai. A real person reads every email.