Privacy Policy

1. Introduction

This Privacy Policy explains how CS-Guardian (System, we, our, or us) collects, uses, stores, and protects personal information when you (“User”) access or use the System. By using the System, you consent to the practices described in this Policy. We are committed to safeguarding your data in compliance with the Personal Data Protection Act 2010 (PDPA) of Malaysia.

2. Information We Collect

• User Information: Name, email address, and Google account details collected through Google OAuth for authentication.
• Authentication Data: OAuth tokens (encrypted and temporary) used only to perform authorized scans of your Google Cloud Storage environment.
• System Data: Project IDs, bucket names, metadata, configurations, permissions, risk scores, sensitive keywords, and exposure states.
• My-Scans & History Data: Records of your previous scans (My-Scans) and, if you are a Project Owner, audit logs for your project (History).
• Email Notification Data: Your email is used to send transactional notifications such as scan completion summaries or security alerts.
• AI Assistance Data: If you use “Fix Bucket with AI,” your selected findings and context are processed to generate automated recommendations via Google Vertex AI.
• Optional Data (Ethical Mode): File metadata, sample files, or listings, if you explicitly enable this mode.
• Technical Data: IP address, browser type, login timestamps, and activity logs for auditing and security purposes.

3. How We Use Your Information

• Authenticate and sign you in securely through Google OAuth.
• Perform authorized storage bucket scans within your Google Cloud project.
• Generate and display risk reports, alerts, and AI-guided remediation steps.
• Maintain My-Scans and History records for reference and audit purposes.
• Send email notifications about completed scans or important updates.
• Enhance performance, reliability, and user experience.
• Comply with applicable laws and data protection requirements.

4. Data Sharing and Disclosure

We do not sell, rent, or trade your personal data. Your information may be shared only:

• With your consent, for features such as Ethical Mode or AI recommendations.
• With service providers that support hosting, email delivery, or security under confidentiality agreements.
• When required by law or court order within Malaysia.

5. Data Storage and Retention

Personal data and scan results are stored securely in our database and protected by encryption and access controls. We retain data only as long as necessary for scanning, reporting, or auditing. OAuth tokens expire automatically in line with Google’s security policies. You may revoke access or request data deletion by contacting us.

6. Your Rights (PDPA 2010)

• Request access to personal data we hold about you.
• Request correction of inaccurate or incomplete information.
• Withdraw consent and disconnect your Google account at any time.
• Request deletion of your data, subject to legal obligations.

7. Security Measures

We implement appropriate technical and organizational safeguards including HTTPS encryption, secure authentication, role-based access control, and activity monitoring. However, no system is entirely secure, and we cannot guarantee absolute protection against unauthorized access or disclosure.

8. Third-Party Services

The System integrates with Google OAuth and Google Cloud Platform APIs for authentication and scanning. We also use Google Vertex AI to provide “Fix Bucket with AI” recommendations. Your use of these services is subject to Google’s Privacy Policy.

8A. Security and Compliance Alignment

CS-Guardian has been officially verified by Google, and our system aligns with globally recognized cybersecurity and privacy standards. Our operational and technical controls follow established industry frameworks to ensure the safety, integrity, and responsible handling of all user data.

• Google API Services User Data Policy (Verified) — CS-Guardian has passed Google’s verification requirements. OAuth data is handled with strict Limited-Use compliance and is never sold or shared.
• Personal Data Protection Act 2010 (PDPA) — We process personal data in accordance with Malaysian privacy laws.
• ISO/IEC 27001 & 27002 (Best-Practice Alignment) — Our security controls follow internationally recognized standards for access control, encryption, and incident management.
• NIST Cybersecurity Framework (CSF) — CS-Guardian aligns with the Identify–Protect–Detect–Respond–Recover lifecycle to ensure continuous protection.
• OWASP Application Security Practices — We implement secure development and testing techniques to minimize vulnerabilities and harden the system.

Our security posture includes encryption in transit and at rest, role-based least-privilege access, continuous monitoring, audit logging, vulnerability management, and an internal incident response workflow. As CS-Guardian grows, we will expand our compliance scope with additional certifications and assessments.

9. Changes to this Policy

We may update this Policy from time to time. Updates will be reflected with a new “Effective Date” at the top of this page.

10. Contact Us

CS-Guardian Team
📧 Email: support@csguardian.com

See also our Terms & Conditions.