Privacy Policy

Last updated: March 2026

1. Data Controller

The data controller for personal data collected on this website is:

GWARD Security
Registered office: Belgium
Email: privacy@gward.cloud
Website: gward.cloud

2. Data We Collect

In operating our website and services, we may collect the following categories of data:

2.1 Data You Provide Voluntarily

• Contact form: first name, last name, professional email address, company name, message.
• Demo request: first name, last name, professional email, company name, job title, number of employees.
• Newsletter: email address (if you subscribe to our newsletter).

2.2 Data Collected Automatically

• Analytics: anonymous browsing data collected via Plausible Analytics — a European, open-source tool that does not set any cookies and does not collect any personally identifiable data. No consent is required for this tool in accordance with the recommendations of the CNIL and the FDPIC.
• Server logs: IP address (anonymized), browser type, pages visited, date and time of visit. This data is automatically deleted after 30 days.

2.3 Data We Do Not Collect

We do not collect any third-party cookies, tracking pixels, browser fingerprints, or advertising identifiers. We do not use Google Analytics, Facebook Pixel, or any other invasive tracking tool.

3. Purpose of Processing

Your data is used exclusively for the following purposes:

• Responding to inquiries submitted through the contact form.
• Organizing and scheduling demonstrations of our platform.
• Sending you marketing communications (only if you have given your consent).
• Improving the website and user experience through anonymous statistics.
• Ensuring the security and proper functioning of the website.
• Complying with our legal and regulatory obligations.

We never sell, rent, or share your personal data with third parties for commercial purposes.

4. Legal Basis for Processing

In accordance with the GDPR (Art. 6) and the Belgian Federal Act on Data Protection (FADP/nLPD), the processing of your data is based on:

• Your consent (Art. 6(1)(a) GDPR) — when you submit a contact form or subscribe to the newsletter. You may withdraw your consent at any time.
• Performance of pre-contractual measures (Art. 6(1)(b) GDPR) — when you request a demonstration or a quote.
• Our legitimate interest (Art. 6(1)(f) GDPR) — for improving our services, ensuring website security, and preventing abuse.
• Our legal obligations (Art. 6(1)(c) GDPR) — where the law requires us to retain certain data.

5. Data Recipients

Your data may be disclosed to the following categories of recipients:

• Our internal team: only authorized personnel (sales team, technical support).
• Technical subprocessors: hosting provider (European infrastructure), email delivery service (Formspree for contact forms). These subprocessors are bound by strict contractual obligations regarding confidentiality and security.

No data is transferred to countries outside the European Economic Area (EEA) or Belgium.

6. Data Retention

• Contact form: 12 months from the last interaction, then automatically deleted.
• Demo request: 24 months from the date of the request, unless a commercial relationship has been established.
• Newsletter: until you unsubscribe.
• Server logs: 30 days.
• Analytics (Plausible): aggregated and anonymous data, retained indefinitely (no personal data).

7. Your Rights

In accordance with the General Data Protection Regulation (GDPR) and the Belgian Federal Act on Data Protection (FADP/nLPD), you have the following rights:

• Right of access (Art. 15 GDPR / Art. 25 nLPD) — obtain a copy of your personal data.
• Right to rectification (Art. 16 GDPR / Art. 32 nLPD) — correct inaccurate or incomplete data.
• Right to erasure (Art. 17 GDPR) — request the deletion of your data.
• Right to restriction (Art. 18 GDPR) — restrict processing under certain circumstances.
• Right to data portability (Art. 20 GDPR / Art. 28 nLPD) — receive your data in a structured, machine-readable format.
• Right to object (Art. 21 GDPR) — object to processing based on legitimate interest.
• Right to withdraw consent — at any time, without affecting the lawfulness of processing carried out prior to withdrawal.

To exercise these rights, send your request to privacy@gward.cloud. We undertake to respond within 30 days.

You also have the right to lodge a complaint with a competent supervisory authority:

• Belgium: Data Protection Authority (APD/GBA)
• France: Commission Nationale de l'Informatique et des Libertes (CNIL)
• EU: the data protection authority in your country of residence

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, modification, disclosure, or destruction. These measures include:

• TLS/SSL encryption for all communications.
• Encryption of data at rest (AES-256).
• Strict access controls based on the principle of least privilege.
• Continuous monitoring of our infrastructure via our own GWARD platform.
• Regular security audits.

9. Hosting

Our entire infrastructure is hosted exclusively in Europe:

• Application servers: Belgium and France.
• Backups: ISO 27001-certified European data centers.

No data passes through servers located outside of Europe. This architecture ensures compliance with the GDPR and the Belgian FADP.

10. Cookies

This website does not use any cookies. Our analytics tool (Plausible) operates without cookies and does not require any consent banner. No third-party cookies, session cookies, or tracking cookies are placed on your device.

11. Changes

We reserve the right to modify this privacy policy at any time. The last update date is shown at the top of this page. In the event of a material change, we will notify affected users by email.

12. Contact

For any questions regarding the protection of your personal data:

GWARD Security — Data Protection
Email: privacy@gward.cloud
Subject: please include "Data Protection" in the subject line of your message.