Legal

Privacy
Policy

How RuntimeGuard collects, uses and protects your data. We are committed to transparency about our data practices.

Last updated: 20 March 2026  ·  Version 1.0

This Privacy Policy applies to runtimeguard.io and all services operated under the RuntimeGuard brand by Wizzler. By using our website or services, you agree to the practices described here.

1. Data Controller

The data controller responsible for your personal data is:

Wizzler
The Netherlands
Contact: runtimeguard.io/contact

When we refer to "RuntimeGuard", "we", "us" or "our" in this policy, we mean Wizzler as the operator of the RuntimeGuard service.

2. Data We Collect

Account and registration data

When you register for early access or create an account, we collect:

  • Your email address
  • Your name (first and last)
  • Your company name (optional)
  • A hashed API key associated with your account
  • Registration timestamp and email verification status
  • Trial expiry date

Usage and service data

When you use the RuntimeGuard API or dashboard, we collect:

  • API request logs (timestamp, endpoint, response code) — retained for operational purposes
  • Dashboard access logs
  • Notification preferences (e.g. Slack webhook URL)

Website data

When you visit runtimeguard.io, standard web server logs are recorded including IP address, browser user-agent, referring URL and page viewed. We do not use third-party analytics.

Contact and support data

If you contact us via the contact form, we collect your name, email address and message content.

3. Agent Telemetry Data

Important: RuntimeGuard telemetry data (events sent from your Linux hosts to our API) is processed and stored entirely within your tenant's data partition. We do not access, analyse or use your telemetry for any purpose other than providing the service to you.

The RuntimeGuard agent collects the following runtime events from Linux hosts you explicitly enrol:

  • Process events — process name, PID, parent PID, executable path, timestamp
  • File events — file path, operation type (write, rename, delete), timestamp
  • Host identifier — a hostname or identifier you configure on each host
Data typePurposeStorageRetention
Process & file eventsRansomware detectionClickHouse (time-series)30 days
IncidentsAlerting & auditPostgreSQL90 days
Host registryDashboard displayPostgreSQLDuration of account

You are responsible for ensuring you have the appropriate authorisation to deploy the RuntimeGuard agent on the hosts you enrol. Do not enrol hosts containing data of individuals without a lawful basis to do so.

4. How We Use Your Data

We use the data we collect for the following purposes:

  • Service delivery — to operate the RuntimeGuard API, process telemetry, generate incidents and send alerts
  • Account management — to authenticate you, manage your trial, and send transactional emails (verification, API key recovery)
  • Communication — to respond to support requests and, if you opt in, to send product updates
  • Security & fraud prevention — to detect abuse, protect our infrastructure and enforce our Terms of Service
  • Legal compliance — to meet our obligations under applicable law

We do not sell your personal data. We do not use your data for advertising. We do not use your telemetry data to train machine learning models without your explicit consent.

The legal basis for processing under GDPR is:

  • Contract performance (Art. 6(1)(b)) — account data and service delivery
  • Legitimate interest (Art. 6(1)(f)) — security, fraud prevention, operational logs
  • Legal obligation (Art. 6(1)(c)) — where required by law
  • Consent (Art. 6(1)(a)) — marketing communications (you may withdraw at any time)

5. Data Retention

We retain your data for as long as your account is active or as needed to provide the service. Specific retention periods:

  • Account and registration data — retained for the duration of your account, deleted within 30 days of account closure
  • Telemetry events — 30 days rolling window
  • Incidents — 90 days
  • API request logs — 14 days
  • Contact form submissions — 12 months, or until the enquiry is resolved

You may request earlier deletion by contacting us. Some data may be retained longer where required by law.

6. Sharing and Sub-Processors

We do not sell or share your personal data with third parties for their own purposes. We use a limited number of sub-processors to operate the service:

Sub-processorPurposeLocation
Hetzner Online GmbHCloud infrastructure (servers, storage)Germany (EU)
Transactional email providerSending verification and notification emailsEU

All sub-processors are bound by data processing agreements and handle data only as instructed by us. Where data is processed outside the EEA, appropriate safeguards (Standard Contractual Clauses) are in place.

We may disclose personal data to law enforcement or regulatory authorities if required by applicable law or valid legal process.

7. Security

We apply appropriate technical and organisational measures to protect your data:

  • All API communication is encrypted in transit via TLS 1.2 or higher
  • API keys are stored as hashed values — we cannot retrieve the plaintext key
  • Access to production systems is restricted by role
  • We maintain an incident response process for security events

If you discover a security vulnerability, please report it via our responsible disclosure policy.

8. Your Rights

Under GDPR and applicable data protection law, you have the following rights:

  • Access — request a copy of the personal data we hold about you
  • Rectification — request correction of inaccurate data
  • Erasure — request deletion of your personal data ("right to be forgotten")
  • Restriction — request that we restrict processing of your data
  • Portability — receive your data in a structured, machine-readable format
  • Objection — object to processing based on legitimate interest
  • Withdraw consent — where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, contact us. We will respond within 30 days. You also have the right to lodge a complaint with your local supervisory authority (in the Netherlands: Autoriteit Persoonsgegevens, autoriteitpersoonsgegevens.nl).

9. Cookies

The RuntimeGuard website does not use tracking or advertising cookies. We set a single functional cookie to maintain your dashboard session when you are authenticated. This cookie is strictly necessary for the service to function and does not require your consent under ePrivacy rules.

10. Children

RuntimeGuard is a B2B security service intended for organisations and professionals. We do not knowingly collect personal data from individuals under the age of 16. If you believe we have inadvertently collected such data, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "last updated" date at the top of this page and, where appropriate, notify registered users by email. Your continued use of the service after changes take effect constitutes your acceptance of the updated policy.

12. Contact

For privacy-related questions, requests or complaints, please contact us via the contact form and select Privacy / legal as the topic.

Wizzler · The Netherlands · runtimeguard.io/contact