XGuardia
Get Started Free

Privacy Policy

Last updated: 2026-05-11. This page describes what data XGuardia collects, why, and what choices you have.

Who we are

XGuardia ("we", "us") is a software service that helps freelancers and small businesses generate proposals, contracts, invoices, resumes, and run a toolkit of utilities (PDF tools, QR codes, OCR, image optimization, palettes and more). The service operates at https://xguardia.com.

What data we collect

We only collect what's necessary to provide the service.

When you sign up

  • Email address (required to log in)
  • Name (optional, taken from your Google profile if you sign in via Google)
  • Avatar URL (optional, from Google)

When you use the product

  • The content you create (proposals, invoices, contracts, resumes, time entries) — stored so you can edit and reshare it
  • Stripe customer + subscription identifiers (when you upgrade to Pro)
  • Stripe Connect identifiers (if you set up payment collection on your proposals)
  • Counter-party signatures (signer name, optional email, IP hash, timestamp) — stored as proof of contract / proposal acceptance

Usage analytics (only if you consent)

  • Anonymous pageviews via Google Analytics 4
  • Tool-usage event names (e.g. "merge_pdf_used") with no file content
  • Hashed IP for rate-limiting free tools (1 op/day) — never the raw IP

Automatically logged by infrastructure

  • HTTP request logs (Vercel) — retained 30 days
  • Error traces (when crashes happen)

What we do NOT collect

  • Your file contents on tools that run in the browser (image optimizer, OCR, QR generator, favicon generator, email signature). These never leave your device.
  • Behavioural ad-targeting data. We don't run ad networks.
  • Cross-site tracking pixels. We use no third-party marketing SDKs.

Cookies

We use two kinds of cookies:

Strictly necessary — used to keep you logged in (NextAuth session cookie), remember your country preference, and protect against CSRF. These are loaded for everyone and can't be disabled because the product wouldn't work.

Analytics — only loaded if you click "Accept" on the cookie banner. You can change your choice anytime via the "Manage cookies" link in the footer.

Sub-processors

We rely on these third parties to run the service. Each has their own privacy policy.

  • Stripe — payment processing. Stores card data and billing records under PCI DSS.
  • Resend — transactional email delivery (magic links, signature receipts, proposal/invoice notifications).
  • Vercel — application hosting, including HTTP request logs.
  • Neon (PostgreSQL) — database hosting.
  • Google — OAuth sign-in and Google Analytics (analytics only fires with your consent).

Your rights

Under LGPD (Brazil), GDPR (EU/EEA), and CCPA (California), you have the right to:

  • Access the personal data we hold about you
  • Correct or update it
  • Delete your account and all associated data
  • Export your data in a portable format
  • Withdraw consent for analytics at any time

To exercise any of these rights, email privacy@xguardia.com or delete your account via the dashboard settings.

Data retention

  • Account data: while your account exists. Deletion is permanent and removes all proposals, invoices, contracts, resumes, signatures and time entries.
  • Stripe records: as long as required by tax and accounting law (typically 5–7 years).
  • Server logs: 30 days.
  • Anonymous analytics: 14 months (Google Analytics default).

Children

XGuardia is intended for users 16+. We don't knowingly collect data from anyone under 16.

Changes to this policy

When we change the policy materially (new sub-processor, expanded data collection, etc.), we'll bump the "Last updated" date and surface a notice in the app. For minor edits we just update the page.

Contact

privacy@xguardia.com