Privacy Policy

Last updated: November 1, 2025

1. Introduction

Montiguard ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and services ("Montiguard" or "the App").

Data Controller: Montiguard
Data Processing Location: European Union (Amsterdam, Netherlands)
Governing Law: GDPR (General Data Protection Regulation)

2. Information We Collect

2.1 Account Information (Optional)

Montiguard supports anonymous usage. You are not required to provide an email address or create an account to use the App. If you choose to create an account, we may collect:

  • Email address (optional, for account recovery and support)
  • Account credentials (password, stored encrypted)

2.2 Device Information (Required for Functionality)

To provide the spam filtering service and manage subscriptions, we collect:

  • Device Identifier: IDFV (iOS) or Android ID - used for subscription validation and device management
  • Platform Information: Operating system (iOS/Android) and version
  • App Version: Version of Montiguard installed
  • Device Name: Device model (e.g., "iPhone 15 Pro") - for your reference only

2.3 Subscription and Payment Information

When you purchase a subscription, we collect:

  • Subscription Provider ID: Your Apple App Store subscription identifier
  • Product ID: Which subscription plan you purchased
  • Subscription Status: Active, expired, trial, or cancelled status
  • Subscription Dates: Start date, renewal date, and expiration date

Apple App Store manages all payment processing. We do not have access to your payment card details. Subscription management is handled through your Apple ID account settings.

2.4 Push Notification Token (Optional)

If you enable notifications, we collect your device's push notification token (APNS for iOS, FCM for Android) to send you security alerts and service notifications. You can disable notifications at any time through your device settings.

2.5 Message Content and Processing

Critical Privacy Information:

  • Message Transmission: When you use spam filtering, message content is transmitted to our secure servers for real-time analysis using advanced security algorithms and AI-powered detection systems.
  • Zero Data Retention: Message content is processed in memory (RAM) only and is NEVER stored, logged, or retained on our servers. Messages are permanently deleted from memory immediately after analysis is complete (typically within milliseconds).
  • Third-Party AI Processing: We use third-party AI services with contractual zero data retention guarantees to enhance spam detection. These providers do not store or use your message content for any purpose, including AI training.
  • No Message Database: We do not maintain any database, backup, or archive of message content.
  • Assessment Results: We currently do NOT store assessment results, risk scores, or any metadata about analyzed messages. The App is designed to support optional assessment storage in the future, but this feature is not active and would require explicit user consent if enabled.

3. How We Use Your Information

We use the collected information solely for the following purposes:

  • Service Delivery: Provide real-time spam and phishing detection services
  • Subscription Management: Validate and manage your subscription status with Apple App Store
  • Device Management: Allow you to use the App across your registered devices
  • Notifications: Send security alerts and important service updates (only if you opt-in)
  • Support: Respond to your support inquiries and technical issues
  • Legal Compliance: Comply with applicable laws and legal obligations

We do NOT use your data for:

  • Marketing or advertising purposes
  • Selling or renting to third parties
  • Training AI models or machine learning systems
  • Profiling or behavioral analysis
  • Any purpose other than those explicitly stated above

4. Data Sharing and Disclosure

We do NOT sell, trade, rent, or share your personal information with third parties for their marketing purposes. We may share limited information only in the following strictly necessary circumstances:

  • Subscription Providers: Apple App Store receives subscription validation requests (device identifier and subscription ID only) to verify your subscription status. This is required for subscription functionality and is governed by their respective privacy policies.
  • AI Service Providers: Message content is transmitted to third-party AI providers with contractual zero data retention guarantees. Messages are processed in real-time and immediately deleted. These providers do not store, log, or use your messages for any purpose.
  • Infrastructure Provider: Our hosting provider operates our servers in Amsterdam, Netherlands (European Union). They do not have access to message content or any data beyond standard infrastructure logs (IP addresses, connection metadata).
  • Legal Requirements: We may disclose information when required by law, court order, or government request, or to protect our legal rights, prevent fraud, or ensure user safety. We will notify you of such requests unless prohibited by law.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, who will be bound by this Privacy Policy.

No Data Brokers: We do not work with data brokers or sell data to advertisers.

5. Data Security

We implement industry-standard technical and organizational security measures to protect your information:

  • Encryption: All data transmissions use TLS/SSL encryption
  • Secure Infrastructure: Servers hosted in SOC 2 compliant data centers in the European Union
  • Access Controls: Strict access controls and authentication for system administrators
  • Password Security: Passwords are hashed using industry-standard algorithms (never stored in plain text)
  • Zero Persistence: Message content exists only in RAM during processing and is never written to disk
  • Regular Updates: Security patches and updates are applied regularly

Security Disclaimer: While we implement robust security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security against unauthorized access, hardware failure, or other factors beyond our control. You acknowledge and accept these inherent risks when using the App.

6. Data Retention

We retain different types of data for different periods:

  • Message Content: Zero retention - deleted immediately after processing (within milliseconds)
  • Device Information: Retained while your account is active and for 90 days after account deletion
  • Subscription Data: Retained for the duration of your subscription plus 7 years for tax and legal compliance
  • Support Communications: Retained for 2 years after the last interaction
  • Anonymous Account Data: Deleted immediately upon account deletion request

You can request account deletion at any time by contacting support@montiguard.com

7. Your Rights Under GDPR

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights:

  • Right of Access: Request a copy of your personal data we hold
  • Right to Rectification: Correct inaccurate or incomplete personal data
  • Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data
  • Right to Restriction: Limit how we process your data
  • Right to Data Portability: Receive your data in a machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time (where processing is based on consent)
  • Right to Lodge a Complaint: File a complaint with your local data protection authority

To exercise these rights, please contact us at support@montiguard.com. We will respond within 30 days.

Note: Some data (such as subscription records for tax purposes) may be retained even after deletion requests due to legal obligations.

8. Your Rights for Other Jurisdictions

If you are located in California (CCPA), Virginia (VCDPA), or other jurisdictions with specific privacy laws, you may have additional rights. Please contact us at support@montiguard.com to exercise your rights under applicable laws.

9. Children's Privacy

Montiguard is not intended for use by children under 13 years of age (or 16 in the EEA). We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a child, please contact us immediately at support@montiguard.com, and we will delete it promptly.

10. International Data Transfers

Our servers are located in the European Union (Amsterdam, Netherlands). If you access Montiguard from outside the EU:

  • Your data will be transferred to and processed in the EU
  • The EU provides an adequate level of data protection under GDPR
  • We implement appropriate safeguards for all international transfers
  • Message content is processed in real-time with zero retention regardless of your location

By using Montiguard, you consent to the transfer of your information to the EU.

11. Cookies and Tracking

Montiguard does not use cookies, tracking pixels, or similar technologies for analytics, advertising, or user tracking. We do not collect browsing history or track your activity outside the App.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

  • Posting the updated policy on this page with a new "Last updated" date
  • Sending an in-app notification or push notification (if enabled)
  • Sending an email (if you provided an email address)

Your continued use of Montiguard after the effective date of changes constitutes your acceptance of the updated Privacy Policy. If you do not agree with the changes, you should stop using the App and delete your account.

Material Changes: We will seek your explicit consent if changes materially affect your rights or expand the scope of data collection beyond what was originally disclosed.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at:

We will respond to your inquiry within 30 days (or as required by applicable law).

14. Supervisory Authority

If you are located in the EEA and believe we have not addressed your privacy concerns adequately, you have the right to lodge a complaint with your local data protection supervisory authority.