Products
Products
Open-source Technology
Solutions
Resources
Company
Guardsquare ("we," "our," or "us") is committed to protecting your privacy. This privacy policy (“Privacy Policy”) regulates how we collect, use, disclose, and safeguard your personal data when you visit our website, guardsquare.com (the “Website”), use our services (the “Services”), or interact with us in other ways. Data processing is primarily handled by Guardsquare NV, located at Tervuursevest 362/1, 3000 Leuven, Belgium, and registered with the CBE under number BE0550.675.829. For the purposes of the Data Privacy Framework (DPF) self-certification (see here), this policy also applies to our U.S. subsidiary, Guardsquare, Inc., located at 99 Summer Street, Floor 10, Suite 1010, Boston, MA 02110, which adheres to the DPF Principles.
Depending on the context, we may act as either a data controller (e.g., for website visitor or marketing data) or a data processor (e.g., for customer data processed through our “Services” as defined in our Data Processing Agreement).
This Privacy Policy applies to all personal data collected through our Website, our Services, or through any other interactions you may have with us. By using our Website and/or our Services, you acknowledge that you have carefully read this Privacy Policy and agree to its terms without reservation.
For purposes of this Privacy Policy, “Services” refers to the products and offerings described in our Data Processing Agreement (DPA).
While using the Website, you may encounter links to third-party websites. Please be advised that such third-party websites are independent sites, and we assume no responsibility or liability whatsoever regarding privacy matters or any other legal matter with respect to such sites. We encourage you to review the privacy policies and terms of use for any such third-party websites you visit.
We comply with relevant data protection laws, including the General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR), and utilize the Data Privacy Framework (DPF) for service providers that are certified under this mechanism or Standard Contractual Clauses (SCCs) for international data transfers to ensure that personal data is protected when exported outside the European Economic Area (EEA) to countries that are not recognized by the European Commission to offer adequate personal data protection.
We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated effective date.
Last updated: 09 April 2025
We collect personal data based on how you interact with our Website and Services:
This Privacy Policy applies to data that qualifies as personal data, defined as data about an identified or identifiable natural person.
We process your personal data based on the following legal grounds:
We are committed to data minimization, meaning that we collect and process the personal data necessary to fulfill the specific purposes outlined in this Privacy Policy. Personal data is processed only for as long as required for these purposes or until you withdraw consent. If you have registered on our Website and later remove your profile, we will delete your personal data unless retention is required by law.
Please do not provide us with any sensitive information (e.g., health data, criminal records, or credit card/account number details).
To the extent that you provide us with any personal data in connection with any third party, you are solely responsible for receiving and hereby represent and undertake to have received the consent, authority, permission, and approval of such person and to have provided them with sufficient disclosures, to allow the use of such personal data, and to allow us to access, store, collect, and process such personal data as detailed herein.
We may share your personal data in the following cases:
We process personal data both within and outside the European Economic Area (EEA). Our product infrastructure is securely hosted in the European Union (EU) on the Google Cloud Platform (GCP). However, some of our product sub-processors may process data outside the European Economic Area (EEA). Please refer to our Data Processing Agreement (DPA) for detailed information.
Guardsquare processes personal data both within and outside the European Economic Area (EEA). For data transfers to countries outside the EEA, including the United States, we rely on the Data Privacy Framework (DPF) for service providers certified under this mechanism (please refer to §2.4.2 below), ensuring that your personal data receives the same level of protection as within the EEA. For other service providers not certified under the DPF, we rely on adequacy decisions and Standard Contractual Clauses (SCCs) in conjunction with Transfer Impact Assessments (TIA) to assess and mitigate potential risks. These legal mechanisms ensure the security and integrity of your personal data when processed outside the EEA, meeting GDPR compliance standards.
The following table provides an overview of our third-party service providers, the purposes for which personal data is processed, the types of personal data involved, the country of transfer, and the specific protection mechanisms applied. For detailed information about the subprocessors we use to deliver our “Services” — including their roles, processing locations, and the types of personal data involved — please refer to the annexes of our Data Processing Agreement.
Sub-processor |
Purpose |
Data Processed |
Country (outside EEA) |
Protection Mechanism |
Google Analytics 4 |
Website Analytics and Tracking |
Geographic metadata (based on IP address), User behavior, Device information, Cookies |
USA |
Standard Contractual Clauses (SCCs) + Transfer Impact Assessment (TIA) |
HubSpot |
Marketing and CRM |
Name, Email, Geographic metadata (based on IP address), User behavior, Contact details, Analytics, Device information |
USA |
Data Privacy Framework (DPF) |
|
Marketing |
Direct messages with prospects who engage with marketing posts, Aggregated engagement data (clicks, impressions) |
USA |
Data Privacy Framework (DPF) |
LinkedIn Navigator |
Sales and Lead Generation |
Name, Email, Job Title, Professional Data |
USA |
Data Privacy Framework (DPF) |
LinkedIn Recruiter |
Recruitment |
Name, Email, Job Title, Professional Data |
USA |
Data Privacy Framework (DPF) |
SalesLoft |
Sales Engagement |
Name, Email, Phone Number, User Activity, Communication History |
USA |
Data Privacy Framework (DPF) |
Greenhouse |
Recruitment and hiring process management |
Personal data related to job applicants (e.g., name, contact details, CVs, application information) |
USA |
Data Privacy Framework (DPF) |
X |
Social Media |
Aggregated engagement data (clicks, impressions) |
USA |
Data Privacy Framework (DPF) |
|
Social Media and Advertising |
Aggregated engagement data (clicks, impressions) |
USA |
Data Privacy Framework (DPF) |
|
Social Media |
Aggregated engagement data (clicks, impressions) |
USA |
Data Privacy Framework (DPF) |
Clozd |
Win-Loss Analysis |
Name, Email, Job Title, Professional Data |
USA |
Standard Contractual Clauses (SCCs) + Transfer Impact Assessment (TIA) |
Guardsquare, Inc. complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Guardsquare, Inc. has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Guardsquare, Inc. has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/
In accordance with the DPF Principles, Guardsquare, Inc. is responsible for the processing of personal data it receives under the DPF and subsequently transfers to third parties acting as agents on its behalf. In such cases, Guardsquare, Inc. ensures that the third parties process personal data in a manner consistent with the DPF Principles.
Our commitment includes:
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Guardsquare, Inc. commits to resolving DPF Principles-related complaints about our collection and use of your personal data. European Union, United Kingdom, and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF should first contact Guardsquare. Refer to §6 (Dispute Resolution and Contact Information).
Guardsquare, Inc. has further committed to refer unresolved complaints and disputes concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit JAMS Data Privacy Framework Dispute Resolution. The services of JAMS are provided at no cost to you.
If you have concerns regarding our compliance with the DPF Principles that remain unresolved after utilizing our internal complaint resolution processes and other available DPF mechanisms, you may have the option, under certain conditions, to invoke binding arbitration. For detailed information on the conditions and procedures for binding arbitration, please refer to Annex I of the DPF Principles.
Additionally, personal data transferred under the DPF is subject to oversight by the U.S. Federal Trade Commission (FTC), which has investigatory and enforcement powers.
We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy or as required by law. If you request the deletion of your data, we will comply unless statutory or regulatory obligations require us to retain it.
The following sections describe the specific cases in which we collect and process personal data, the purpose, legal basis, retention period, and whether third parties receive the data.
Under the GDPR and the Data Privacy Framework, you have the following rights:
You will not have to pay a fee to access your personal data or to exercise any of the other rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We take data security seriously and have implemented technical and organizational measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction. These measures include encryption, access controls, and regular security audits. Please visit our Security Standards page for more detailed information on our security practices.
We use cookies and similar technologies to improve user experience. For details, see our Cookie Policy.
If you have concerns about how we handle your personal data or believe we are not complying with applicable data protection laws, we encourage you to contact us directly first. We are committed to responding promptly and resolving issues in a fair and transparent manner.
For general privacy inquiries, to exercise your rights under GDPR or other applicable laws, or to raise a concern, please use our Privacy Request & Complaint Handling Form. If you are unable to access the form, you may contact us by email:
If you are not satisfied with our response, you have the right to escalate your complaint to the relevant Data Protection Authority (DPA) in your country.
Because our EU headquarters is in Belgium, you may also contact:
Belgian Data Protection Authority (Autorité de protection des données / Gegevensbeschermingsautoriteit)
Rue de la Presse 35, 1000 Brussels
Phone: +32 (0)2 274 48 00
Email: contact@apd-gba.be
Website: www.dataprotectionauthority.be
You can find a list of all EU/EEA DPAs here.
If your concern involves personal data transferred under the EU-U.S. Data Privacy Framework (DPF), the UK Extension, or the Swiss-U.S. DPF, the following dispute resolution process applies: