Privacy Policy

Effective date: July 8, 2026  ·  GreerGuard by Dvance Development

This Privacy Policy describes the information GreerGuard collects across its Android application, browser extensions, and website, how that information is used and protected, and the rights available to you. Please read it carefully.

Contents

  1. Controller Identity and Contact
  2. Scope of This Policy
  3. Information Collected by the Android Application
  4. Information Collected by the Browser Extension
  5. Information Collected by the Website and Partner Portal
  6. How We Use Your Information
  7. Legal Basis for Processing
  8. Disclosure of Your Information
  9. Data Retention
  10. Security Measures
  11. Children’s Privacy
  12. Your Rights and Choices
  13. International Data Transfers
  14. Third-Party Links and Services
  15. Changes to This Policy
  16. Contact and Data Subject Requests

1Controller Identity and Contact

The data controller for all personal information processed in connection with GreerGuard products and services is:

Dvance Development
Operating under the brand GreerGuard
Oregon, United States
Email: support@greerguard.com

References to "we," "us," or "our" in this Policy refer to Dvance Development. References to "you" or "User" refer to any individual who downloads, installs, accesses, or uses any GreerGuard product or service.

2Scope of This Policy

This Privacy Policy applies to all GreerGuard products and services, including:

This Policy does not apply to third-party services that GreerGuard integrates with, such as Google Play, Stripe, or DNS resolver providers. Those services are governed by their own privacy policies.

3Information Collected by the Android Application

The GreerGuard Android application performs its analysis entirely on your device. It does not transmit your app list, file contents, message contents, location, contacts, or any other personal device data to our servers.

3.1 Device Identifier

The application uses your device's Android ID (Settings.Secure.ANDROID_ID) as a pseudonymous device identifier. This identifier is generated by the Android operating system, is specific to your device and app installation, and is not linked to your name or email address unless you create an account. It is used to:

Android ID does not reveal your identity, is resettable by performing a factory reset, and is not used for advertising or behavioral profiling.

3.2 App Metadata (Processed Locally)

To perform security analysis, the application reads the following information about applications installed on your device:

This information is processed and stored locally on your device only. It is not transmitted to our servers unless you explicitly submit a false-positive report (see Section 3.4).

3.3 Notification Content (Metadata Only)

The application holds a Notification Listener permission that allows it to monitor notification metadata for malicious URLs embedded in push notifications. The app scans only the URL strings present in notifications, not the full text or meaning of the notification content. URL scan results are stored locally. No notification text or metadata is transmitted to our servers.

3.4 False-Positive Reports (User-Initiated)

When you voluntarily submit a false-positive report for an application you believe has been incorrectly flagged, the following information is transmitted to our servers:

This information is used solely to review and improve the accuracy of our detection logic. It is not sold or shared with third parties.

3.5 Support Tickets (User-Initiated)

When you submit a support request through the in-app support form, we receive your device identifier, the topic category you selected, and the message you typed. We do not receive your name or email address unless you include them in the message body.

3.6 Subscription and Billing

If you purchase a GreerGuardian subscription through Google Play, subscription status and entitlement data are managed by Google Play Billing. We receive only a subscription token and status flag from Google; we do not receive your payment card information or Google account credentials.

3.7 Camera

The application may request camera permission for the purpose of scanning QR codes to link your Android device with the browser extension. Camera access is used solely in the moment of scanning and is not used to capture images, video, or any other data.

3.8 Information We Do Not Collect

The Android application does not collect:

4Information Collected by the Browser Extension

The browser extension detects threats by analyzing in-browser behavioral signals entirely within your browser. It does not read page content, transmit your browsing history, or send any data to our servers unless you have voluntarily linked the extension to your Android app.

4.1 Local Storage (On-Device Only)

The extension stores all operational data locally using the browser’s built-in extension storage (chrome.storage.local / browser.storage.local). This includes:

None of the above is transmitted to our servers unless the extension is linked to your Android app.

4.2 Behavioral Signal Processing

The extension’s content scripts run on every webpage you visit to monitor browser-level behavioral signals, including:

These signals are evaluated locally. The extension does not read the text content, form data, passwords, or other payload of pages you visit. Your browsing history is not transmitted to us.

4.3 Global Safe-Domains List

The extension periodically fetches a list of globally recognized safe domains from our server (greerguard.com/wp-json/greerguard/v1/global-config). This request contains no user-identifying information. The response is a domain allowlist used to reduce false positives. Standard server-side access logs may record the IP address of the requesting browser at the time of this fetch.

4.4 Linked-App Event Sync (Conditional)

If you choose to link the browser extension to your Android app by entering a pairing code, the extension stores a session token (gg_link_token) locally. While linked, each time a blocking or warning event occurs, the extension transmits the following to our server:

The full URL of the page is not transmitted; only the domain (e.g., example.com) is sent. This data is used to synchronize the event with your Android app’s history log and, where applicable, add the domain to your device’s SafeSearch blocklist.

4.5 Staff Block Reports (Conditional)

When the extension automatically reports a confirmed block event to our security team for review, it transmits the blocked domain, the page URL at the time of the event, the detection reason, and the behavioral triggers. This reporting is used exclusively to review and improve detection accuracy. Your session token, if present, is included to allow deduplication. No personally identifying information beyond what is described here is transmitted.

4.6 User-Submitted Feedback (User-Initiated)

If you submit a false-positive or false-negative report through the extension interface, we receive: the report subject, report type, the domain or extension in question, your optionally provided name, and your session token if linked. Submission of name is voluntary.

4.7 Installed Extensions Audit

The extension uses the browser’s management API to read the list of other extensions installed in your browser. This information is processed locally to flag potentially risky extensions and is never transmitted to our servers. The audit result is stored in local extension storage only.

4.8 Information the Extension Does Not Collect

The extension does not:

5Information Collected by the Website and Partner Portal

5.1 Account Registration and Subscription

When you create an account or purchase a GreerGuardian subscription on the website, we collect:

5.2 Support Tickets

When you submit a support request through the website, we collect the topic you select, the message you write, and, if submitted from the Android app, the device identifier associated with your device. You may optionally provide your name and contact email within the message body.

5.3 Partner and Affiliate Accounts

Partners who apply to the GreerGuard Partner Program provide business contact information, payment details for commission disbursement (processed by Stripe or PayPal), and referral code activity. Partner data is used solely to administer the partner relationship and calculate commissions.

5.4 Session Cookies

The website uses server-side PHP session cookies to maintain authenticated sessions for signed-in users. These cookies are session-scoped (they expire when you close your browser), are transmitted over HTTPS only, are not accessible to JavaScript (HttpOnly), and are constrained to same-site requests (SameSite=Strict). We do not use persistent tracking cookies, advertising cookies, or third-party analytics cookies.

5.5 Server Access Logs

Our web server maintains standard access logs that record, for each request: IP address, date and time, requested URL, HTTP status code, browser user-agent string, and referring URL. These logs are used for security monitoring, abuse detection, and operational diagnostics. They are not used to build behavioral profiles of users and are retained for no longer than 90 days.

5.6 Information the Website Does Not Collect

The greerguard.com website does not use Google Analytics, Meta Pixel, or any third-party behavioral analytics or advertising technology. No advertising identifiers are collected or shared with ad networks.

6How We Use Your Information

Purpose Information Used
Providing and operating the Services Device ID, subscription status, extension link token
Authenticating your account and maintaining your session Email address, hashed password, session cookie
Processing subscription payments and renewals Email address, Stripe payment reference
Delivering transactional emails (receipts, renewal notices, subscription changes) Email address
Syncing browser extension events to the Android app Extension link token, blocked domain, detection reason, triggers, timestamp
Reviewing false-positive and false-negative reports to improve detection Device ID, app/domain metadata, risk signals, user-provided description
Responding to support requests Device ID, support topic, message content
Administering the Partner Program Partner contact information, referral activity, payment references
Security monitoring and abuse prevention Server access logs, IP address
Complying with legal obligations As required by applicable law

We do not use your information for advertising, sell it to third parties, or use it to build behavioral or interest-based profiles for any purpose other than providing the security services described above.

7Legal Basis for Processing

For users located in the European Economic Area, United Kingdom, or other jurisdictions with similar data protection laws, we process personal information on the following legal bases:

8Disclosure of Your Information

We do not sell, rent, or trade your personal information. We disclose information only in the following circumstances:

8.1 Service Providers

We share information with third-party service providers who assist us in operating the Services, subject to confidentiality obligations:

8.2 Legal Requirements

We may disclose your information if required to do so by law, regulation, judicial order, subpoena, or other legal process, or if we believe in good faith that disclosure is necessary to protect the rights, property, or safety of Dvance Development, our users, or the public.

8.3 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of all or substantially all of our assets, your information may be transferred to the acquiring entity, provided that the acquiring entity agrees to honor the commitments made in this Privacy Policy or provides you with equivalent or stronger protections.

8.4 Aggregated and De-Identified Data

We may share aggregated, de-identified statistical information (e.g., the number of times a particular threat type was detected across all users) that cannot reasonably be used to identify any individual. This does not constitute disclosure of personal information.

9Data Retention

We retain personal information only for as long as necessary to fulfill the purposes described in this Policy, unless a longer retention period is required or permitted by law.

Category of Data Retention Period
Account information (email, hashed password) Duration of your account plus 30 days following deletion request
Subscription records 7 years (for financial record-keeping compliance)
False-positive report submissions Up to 24 months, then anonymized or deleted
Support ticket content Up to 24 months after ticket resolution
Extension event sync records (linked-app events) Up to 12 months
Server access logs 90 days
Local app and extension data (on your device) Until you clear app data, uninstall the software, or manually clear history within the product

Data retained for legal compliance purposes may be held in a restricted archive and is not used for operational purposes during the archival period.

10Security Measures

We implement technical and organizational security measures appropriate to the nature and volume of data we process, including:

No method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security. In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and, where required, relevant supervisory authorities, in accordance with applicable law.

11Children’s Privacy

GreerGuard products are not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. Users between the ages of 13 and 18 may use GreerGuard only with the involvement and consent of a parent or legal guardian, as described in our Terms of Service.

If we become aware that we have inadvertently received personal information from a child under the age of 13 without verifiable parental consent, we will delete that information promptly. If you believe your child has provided us with personal information without your consent, please contact us at support@greerguard.com.

12Your Rights and Choices

Depending on your jurisdiction, you may have the following rights with respect to your personal information. To exercise any of these rights, please contact us as described in Section 16.

12.1 Access

You have the right to request a copy of the personal information we hold about you.

12.2 Correction

You have the right to request correction of inaccurate or incomplete personal information we hold about you.

12.3 Deletion

You have the right to request deletion of your personal information, subject to our right to retain data required by law or for legitimate business purposes such as fraud prevention or financial record-keeping. Deletion of your account will result in loss of access to subscription benefits.

12.4 Data Portability

Where processing is based on your consent or performance of a contract, and is carried out by automated means, you have the right to receive your personal information in a structured, commonly used, machine-readable format.

12.5 Objection and Restriction

You have the right to object to or request restriction of processing where that processing is based on legitimate interests. We will honor such requests unless we have compelling legitimate grounds that override your interests, or processing is necessary to establish, exercise, or defend legal claims.

12.6 Withdrawal of Consent

Where processing is based on your consent, you may withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal.

12.7 Opt Out of Non-Essential Communications

You may opt out of marketing communications by contacting us or using the unsubscribe mechanism in any marketing email. You cannot opt out of transactional communications (e.g., subscription receipts and renewal notices) while maintaining an active subscription, as these are necessary for the performance of our contract with you.

12.8 Complaint to a Supervisory Authority

If you are located in the EEA or UK and believe we have not handled your personal information in accordance with applicable law, you have the right to lodge a complaint with your local data protection supervisory authority.

12.9 Local Data Controls

You can delete the data stored locally by the Android application by clearing app data in your device settings or uninstalling the app. You can delete the data stored locally by the browser extension by clearing extension storage through the extension’s settings panel or removing the extension from your browser.

13International Data Transfers

Dvance Development is based in the United States. If you access our Services from outside the United States, your information will be transferred to and processed in the United States, where data protection laws may differ from those of your country of residence.

Where we transfer personal information of individuals in the European Economic Area or United Kingdom to a country without an adequacy decision, we do so on the basis of standard contractual clauses or other appropriate transfer mechanisms as required by applicable law.

By using GreerGuard, you acknowledge that your information may be processed in the United States and in any other country where our service providers maintain infrastructure.

14Third-Party Links and Services

Our website, app, and extension may contain links to third-party websites or integrate with third-party services. This Privacy Policy does not apply to those third parties. We encourage you to review the privacy policies of any third-party service you interact with through or in connection with GreerGuard.

In particular, transactions processed by Stripe are governed by Stripe’s Privacy Policy; app purchases and subscriptions processed through Google Play are governed by Google’s Privacy Policy; and Firefox extension distribution is governed by Mozilla’s Privacy Policy.

15Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make changes, we will revise the effective date at the top of this page.

For material changes — meaning changes that significantly affect how we collect, use, or share your personal information — we will provide at least 14 days’ advance notice via email (if you have an account) or via a prominent notice within the GreerGuard application or on the website. Your continued use of GreerGuard after the effective date of a revised Policy constitutes acceptance of the updated terms.

We encourage you to review this Policy periodically. Archived versions of prior policies are available upon request.

16Contact and Data Subject Requests

For questions about this Privacy Policy, to exercise any of the rights described in Section 12, or to report a privacy concern, please contact us:

Please include “Privacy Request” in the subject line of your email. We will acknowledge receipt within 5 business days and will endeavor to respond substantively within 30 days. Where a request is complex or involves a large volume of data, we may extend this period by a further 30 days and will notify you of any such extension.

We may need to verify your identity before processing certain requests to ensure we do not disclose personal information to unauthorized parties. Verification requirements will be proportionate to the sensitivity of the data requested.

Questions about your privacy?

We’re here to help. Contact our support team with any privacy-related questions or requests.

Contact Support