Privacy Policy
Last updated: 15 July 2026
This Privacy Policy (the “Notice”) explains how LEGIOSOFT SOLUTIONS, SOCIEDAD LIMITADA (“LegioSoft”, “we”, “us”) handles Personal Data in connection with GuardHouse and the LegioSoft Customer Portal.
Important role distinction: LegioSoft is the controller for website, customer-account, billing, support and its own security data. A GuardHouse customer normally controls the purposes and legal basis for the personal data of people who use that customer’s application. For that Customer Data, LegioSoft acts as the customer’s processor and processes it under the customer’s documented instructions.
1. Scope and Our Roles
1.1 Services covered
This Notice covers guardhouse.cloud, relevant legiosoft.net pages that link to it, GuardHouse trial and contact forms, the LegioSoft Customer Portal at portal.legiosoft.net, products purchased through that portal, GuardHouse Cloud instances (including hosted and custom-domain login pages, admin interfaces, APIs and SDK interactions), and support processing for self-hosted GuardHouse Enterprise. No Enterprise licence-validation callback is active as of the last-updated date. This Notice does not govern a customer’s own application, website or independent processing activities.
1.2 When LegioSoft is controller
LegioSoft determines why and how Personal Data is used for its websites, business contacts, trials, Customer Portal accounts, contracts, subscriptions, billing, support, licence administration, the security of LegioSoft’s own accounts and infrastructure, fraud prevention for its own business, legal compliance and defence of claims. For these activities, LegioSoft is the controller.
This controller role does not mean that LegioSoft determines a customer’s purpose or lawful basis for tenant authentication, tenant activity or tenant-security data. If LegioSoft were to use tenant records independently for a platform-wide or cross-tenant purpose, that separate use would require its own documented purpose, legal basis, retention and notice.
1.3 When LegioSoft is processor
A GuardHouse Cloud customer chooses which people may use its application, which identity and access features to enable, its lawful basis, its notices and how long its data is needed within available service settings. The customer is the controller (or, in some cases, a processor for another controller), and LegioSoft is its processor for Customer Data. This includes tenant authentication, activity, session and security records and IP/ASN enrichment used to operate and protect that tenant. This processing is governed by the customer agreement and Data Processing Addendum (DPA). GuardHouse does not use these records to build a persistent cross-tenant reputation profile or to make an independent decision with legal or similarly significant effects.
If you are an end user of a customer’s application, that customer’s privacy notice—not this Notice—explains its purposes and legal basis. Direct your request to that customer first. If you contact us, we will identify and forward the request to the relevant customer where reasonably possible and assist it as required by the DPA.
1.4 Self-hosted Enterprise
For self-hosted GuardHouse Enterprise, the customer operates the deployment and LegioSoft does not routinely receive its tenant-user data, and the current Enterprise software has no active licence callback or routine telemetry. A future version may make a limited licence-status call whose application payload consists of a licence number and validation timestamp; the receiving service will also receive ordinary connection metadata. LegioSoft will describe the fields, purpose, frequency and retention in this Notice and the applicable Order before activating that feature. LegioSoft otherwise accesses data only when the customer submits it or authorises access for support. The customer controls its own hosting, backups, providers, security and retention.
2. Information We Collect
2.1 Website, contact and trial data
- name, business email and the content of an enquiry;
- company name, legal-entity type, country, VAT or company identifier, and contact person details;
- selected region, currency, plan and billing interval; and
- proposed tenant identifier and application name.
2.2 Customer Portal and billing data
- account identity, business contact details, role, permissions and authentication data;
- customer, product, instance, subscription, invoice, payment and support records;
- Stripe customer, setup and payment-method identifiers; and
- card network or brand, last four digits and expiry date, but not the full card number or CVC.
2.3 Customer Data processed for GuardHouse customers
- identity and profile data, such as username, email, telephone number, first and last name, avatar, status and customer-authorised identity fields;
- authentication and security data, such as password hashes, MFA configuration, recovery data, external identity-provider identifiers, account lockouts and access failures;
- passkey credential identifiers and public-key material, authenticator and platform information, origin or application identifiers and last-use time;
- roles, permissions, claims, organisations, applications, consents, authorisations and token or session records;
- IP address, user agent, language, device and session identifiers, timestamps, actions, and approximate country, city, network provider and ASN derived from an IP address;
- email messages and templates, avatars, branding assets and other files configured by the customer; and
- webhook destinations, delivery payloads and delivery responses, which can contain user profile and event data.
Passkeys may be unlocked on a user’s device with a biometric or device PIN, but GuardHouse does not receive or store the user’s fingerprint, face image or other biometric template.
2.4 Technical and source data
When someone connects to our services, we receive ordinary HTTP and security metadata, including IP address, request time, route, response status, referring page, browser or user-agent information and security signals. We may receive information from the customer that invited you, configured identity providers, Stripe, VIES, Cloudflare and customer-selected integrations.
GuardHouse Radar uses LegioSoft-operated internal tools to derive and cache approximate IP and network context for security. LegioSoft does not send the queried IP address to an external IP-enrichment provider and does not use a third-party IP dataset or enrichment service. Derived location is approximate and is not GPS data.
2.5 Information required to provide the Services
Fields identified as required in a contact, trial, account, tax or payment flow are needed to respond to the request, verify the business, create or secure an account, enter into or perform the contract, or meet a legal obligation. If required information is not provided, we may be unable to respond, create the trial/account, validate tax treatment or supply the Service. Optional information may be omitted. A GuardHouse customer decides which tenant-user data its application requires, subject to the Agreement and available GuardHouse settings.
3. How We Use Information
| Activity | Purpose | Legal basis |
|---|---|---|
| Enquiries, trial requests and sales discussions | Respond to you, assess the requested service and create a trial or order. | Steps requested before a contract; performance of a contract; and our legitimate interest in administering business enquiries. |
| Customer Portal and customer administration | Create and secure accounts, identify authorised customer representatives, manage products, subscriptions and service communications. | Performance of a contract where you are a party; otherwise our legitimate interests in performing and administering the customer contract. |
| Billing, tax and payment administration | Validate VAT details, issue invoices, collect payment, prevent payment fraud and keep legally required records. | Performance of a contract, compliance with legal obligations and legitimate interests. |
| LegioSoft account, infrastructure and business security | Protect the Customer Portal, LegioSoft administration and infrastructure accounts; diagnose service errors; prevent abuse; investigate incidents; and enforce service restrictions. | Performance of a contract and our legitimate interests in providing a reliable and secure service and protecting users, customers and LegioSoft. |
| Support and essential communications | Resolve support requests and send service, billing, security, incident and material legal notices. | Performance of a contract, legal obligations and legitimate interests. |
| Legal compliance and claims | Comply with law, respond to lawful requests, establish or defend claims and enforce our agreements. | Compliance with legal obligations and legitimate interests. |
Where LegioSoft processes Customer Data as processor, the customer—not LegioSoft—determines the legal basis. LegioSoft uses that data only to provide, secure and support the service under the customer’s documented instructions, except where law requires otherwise.
We do not sell Personal Data, use Customer Data for behavioural advertising, or use Customer Data to train AI models. We do not currently send newsletters or promotional follow-ups. Essential service, billing, security and legal communications are not marketing.
4. Payments
Payment-card details are entered into Stripe’s Payment Element and transmitted directly to Stripe. LegioSoft’s applications are designed not to receive or store the full card number or CVC. We receive Stripe identifiers, payment and billing status, card network or brand, last four digits and expiry date so that customers can manage payment methods and subscriptions.
Stripe Payments Europe, Limited is our contractual/DPA party for relevant services. Stripe Technology Company, Limited and applicable regulated Stripe entities may act as processors, independent controllers or joint controllers depending on the payment, identity, compliance or fraud-prevention function. Stripe’s own practices are explained in its Privacy Center.
6. Sharing and Service Providers
We disclose Personal Data only as needed to provide and protect the services, follow customer instructions, process payments, comply with law or complete a corporate transaction subject to appropriate confidentiality and data-protection safeguards. Our current principal providers and recipients are:
| Provider or recipient | Purpose | Relevant location |
|---|---|---|
| Oracle Ibérica, S.R.L. (CIF B78361482; VAT ESB78361482; Paseo de la Castellana 81, 28046 Madrid, Spain; Registro Mercantil de Madrid, Tomo 7137, Folio 106, Hoja 72399, Inscripción 1ª) | Managed compute, Kubernetes infrastructure, databases, cache, operational logs and backups. | Primary regions: Madrid, Spain, and Chicago, United States; Oracle may provide global support. |
| Cloudflare, Inc. | Content delivery and network security for applicable LegioSoft sites or endpoints, and LegioSoft-managed R2 object storage. | Global network. Cloudflare’s EU jurisdictional restriction is enabled for the LegioSoft-managed R2 bucket used by the EU cluster; Cloudflare support and subprocessors may operate from other listed locations. |
| AC PM, LLC (Postmark) | Default transactional email delivery, including recipient address and message content. | United States, including infrastructure operated by AWS and Deft, and any additional locations in Postmark’s current subprocessor documentation. |
| Functional Software, Inc. d/b/a Sentry | Error and performance diagnostics. LegioSoft intends not to send request bodies, authentication headers or cookies, names, email addresses or deliberate user content. Limited technical event metadata may nevertheless be Personal Data. | Primary diagnostic event data is stored in Sentry’s EU region. Limited account, organisation, audit, project and usage metadata, and Sentry support/subprocessor processing, may involve the United States or other locations described in Sentry’s current terms. |
| Stripe Payments Europe, Limited (contractual/DPA party) and applicable Stripe entities | Payment method setup, payment processing, invoicing support and payment-fraud prevention. | Ireland, the United States and other locations used by Stripe and its providers. |
| European Commission VIES and relevant EU Member State tax authorities | Validation of EU VAT numbers and related business details. | European Union. |
| Google Ireland Limited (Google Fonts) | Web-font delivery on pages that load Google-hosted fonts. The browser sends ordinary connection and request metadata, such as IP address, user agent and referring page. | European Union, United States and other locations used by Google. |
| OpenStreetMap Foundation and its map-tile infrastructure providers | Map-tile delivery on pages that display an OpenStreetMap map. The browser sends ordinary connection and request metadata and the requested map-tile coordinates. | United Kingdom and other locations used to deliver the map tiles. |
A customer may configure its own AWS S3, Cloudflare R2, email, social-login, webhook or other provider. When it does, GuardHouse sends data to that provider under the customer’s instruction. The customer is responsible for selecting, contracting with and lawfully configuring that provider. A customer’s own provider is not a LegioSoft subprocessor merely because GuardHouse integrates with it.
We may disclose information to courts, regulators, tax authorities, law enforcement, professional advisers or other parties where required by law or reasonably necessary to protect rights, safety, the services or legal claims. We assess legal requests and disclose only what we reasonably believe is required.
7. Data Locations and International Transfers
For GuardHouse Cloud, the customer selects the location of the primary managed GuardHouse compute, database, cache, operational logs and backups: Madrid, Spain for the EU region, or Chicago, United States for the US region. Hosted tenant environments are logically isolated from other tenants. Routine LegioSoft production administration is performed from Spain and restricted to authorised personnel.
The selected GuardHouse region does not mean that every related service stays in that region. Transactional email, object storage, error diagnostics, payments, customer-selected integrations and provider support may involve other countries, including the United States. Self-hosted Enterprise customers select their own infrastructure locations.
We rely on applicable adequacy decisions, including the EU–US Data Privacy Framework for participating certified US recipients. Where no adequacy decision applies, we use safeguards such as the European Commission’s Standard Contractual Clauses or approved Binding Corporate Rules, together with supplementary measures where appropriate. Contact us for information about the mechanism relevant to a specific transfer.
8. Data Retention and Deletion
| Category | Normal period |
|---|---|
| Website enquiries and incomplete trial requests | Normally 12 months after the last interaction, unless a longer period is needed for a dispute or legal obligation. |
| Customer, portal and subscription records | For the customer relationship and afterwards only as needed for contract administration, security, legal obligations or claims. Invoices, payment and tax records are retained for applicable Spanish legal periods, generally up to six years. |
| Customer Portal and LegioSoft administrative security records | Normally up to 12 months after the event or account closure; longer only while needed to investigate an incident, comply with law or establish, exercise or defend a claim. |
| Support records | Normally up to 24 months after the request is closed, unless the record is needed for security, a continuing issue or a legal claim. |
| Website, API, reverse-proxy, container and infrastructure operational/security logs | Ordinary records are normally kept no more than 90 days. A relevant subset may be isolated for longer while an incident, abuse case, legal obligation or claim is investigated or handled. |
| Sentry diagnostic events | For the retention period configured in LegioSoft’s Sentry account, and only while needed to diagnose errors and secure the Services. Events expire under that configuration or are deleted or anonymised sooner when no longer needed. |
| Postmark message content and delivery/activity data | Normally 45 days under the default LegioSoft account setting; suppression records may be kept longer for delivery safety and anti-abuse purposes. Customer-configured email providers apply their own periods. |
| Tenant user and security activity logs in GuardHouse Cloud | According to the applicable plan or Order, and no more than 90 days for standard Cloud plans unless a different period is expressly agreed. |
| Machine activity and webhook delivery diagnostic logs in GuardHouse Cloud | Up to 90 days, unless a shorter period is configured or a longer period is legally required. |
| Sessions, authorisations and tokens | For their active lifetime. Expired or revoked session records may be retained for up to 90 additional days for security and investigation. |
| Internally generated Radar IP and ASN security-context cache | Up to 14 days before the cached enrichment is refreshed or removed. |
| Enterprise licence-validation records | Not currently collected because no Enterprise licence-validation callback is active. Before activating a future callback, LegioSoft will disclose and document its retention period. |
8.1 Cloud instance deletion
If an authorised customer representative submits and verifies an explicit deletion request, we delete the instance’s primary Customer Data within 30 days. The customer may ask support to prioritise a verified irreversible deletion where technically possible. This shorter process is distinct from ordinary suspension.
If an instance is suspended or disabled, including for non-payment, we keep it in a recoverable state for 180 days to reduce the risk of accidental or unauthorised destruction and to permit restoration. Unless restored or legally required to be held, its primary Customer Data is then permanently deleted.
8.2 Backups and exceptions
Deleted data may remain in encrypted, access-restricted disaster-recovery backups until those backups expire, no later than 60 days after deletion from the primary environment. Backups are not used for ordinary processing. If a backup is restored, applicable deletion instructions are re-applied.
We may isolate and retain specific records for longer where law requires it, where necessary to preserve security or evidence, or for an actual or reasonably anticipated legal claim. We delete or anonymise the record when the exception ends.
9. Data Security and Automated Decisions
9.1 Security measures
We use technical and organisational measures designed for the nature and risk of the processing. These include tenant isolation, role-based access controls, least-privilege production access, confidentiality duties, transport encryption, infrastructure encryption at rest where supported, password hashing, secret protection, security logging, backups, vulnerability and dependency management, and incident-response procedures.
No online service can guarantee absolute security. Customers remain responsible for protecting their credentials, configuring GuardHouse appropriately, managing authorised users and integrations, and securing systems and data that are outside LegioSoft’s control. LegioSoft does not currently hold ISO 27001 or SOC 2 certification, and standard GuardHouse Cloud is not approved for HIPAA-regulated processing. A future Order may describe only a certification or regulated-use approval that LegioSoft has actually obtained and verified for the stated scope.
9.2 Security decisions
GuardHouse applies authentication and security rules, including access controls configured by customers and temporary account lockout after repeated failed attempts. Radar supplies IP and ASN context for security visibility; it does not itself make a decision that produces legal or similarly significant effects on an individual. LegioSoft does not make solely automated decisions about website visitors, customer representatives or tenant end users that have legal or similarly significant effects. A customer may make its own decisions using its application and GuardHouse configuration; the customer must explain those decisions in its own notice where required.
10. Your Data-Protection Rights
Where LegioSoft is controller and applicable law provides, you may ask us to:
- confirm whether we process your Personal Data and provide access to it;
- correct inaccurate or incomplete Personal Data;
- delete Personal Data;
- restrict processing;
- provide portable data that you supplied to us where the right applies;
- object to processing based on legitimate interests; and
- withdraw consent at any time where processing relies on consent, without affecting earlier lawful processing.
Send a request to info@legiosoft.net. We may request information reasonably needed to verify identity and authority. We normally respond within one month; the period may be extended by up to two further months for a complex or numerous request, in which case we will explain the extension. Rights are not absolute, and a lawful exception may apply.
If your request concerns a tenant account in a customer’s application, contact that customer. LegioSoft cannot independently decide to change or delete Customer Data contrary to the controller’s lawful instructions, but we will forward and assist with the request as required by law and the DPA.
You may complain to the Spanish Data Protection Agency (AEPD) or, where applicable, another supervisory authority. We invite you to contact us first so we can try to resolve the issue.
11. Minors and Restricted Data
GuardHouse Cloud is a business service and is not intended for persons under 18. A customer must not use a standard Cloud plan for a child-directed or educational service, permit a person under 18 to hold a tenant end-user account, or submit a minor’s Personal Data without LegioSoft’s prior written approval and a separate legal and security review. The customer is responsible for appropriate age controls and any legally required parental authorisation.
Unless expressly authorised in a signed Order and DPA, customers must not use GuardHouse Cloud to process:
- GDPR Article 9 special-category data, including health, genetic, sexual-life, political, religious or trade-union data;
- criminal-conviction or offence data governed by GDPR Article 10;
- biometric templates used to identify a person, identity-document images or complete payment-card data;
- protected health information or other data requiring HIPAA compliance; or
- data used for high-risk, life-safety, critical-infrastructure or legally regulated decisions for which GuardHouse has not been expressly approved.
Customers are responsible for their purposes, lawful basis, notices, authorisations, data accuracy, end-user eligibility and lawful instructions. These customer responsibilities do not remove LegioSoft’s own legal duties as processor. If we become aware of prohibited data or an unlawful instruction, we may require remediation, suspend affected processing, and take the steps required by law and the customer agreement.
12. Changes to This Notice
We may update this Notice to reflect changes to our services, providers or law. The date at the top shows the latest revision. If a change materially affects how we use Personal Data, we will provide additional notice through the Customer Portal, service or email where appropriate. If law requires consent for a new activity, we will request it before that activity begins.
13. Contact Information
The controller and service provider is:
LEGIOSOFT SOLUTIONS, SOCIEDAD LIMITADACIF/NIF: B56957038 · VAT: ESB56957038
Calle de les Garrigues, núm. 1
Planta 5, Puerta 11
46001 València (Valencia), Spain
Email: info@legiosoft.net
Registered in the Valencia Mercantile Registry: Tomo 11497, Libro 8775, Folio 51, Sección 8, Hoja V-215477, Inscripción 1. Privacy requests are coordinated by LegioSoft Privacy Operations. This is a privacy contact and is not described as a Data Protection Officer.