How we handle your data

GuardXID works with regulated businesses, so the first question that matters is what we will and will not touch. This page is the plain answer, written to be forwarded to your compliance officer, your auditor, or your own counsel.

We assess the container, not the contents.

GuardXID examines who has access to AI tools and what those tools can reach inside your business. We do not read your client files, patient records, matter documents, or proprietary business records, and we never will.

We work against the shape of your workflows, not the substance inside them. This boundary is what makes the work appropriate for law firms, medical practices, accounting firms, and other organizations operating under professional obligations.

Accounts, tools, access, permissions — what we assess

Your client files, patient records, matter documents — we never look here

Where your data lives, and where it does not.

In testing and training, we use synthetic data.

Training and demonstrations use made-up examples shaped like your business. We never request access to your client files, patient records, or matter documents to do the work.

In production, systems run in your own accounts.

The automations and systems we build operate inside your environment, on your accounts, with your data staying with you. A person approves before anything consequential is sent.

We do not store or process your data on our systems.

Client data is not stored on GuardXID systems and is not processed through our AI tools or accounts.

A human stays accountable.

In a business where being wrong has consequences, automation without a human checkpoint is not efficiency. It is unaccountable risk wearing the costume of efficiency. The human checkpoint on consequential action is non-negotiable in everything we build. Every automation ships documented, with an operating manual and a way to shut it off — a system you own, not a black box you rent.

For your compliance officer

If you are vetting GuardXID, this is the standard we hold to, and we will put it in writing as part of any engagement. The shortest version: we should be able to tell you, precisely, what we will and will not touch. The answer is access and configuration, never the contents of your protected work.

Questions about scope or data handling?

A free consultation is the place to ask. We will walk through exactly how this boundary applies to your business, and put the answer in writing.

Book a free consultation