Privacy Policy

1. Who we are

GuardianBlock (“GuardianBlock,” “we,” “us,” or “our”) is voluntary adult self-restriction and accountability software. GuardianBlock is operated by Ryan Tulloch, based in Saskatchewan, Canada. For the purposes of applicable privacy law, GuardianBlock is the organization responsible for the personal information described in this policy, and Ryan Tulloch is the privacy lead and accountable contact for this policy.

You can reach us about anything in this policy — including privacy questions, access requests, and complaints — by email at privacy@guardian-block.com or support@guardian-block.com.

2. How GuardianBlock works

Understanding the product makes the rest of this policy clearer. GuardianBlock is something two adults set up together: a “Protected Adult” who chooses to block gambling and other sites they’ve decided to stay away from, and an “Accountability Partner” — a spouse, parent, friend, or sponsor — who holds the key to exceptions and can see that protection is healthy.

Protection runs across three surfaces: a website and account (this site), browser extensions for Chrome, Edge, and Firefox, and a Windows application made up of a background service and a tray app. Each surface collects only what it needs to do its job, and we describe each one below.

GuardianBlock is designed around accountability, not monitoring. Your Accountability Partner helps you keep a commitment you made in a calmer moment; they do not receive a feed of everywhere you go.

3. Scope of this policy

This policy applies to the GuardianBlock website and account, the GuardianBlock browser extensions (Chrome, Edge, and Firefox), and the GuardianBlock Windows application. It does not apply to third-party websites or services that GuardianBlock blocks or links to, which have their own privacy practices.

GuardianBlock is intended only for adults (18+) who choose to restrict themselves. It is not directed to children.

4. What information we collect

We collect only the categories of information needed to operate protection, your account, and your accountability-partner relationship. We do not collect personal information from public sources or third-party databases to build a profile of you.

Account and identity

Your email address, basic profile details, and authentication information, including multi-factor authentication (for example, an authenticator or passkey). We use this to give you access to your account and to keep it secure.

Accountability-partner relationship

Who your Accountability Partner is, the role each person holds in a protection group, and the invitations and consents that connect you. This is the backbone of the accountability model.

Custom Blocks and change requests

The domains you choose to block (“Custom Blocks”), the category you tag them with, and any optional reason you add when you request a change. Custom Blocks are sites you declare — not a record of sites you visited.

Emergency-allow requests and decisions

When you ask your Accountability Partner to temporarily allow an eligible site, we record the request, the decision, and the time-limited, signed exception. This keeps exceptions honest and reviewable.

Device enrollment and health

Information that binds your Windows device to your protection group and reports whether protection is healthy — for example, agent and policy versions, browser-coverage status, and tamper or offline signals. This does not include your browsing history.

Notifications

Your notification preferences and delivery metadata (such as whether an account, security, or accountability message was sent and delivered), so we can keep you and your Accountability Partner appropriately informed.

Billing (if you subscribe)

If GuardianBlock offers a paid plan and you subscribe, our payment processor handles your payment details and shares billing metadata (such as subscription status) with us. We do not receive or store your full card number.

Support and diagnostics

If you contact support or send a consent-based diagnostic bundle, we collect what you provide and the redacted technical details needed to help. Diagnostics never include your browsing history, passwords, recovery codes, or Windows administrator credentials.

Website and server logs

Standard server logs and operational metadata generated when you use the site, used to keep the service secure and reliable. By default we do not run product analytics or advertising trackers.

5. The browser extension

Because the browser extension is what reviewers and many users care about most, we describe it precisely. The GuardianBlock extension is a thin enforcement component. It does not collect your browsing activity, and it does not send any browsing data or personal information to GuardianBlock or to anyone else.

Permissions it requests, and why

declarativeNetRequest

To block the gambling and Custom-Block domains in your signed policy. This mechanism matches domains and blocks requests without the extension reading the contents, titles, or full URLs of the pages you view.

nativeMessaging

To receive your blocklist policy from the GuardianBlock background service running on the same computer. The extension talks only to that local service — not to a remote server.

storage

To keep a small amount of local enforcement status on your device (for example, the current policy version and whether the local service is connected). No browsing data is stored.

The extension requests no host permissions and uses no content scripts, no tabs or history access, and no remote code. It does not read your browsing history, search queries, form data, page content, or page titles.

Local extension data can include only the enforcement data needed to apply your policy: the signed blocklist policy or policy snapshot metadata, Custom Block domains included in that policy, policy generation and hash metadata, dynamic-rule apply status and counts, native-host connection status, extension version, request IDs, and timestamps. It does not include browsing history, page contents, search queries, form data, full URLs, page titles, location, account credentials, or payment information.

What it collects, uses, and shares

• Collects or transmits off your device: no personal or browsing data is collected by GuardianBlock or third parties through the extension. The Firefox build declares that it collects no data at all.
• Stores locally: only the enforcement and status data described above. No browsing data is stored.
• Uses: the local policy and status information solely to enforce the sites you and your Accountability Partner chose to block.
• Shares: nothing externally. Local native-messaging exchanges go only to the GuardianBlock service on the same machine and contain enforcement or operational details, never your browsing.

GuardianBlock’s use and transfer of information received from Google APIs or the Chrome extension platform adheres to the Chrome Web Store User Data Policy, including the Limited Use requirements. We use that information only to provide and secure extension enforcement and related user-facing features. We do not use it for advertising, credit or eligibility decisions, or transfer it to data brokers or other third parties.

6. The Windows software

The GuardianBlock Windows application is a background service (the local protection engine) and a tray app that shows status. The service applies your signed policy and reports whether protection is healthy.

It collects device and enforcement information — such as policy and agent versions, browser-coverage status, and tamper or integrity signals — to keep protection working and to let your Guardian see that it is. It does not collect your browsing history, page titles, URL paths outside GuardianBlock’s own screens, keystrokes, or screenshots, and it never collects or stores your Windows administrator credentials.

The service does not run arbitrary commands sent from a server, install hidden persistence, or block Windows tools such as Task Manager, PowerShell, or the Registry Editor.

7. How we use your information

• To provide protection — compiling, signing, and delivering the blocklist policy your devices enforce.
• To operate the accountability relationship — keeping your Accountability Partner informed of protection health, the exception requests you send them, and tamper or removal events.
• To run and secure your account — authentication, multi-factor security, and fraud or abuse prevention.
• To handle exceptions and lifecycle — emergency allows, deactivation, recovery, and partner replacement, with appropriate safeguards.
• To communicate with you — account, security, and accountability notices, and (where you have opted in) product updates.
• To provide support and improve reliability — troubleshooting issues you raise and keeping the service stable.
• To meet legal, tax, accounting, and safety obligations.

8. Our bases for using your information

In Canada, we rely on your meaningful consent, which you give when you create an account, set up protection, and invite an Accountability Partner. Where you are in a region with additional requirements (such as the EEA or the UK), we rely on the following legal bases under the GDPR:

• Performance of a contract — to provide account, protection, device, support, and billing operations for the service you signed up for.
• Your consent — for partner linking and sharing, and for optional messages where consent is required. You can withdraw consent, but withdrawing from core accountability-partner support while protection is active may require ending or changing the protection relationship through the deactivation or recovery process described in this policy.
• Legitimate interests — for security, abuse prevention, tamper detection, audit, service reliability, and keeping protection resistant to circumvention, balanced against your rights.
• Legal obligation — to comply with laws that apply to us, including tax, accounting, compliance, and financial-record requirements.

9. What your Accountability Partner can and can’t see

Linking an Accountability Partner is the point of the product, so we are explicit about what that sharing involves. When you link an Accountability Partner, you authorize us to share certain accountability information with them through their own GuardianBlock access.

Your Accountability Partner can see

Whether protection is healthy across your devices (active, offline, or needs attention); the emergency-allow requests you explicitly send them, including the site and your reason; accountability alerts if protection is paused, removed, or tampered with; and the custom sites you chose to block, so they can act on a removal request.

Your Accountability Partner cannot see

Your browsing history or the sites you visit; your search queries, messages, keystrokes, or screen contents; anything in categories you never asked to block; or your location, files, or activity outside GuardianBlock.

Because GuardianBlock is accountability software you opted into, turning off protection, removing your Accountability Partner, or uninstalling is not silent: these actions are restricted, may be delayed, and may be reported to your Accountability Partner as accountability or tamper events. That is the protection working as you set it up.

10. How we share information, and our service providers

We do not sell or rent your personal information, and we do not share it with advertising networks, data brokers, or for any advertising purpose. We share information only as described here.

We use a small set of trusted service providers (“processors”) to run GuardianBlock. They may process your information only on our instructions and only to provide their service to us:

Supabase

Our database, authentication, and secure backend storage.

Vercel

Hosting for our website and server functions.

Stripe

Payment processing, if and when you subscribe to a paid plan.

Email delivery provider

When we send you account, security, and accountability notifications, we use an email delivery provider to deliver them, chosen to meet our privacy and security expectations.

We may also disclose information when the law requires it, to protect the safety or rights of a user or the public, to investigate abuse or security incidents, or in connection with a business transfer (in which case we would seek to keep this policy’s protections in place). We do not share your Custom-Block domains, emergency-allow details, partner credentials, security tokens, signing keys, or Windows administrator credentials with advertising, analytics, or marketing providers.

11. What we don’t do

• We don’t sell or rent your personal information.
• We don’t run ad trackers, advertising pixels, retargeting, session replay, or cross-site identifiers in the app.
• We don’t build or store a history of the websites you visit, and we don’t send your Accountability Partner a browsing feed.
• GuardianBlock is designed to be network-safe: it does not change your DNS, hosts file, VPN, proxy, firewall, network routes, adapters, SMB, mapped drives, or WSL mounts.
• Account and device-health information is sent over encrypted connections.

12. How long we keep information

We keep personal information for as long as your account is active and for as long as we need it for the purposes in this policy. Because GuardianBlock is accountability software, some records are kept longer than ordinary account data to preserve the integrity of the protection relationship and keep your Accountability Partner appropriately informed.

• Account, accountability-partner relationship, and protection records are kept while your protection group exists and for a reasonable period afterward for audit and safety.
• Accountability, deactivation, recovery, and signed-authorization records are kept as needed to make the accountability and exception model trustworthy.
• Billing records are kept as long as financial, tax, and accounting laws require.
• Suppression records (so we honour an unsubscribe) are kept on an ongoing basis.

Where we no longer need information that personally identifies you, we aim to delete or de-identify it, while retaining the minimum records required for safety, legal, financial, and audit purposes.

13. Your choices and rights

You can ask to access, correct, export, or delete your personal information, and to withdraw consent or unsubscribe from optional messages. To make a request, email privacy@guardian-block.com or support@guardian-block.com. We will verify your identity before acting, and we will never ask you for your Windows administrator password, your Accountability Partner’s codes, or your recovery codes in order to do so.

We will respond to privacy requests within the time required by applicable law. For Canadian PIPEDA access and correction requests, we generally respond within 30 days unless a permitted extension applies, in which case we will tell you why and how to complain.

Because GuardianBlock is voluntary accountability software, some rights work differently than they would for an ordinary app, and we want to be honest about that:

• Turning off protection, removing your Accountability Partner, or deleting protection while it is active goes through the deactivation and partner-release process. It may be delayed and may notify your Accountability Partner, rather than taking effect instantly.
• We retain certain accountability, safety, billing, and audit records even after a deletion request, where we have a legal basis or obligation to do so. When an exception applies, we will tell you and explain why.
• Opting out of marketing does not stop essential account, security, or protection-critical messages.

These limits apply to active-protection integrity, partner release, deactivation, audit, billing, safety, security, and legal records. They do not stop you from accessing or correcting ordinary account information, and when we rely on an exception we will explain the reason unless doing so would create a safety, security, or legal risk.

We will not discriminate against you for exercising your privacy rights.

14. How we protect information

We use technical and organizational measures appropriate to the sensitivity of the information. These include encryption in transit, access controls, mandatory multi-factor authentication for Accountability Partners, and least-privilege, audited access for support and administrators.

Partner credentials, multi-factor codes, passkeys, and recovery codes are never stored on the protected Windows device, and we never collect Windows administrator credentials. No method of transmission or storage is perfectly secure, but we work to protect your information and to respond quickly if something goes wrong.

15. Children’s privacy

GuardianBlock is for adults (18 and older). It is not directed to children, and we do not knowingly collect personal information from anyone under 18. If you believe a child has provided us information, contact us and we will delete it.

16. International users and data transfers

GuardianBlock is operated from Canada, and our service providers may process and store information in Canada and the United States. If you use GuardianBlock from outside these countries, you understand that your information will be processed there, which may have different data-protection laws than your own. Where required, we use appropriate safeguards for cross-border transfers.

EEA and UK users

If you are in the EEA or the UK, you have the rights to access, rectify, erase, restrict, and object to processing of your personal data, and to data portability, in line with the bases described above. You may also lodge a complaint with your local supervisory authority.

California users

If you are a California resident, you have the right to know what personal information we collect and how we use and share it, to request access and deletion, to correct inaccurate information, and to opt out of any “sale” or “sharing” of personal information. We do not sell or share your personal information for cross-context behavioral advertising, and we will not discriminate against you for exercising these rights.

17. Changes to this policy

We may update this policy as GuardianBlock evolves. When we make a material change, we will update the “last updated” date above and, where appropriate or legally required, give you additional notice or ask for fresh consent before the new use applies. Continued use after an update applies only to changes that do not require separate consent.

18. How to contact us

If you have questions, requests, or complaints about your privacy, email us at privacy@guardian-block.com or support@guardian-block.com. We take privacy concerns seriously and will work with you to resolve them.

If you are in Canada and are not satisfied with our response, you may also contact the Office of the Privacy Commissioner of Canada.