SECURITY OVERVIEW

How Guardian-X protects your organization's data and communications

SECURITY PRINCIPLES

Built with security at every layer

Encryption Everywhere

All data is encrypted in transit using TLS 1.3 and at rest using AES-256. Your communications are protected end-to-end.

Zero Trust Architecture

Every request is authenticated and authorized. Device tokens, user credentials, and API keys are all verified on each request.

Data Minimization

We only collect data necessary for emergency response. Location data is only captured during active emergencies.

Data Encryption

Guardian-X employs multiple layers of encryption to protect your organization's sensitive information:

In Transit
  • TLS 1.3 for all API communications
  • Certificate pinning on mobile applications
  • WebSocket connections secured with WSS
  • HSTS enforcement on all endpoints
At Rest
  • AES-256 encryption for stored data
  • Encrypted database backups
  • Secure key management with rotation
  • Hardware security modules (HSM) for sensitive keys

Authentication & Access Control

Guardian-X uses a multi-layered authentication approach:

Device Registration

Each device is registered with a unique license key tied to your organization. The device receives a cryptographic token that identifies it for all future communications.

User Authentication

Administrators authenticate via username/password with optional multi-factor authentication. Sessions are time-limited and can be revoked remotely.

Role-Based Access

Fine-grained permissions control who can view data, create situations, manage users, and access administrative functions.

Infrastructure Security

Our infrastructure is designed for security and reliability:

Cloud Infrastructure
  • Hosted on SOC 2 compliant infrastructure
  • Network isolation and firewalls
  • DDoS protection
  • Regular security assessments
Availability
  • Multi-region deployment
  • Automated failover
  • Real-time monitoring
  • 99.9% uptime SLA

Audit & Compliance

Guardian-X maintains comprehensive audit logs for security and compliance:

  • All authentication attempts logged with timestamps and IP addresses
  • Emergency activations and responses tracked with full timeline
  • Administrative actions logged for accountability
  • Logs retained according to your organization's requirements
  • Export capabilities for compliance audits
SOC 2 Type II
GDPR Compliant
HIPAA Ready

Data Handling

What We Collect
  • Device identifiers for authentication
  • User names and contact information
  • Emergency communications and status reports
  • Location data during active emergencies (optional)
What We Don't Collect
  • Continuous location tracking
  • Personal communications outside Guardian-X
  • Device usage patterns or browsing history
  • Third-party app data

Incident Response

In the unlikely event of a security incident:

  1. Our security team is alerted immediately through automated monitoring
  2. Affected systems are isolated to prevent further exposure
  3. We begin investigation and evidence preservation
  4. Affected organizations are notified within 72 hours per GDPR requirements
  5. Post-incident analysis and improvements are implemented
Security Contact: To report security vulnerabilities or concerns, contact our security team at security@guardianxi.com

Security Questions?

Our team is happy to discuss Guardian-X security in detail.

Contact Us