checkrd
privacy

Privacy policy.

Effective 2026-05-11 · v1.2

Summary

Checkrd is a governance proxy that runs in your process. Request bodies, prompts, completions, and headers never leave your machine. We process only the operational metadata required to deliver the dashboard, alerts, billing, and audit log. The technical breakdown is on the Security page.

Information we collect

Account data. The email address you sign in with, the organizations you belong to, your role within each organization, and your billing contact information.

Service data. For each request your agent makes through Checkrd we record the destination host, the HTTP method, the URL path with identifiers removed, the response status code, latency, and the policy decision. We do not record request bodies, response bodies, prompts, completions, request or response headers, or API keys.

Communications data. Messages you send to us by email or through the dashboard.

How we use information

We use this information to provide and improve the service, operate the dashboard, enforce plan quotas, send alerts you opt into, process payments, respond to support requests, and meet our legal obligations. We do not sell personal information. We do not use customer telemetry to train machine-learning models.

How we share information

We share information with the third-party service providers (subprocessors) who help us operate the service. The complete list, including each subprocessor’s purpose, region, and the data it processes, is on the Subprocessors page. We may also share information when required by law or to protect the rights, property, or safety of Checkrd, our customers, or the public. If Checkrd is involved in a merger, acquisition, or sale of assets, we will provide notice before personal information is transferred and becomes subject to a different privacy policy.

International data transfers

Checkrd is headquartered in the United States and the hosted control plane processes personal information in the United States. If you access the service from the EU, UK, or other regions with data-export laws, you are transferring information to the United States. We rely on the Standard Contractual Clauses approved by the European Commission and the UK International Data Transfer Addendum, together with supplementary measures, to lawfully transfer personal information.

Where we store data

Hosted control-plane data is stored on infrastructure provided by Amazon Web Services in the United States. Self-hosted and air-gapped deployments store all data in your own infrastructure.

How long we keep it

Telemetry retention follows your plan: 7 days on Free, 90 days on Team, 365 days on Enterprise. Audit log entries are retained for the duration of your subscription plus 30 days. Account information is retained while your account is active. After deletion of a workspace, we permanently remove the associated data within 30 days unless we are required to retain it for legal, tax, or security reasons.

Cookies and tracking technologies

The marketing site does not use third-party advertising or tracking cookies. The dashboard uses cookies that are strictly necessary to keep you signed in (HttpOnly, Secure, SameSite). We do not use cross-site tracking or behavioural advertising cookies.

Security

We use industry-standard administrative, technical, and physical safeguards to protect personal information, including encryption in transit and at rest, least-privilege access controls, and audit logging. The architecture is described on the Security page. Report vulnerabilities to security@checkrd.io.

Your rights

Depending on where you live, you may have the right to access, correct, port, or delete the personal information we hold about you; to restrict or object to certain processing; and to withdraw consent where we rely on it. You can exercise most of these rights from the dashboard. For anything you cannot do in the dashboard, email privacy@checkrd.io. We will not discriminate against you for exercising your rights. If you are unhappy with our response, you have the right to lodge a complaint with your local data-protection authority.

California privacy rights

California residents have additional rights under the CCPA and CPRA, including the right to know what personal information we collect and how we use it, the right to delete it, the right to correct inaccurate information, and the right to limit the use of sensitive personal information. Checkrd does not sell personal information and does not share personal information for cross-context behavioural advertising as those terms are defined by California law. To exercise these rights, email privacy@checkrd.io.

Children's privacy

Checkrd is not directed to children under 16, and we do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact privacy@checkrd.io and we will delete it.

Changes to this policy

We may update this policy from time to time. Material changes will be announced through the dashboard and by email at least 30 days before they take effect. The date at the top of this page reflects the most recent update. Continued use of the service after the effective date constitutes acceptance.

Contact

Email privacy@checkrd.io for privacy inquiries, security@checkrd.io for security reports, and legal@checkrd.io for legal questions.

See also: subprocessors · terms of service · security