Privacy Policy

Warden Systems LLC ("Warden Systems," "we," "our," or "us") is a Washington limited liability company with its principal office in Ridgefield, Washington, United States. We build guardian software for households, businesses, and communities. Our products are owner-first, local-first, and never for sale to third parties.

This policy describes how we handle information collected through the wardensystems.ai website ("Site") and provides the umbrella framework for our products. Each product we publish (HearthWarden, Wizard, Ridgefield Main Street, CivicWarden) has its own product-specific privacy policy that controls in any conflict; this corporate policy controls for the Site itself.

Contact: [email protected]

• Interest form submissions. When you submit a form at wardensystems.ai/contact, we receive the fields you complete: name, email address, and any optional fields you provide (company, phone, tier interest, use case, timeline). We collect this only to respond to you.
• Server logs. Our web server records standard request metadata — IP address, user agent string, timestamp, requested path, response code — for security monitoring and debugging. Logs are retained for no longer than 30 days, then deleted.
• No third-party analytics or tracking. We do not use Google Analytics, Meta Pixel, Hotjar, Segment, or any third-party advertising or tracking technology on the Site. We do not set advertising cookies. The Site uses only first-party cookies necessary to operate the Site.

Each Warden Systems product has its own privacy policy describing what that product collects and how it handles that data:

• Ridgefield Main Street: wardensystems.ai/legal/privacy/rms
• HearthWarden: forthcoming — not yet a generally-available product.
• Wizard: forthcoming — not yet a generally-available product.
• CivicWarden: planned — not yet a generally-available product.

Where a product policy and this corporate policy conflict, the product policy controls for that product. The commitments in §5 (never-for-sale) and §6 (de-identification window) apply across all products.

Some Warden Systems products use device location to deliver their core functionality. The Ridgefield Main Street app, for example, uses precise and background location during active community events to guide players to clue locations. Specific retention, processing, and disclosure terms for location data are stated in each product's own privacy policy. The corporate-level commitment is:

• We do not retain identifiable location data longer than necessary to deliver the feature it supports.
• We do not transmit location data to advertisers, data brokers, or analytics providers.
• We do not use location data to infer health conditions, religious affiliation, or other sensitive attributes, and we do not operate any geofence within 2,000 feet of an in-person healthcare facility for any of the purposes prohibited by RCW 19.373.040.

We do not sell personal information. We do not "share" personal information for cross-context behavioral advertising (as those terms are used in the California Consumer Privacy Act and similar state laws). We do not provide personal information to data brokers. We do not feed personal information into third-party advertising networks. This commitment is doctrinal and applies to all Warden Systems products and services.

For data we collect that is linked to an identifier (account email, device identifier, or any other field that lets us connect a record to an individual), we apply a hard 48-hour de-identification window: within 48 hours of collection, we remove the linking identifier and retain only aggregated or de-identified records. This window applies to all stores of the data, including encrypted backups and database replicas: we either de-identify before backup or rotate backups so that no identifier-linked copy is retained beyond 48 hours. After de-identification, data is retained — if at all — solely in a form that cannot reasonably be used, alone or in combination with other information we hold, to identify a particular individual, and we maintain technical safeguards and business processes to prevent re-identification and prohibit attempts to re-identify.

This 48-hour window is shorter than the windows applied by most consumer apps. We use it because we believe identifiable data should not accumulate.

Some categories of data are necessarily retained in identifiable form longer than 48 hours to operate the service: the email address on your account, your display name, your password hash, your billing information if you are a paying customer, customer support correspondence (so we can maintain case continuity), and records subject to a legal hold or active fraud investigation. Those exceptions are listed in each product's privacy policy.

We use a small number of service providers to operate the Site and our products. We list them here for transparency:

• Cloudflare, Inc. — DNS, CDN, and edge security for wardensystems.ai. Cloudflare may process IP addresses and request metadata as a data processor on our behalf.
• Resend (Resend Labs, Inc.) — transactional email delivery for the contact form and customer correspondence. Resend processes the email address and message content needed to deliver the email.
• Amazon Web Services (Amazon SES) — outbound email relay for certain product-side notifications. AWS processes the email addresses and message content needed to deliver the email.
• GitHub, Inc. — source-code hosting and continuous-integration infrastructure for our internal engineering operations. GitHub does not receive end-user personal information through our products.

We do not use third-party advertising networks, behavioral-analytics providers, or data brokers. If we add a subprocessor, we update this list and the effective date above.

We collect personal information only for the purposes stated in this policy and the applicable product policy. We do not repurpose data for incompatible uses. Where the law requires a lawful basis (e.g., GDPR Article 6), we rely on (i) your consent, where you have submitted information to us, or (ii) our legitimate interest in operating, securing, and improving the Site and our products, balanced against your rights.

You may, at any time:

• Access — request a copy of the information we hold about you.
• Correct — ask us to correct inaccurate information.
• Delete — ask us to delete information we hold about you, subject to any legal hold or retention obligation.
• Portability — request your data in a portable, machine-readable format where applicable.
• Withdraw consent — for any processing based on your consent.
• Opt out of sale or sharing — we do not sell or share personal information for advertising, but this right is honored on request as a matter of policy.

Email [email protected] with your request. We respond within one (1) business day. We will honor deletion requests on the same business day unless a legal hold applies, in which case we will tell you what is being held and why.

We do not discriminate against users who exercise privacy rights.

The Site is not directed to children under 13. We do not knowingly collect personal information from children under 13 through the Site. Our products are not directed to children under 13; each product policy states its own minimum-age requirement. If you believe a child under 13 has provided information to us, contact [email protected] and we will delete it.

We protect personal information with reasonable administrative, technical, and physical safeguards, including:

• Transport-Layer Security (TLS) for all data in transit between your device and our infrastructure.
• Encrypted backups (AES-256 at rest).
• Role-based access control for our internal systems, with access limited to personnel who need it for their work.
• Logging and review of access to systems holding personal information.

No system is perfectly secure. If we discover a breach affecting your personal information, we will notify you and the appropriate regulators consistent with applicable law.

Our infrastructure is located in the United States. If you access the Site or our products from outside the United States, your information will be transferred to and processed in the United States. We do not market our products to residents of the European Union, United Kingdom, or other jurisdictions outside the United States; however, we honor access and deletion requests from users in those jurisdictions on the same terms as any other user.

If we make a material change to this policy, we will update the effective date above. For current customers, we will notify you by email. The current version is always posted at wardensystems.ai/legal/privacy.

This policy is governed by the laws of the State of Washington, United States, without regard to conflict-of-laws principles. Any dispute arising from this policy is subject to the exclusive jurisdiction of the state and federal courts located in Clark County, Washington.

Privacy questions, requests, or complaints: [email protected].

Postal: Warden Systems LLC, PO Box 1177, Ridgefield, WA 98642, United States.