CRA Guard

Privacy policy

Last updated: 25 March 2026

Who we are

CRA Guard is a WordPress plugin built by the CRA Guard Team. This website, getcraguard.com, is the product landing page and blog for CRA Guard.

What data we collect

Website visitors

We do not use cookies for tracking. We do not run Google Analytics or any third-party analytics scripts on this website. Server logs may record your IP address, browser user agent, and pages visited for security and operational purposes. These logs are retained for no more than 30 days.

Plugin users

The CRA Guard WordPress plugin stores all compliance data (checklist progress, documents, SBOM data, incident records) locally in your WordPress database. No compliance data is transmitted to our servers.

If you purchase a CRA Guard Pro licence, payment processing and licence management is handled by Freemius. Freemius collects your name, email address, and payment details to process your purchase. See the Freemius privacy policy for details.

Vulnerability scanning

The vulnerability scanner (Pro feature) sends package names and version numbers from your composer.json to the OSV.dev API to check for known vulnerabilities. No personal data or source code is transmitted. See the OSV.dev website for their data handling practices.

How we use your data

Data retention

Server logs are deleted after 30 days. Licence and purchase records are retained by Freemius as long as your account is active. Plugin data stored in your WordPress database is deleted when you uninstall CRA Guard.

Your rights

Under the GDPR, you have the right to access, correct, or delete your personal data. To exercise these rights, contact us at privacy@getcraguard.com.

Changes to this policy

We may update this policy from time to time. Changes will be posted on this page with an updated revision date.

Contact

For privacy-related queries, email privacy@getcraguard.com.