Privacy Policy

Last updated: June 17, 2026

This Privacy Policy explains what information Guardian collects, how we use it, and the choices you have. Guardian is a product of OWOS.

1. What we store

  • Account: your email address and a hashed password.
  • Identity link: your OWOS Passport ID (PPID) and the federation status of your account.
  • Emergency profile (only the fields you choose to enter): display name, date of birth, home address, blood type, allergies, medical conditions, medications, insurance provider and policy details, emergency contacts, and any insurance documents you upload.
  • QR tokens: the active and revoked Emergency QR tokens issued to you.
  • Audit log: a tamper-evident record of identity-sensitive events (sign-in ownership checks, QR rotations, scan resolutions, federation events) including timestamps, outcomes, and request metadata such as IP address and user agent.

2. What we never store

  • We do not sell your data. Ever.
  • We do not store payment card numbers. Billing is handled by our payment processor.
  • We do not run third-party advertising trackers in Guardian.

3. What gets shared on a scan

When someone scans your active Emergency QR, our server returns only the fields you have explicitly marked visible in your profile. Hidden fields are never returned. If you have not marked your display name visible, scanners do not see your name. If your QR has been rotated, the old QR returns a "revoked" response and shares nothing.

Every scan is recorded in your audit log with the time, IP address, user agent, and the list of fields disclosed.

4. Identity federation with OWOS Core

Guardian is a federation module of the OWOS identity system. When you sign up or sign in, we verify with OWOS Core that the email and PPID you supplied belong to the same Core account. If verification fails we refuse the sign-in and record the attempt. We do not generate or modify PPIDs in Guardian.

5. How we use your information

  • To operate your emergency profile and Emergency QR.
  • To verify your identity through OWOS Core at sign-up and sign-in.
  • To bill your subscription and provide customer support.
  • To detect and prevent abuse, fraud, and security incidents.
  • To meet legal obligations.

6. Service providers

We use trusted infrastructure providers to host the application and database, send transactional email, and process payments. They are bound by contractual confidentiality obligations and process data only on our instructions.

7. Data retention

We retain your profile data for as long as your account is active. When you delete your account we delete or anonymize your profile data within 30 days. Audit log entries may be retained longer where required for security, fraud prevention, or legal reasons.

8. Your rights

You can access, correct, export, or delete your profile from your account settings at any time. If you are in a jurisdiction that grants additional rights (such as the EEA, UK, or California), you may also have the right to object to certain processing or to lodge a complaint with a supervisory authority.

9. Security

We use encryption in transit, row-level security on the database so each account can only access its own data, an append-only audit trail for sensitive actions, fail-closed QR resolution, and strict separation between Guardian and other OWOS modules. No system is perfectly secure; please use a strong, unique password.

10. Children

Guardian is not intended for children under 13 (or the equivalent minimum age where you live). We do not knowingly collect information from children.

11. Changes

We will post any material changes to this Privacy Policy at this URL and, where appropriate, notify you by email.

12. Contact

Privacy questions: privacy@guardian.owosgv.com. General support: support@guardian.owosgv.com.