Legal

Privacy Policy

Effective date: April 8, 2026 · Ironwood Dynamics LLC

The short version: CarryGuard does not collect your name, email address, phone number, or any information that identifies you as a person. We never have and we never will.

Who we are

CarryGuard is built and operated by Ironwood Dynamics LLC, a Wyoming limited liability company. Questions or concerns about this policy can be sent to hello@getcarryguard.com.

What we collect

CarryGuard generates an anonymous UUID on first launch. That UUID, along with your subscription tier and subscription status, is the entire set of data we store. We do not collect your name, email address, phone number, mailing address, date of birth, social security number, or any other personally identifiable information. There is no account to create and no profile to fill out.

Location data

GPS is used on-device only to determine which jurisdiction you are currently in. Your precise coordinates are never transmitted to our servers — not now, not ever. On the Guardian tier, location data that you choose to share during a duress event is sent only to the trusted contacts you have configured yourself. It never passes through Ironwood Dynamics.

The encrypted vault (Carrier and Guardian)

Documents stored in the CarryGuard vault are encrypted on-device using AES-256. We cannot read the contents of your vault and we have no mechanism to decrypt it. The vault PIN is stored only on your device and never leaves it. If you lose your PIN, we cannot recover your vault for you — that is the trade-off of a truly private vault.

Guardian tier duress features

Guardian tier duress transmissions — GPS, audio, and alerts — are sent directly to the trusted contacts you designate inside the app. Ironwood Dynamics does not receive, store, or have any access to duress data. The duress system is entirely opt-in: it is configured by you, triggered by you, and routed only to people you have chosen.

Third-party services

CarryGuard uses a small number of third-party services to keep the app running. RevenueCat handles subscription entitlement state and receives only your anonymous UUID — no PII is passed. Stripe processes payments; we do not store card details on our servers. Railway hosts our API and processes only your anonymous UUID and subscription status.

Crash reporting and analytics

We collect anonymous crash reports containing the operating system version, app version, and stack trace so we can fix bugs. No UUID is attached to these reports. CarryGuard contains no behavioral analytics, no tracking pixels, and no advertising SDKs of any kind.

Data retention and deletion

Your anonymous UUID and subscription tier are retained for up to 90 days after cancellation for billing dispute purposes, and then permanently deleted. You can request deletion at any time by emailing hello@getcarryguard.com with the UUID shown in your app settings. Deletion requests are confirmed within 7 business days.

Children

CarryGuard is not directed at users under the age of 18, and we do not knowingly collect any data from minors.

Changes to this policy

If we make material changes to this policy, we will update the effective date above and surface an in-app notice so you are not caught off guard. The core anonymous-by-design architecture of CarryGuard will never change.

Contact

Questions about this policy or about your data can be sent to hello@getcarryguard.com. Ironwood Dynamics LLC, Wyoming.