GuardPlane is an enterprise endpoint security product operated by SensiSec Pty Ltd (ABN 88 663 013 063), a company registered in Australia (the “Company,” “we,” “us”). Our corporate site is sensisec.com; the GuardPlane product site is guardplane.ai. For privacy questions, contact [email protected].
GuardPlane is deployed by your employer. The agent runs on managed endpoints to enforce policy on what AI agents and desktop assistants (Claude Code, Claude Desktop, Cursor, GitHub Copilot, OpenClaw, and similar) are allowed to do. We — SensiSec — do not receive your endpoint event data. Event metadata stays on the device and, where your employer has configured upload, is sent only to your employer’s own GuardPlane server. Local policy events authored by the developer are stamped non-uploadable at the moment of capture and never leave the device. Network connections initiated by AI agents are evaluated against policy as part of this scope; your general web browsing traffic is passed unmodified and not subscribed to.
This policy describes two distinct things:
The agent is sold to and deployed by enterprise customers (your employer). In the privacy of your relationship with us, your employer is the data controller and SensiSec is a data processor acting under their instructions. The website, by contrast, we operate ourselves as controller.
The GuardPlane agent uses operating-system enforcement primitives — including macOS Endpoint Security and Network Extension on macOS, Linux BPF_LSM hooks on Linux, and Windows-native enforcement mechanisms where supported — to evaluate actions taken by processes on the device against the configured policy.
Events evaluated may include:
The agent does not read file contents as part of policy enforcement. Network decisions are made on flow metadata only. The agent does not decrypt TLS, does not read application-layer payloads, does not perform deep packet inspection, does not capture keystrokes, screen contents, or browsing history, and does not alter DNS responses.
Process arguments and file paths may contain sensitive values depending on how a tool is invoked or how a project is structured. Customers can configure what metadata is logged, uploaded to their own GuardPlane server, redacted, or retained only locally.
Audit records are written to a local SQLite database on the device. Where your employer has configured server-side audit, a configurable subset of records is forwarded to your employer’s GuardPlane server over HTTPS using a per-device bearer token (a SHA-256 hash of the token is held by the server; the plaintext token never leaves the device after enrollment).
Local-only events. When the agent is configured to allow developer-authored local policy overlays, events generated by those local rules are stamped non-uploadable at the moment of capture and remain on the device. Toggling the upload flag later does not retroactively reclassify previously captured records — the consent boundary is fixed at capture time.
SensiSec does not operate a multi-tenant cloud that aggregates customer data. Each enterprise customer runs their own GuardPlane server instance. SensiSec does not receive endpoint event data from the agent by default, does not have access to customer servers, and does not sell, share, or use endpoint data for any purpose.
When the agent fetches a software update from your employer’s GuardPlane server, the agent reports update success or failure status along with version identifiers back to that server. This is a small JSON record, such as status, reason, timestamp, and version, used to support staged rollouts and troubleshooting.
This record contains no endpoint event data and no file, process, or network activity metadata. It may be associated with the enrolled device for rollout and troubleshooting purposes.
The website is a static page hosted on a content-delivery network. We do not load third-party analytics, advertising trackers, social media pixels, A/B test scripts, or session-replay tools.
You can email [email protected] at any time to ask us to remove your address from the waitlist.
On the endpoint, the agent retains audit records in the local SQLite database for seven days by default, capped at 100,000 rows — whichever bound is reached first triggers a sweep of the oldest records. Both bounds are configurable by your employer and may be shortened. Records that have been acknowledged as uploaded to your employer’s GuardPlane server, and non-uploadable local-only records, are retained under the same window and swept by the same paths.
Server-side retention on your employer’s GuardPlane server is configured by your employer. SensiSec does not operate that server and does not set its retention.
Waitlist email addresses on the website are retained until launch and for a reasonable period thereafter to manage launch communications, or until you ask us to remove them, whichever is sooner.
The agent ships as a code-signed, notarized binary on macOS and as a signed package on Linux and Windows. Updates are verified against publisher identity, package signature, and content hash before installation. The macOS agent runs as a System Extension installed under Apple’s standard user-approval flow; no system approval prompts are bypassed. Communication with your employer’s GuardPlane server uses HTTPS with a per-device bearer token.
On macOS, the agent uses Apple’s Network Extension framework (Filter Data Provider) as a System Extension to evaluate AI-agent network connections; like the EndpointSecurity component, it runs under Apple’s standard user-approval flow with no prompts bypassed.
Where the agent is deployed by your employer, your employer is the data controller for endpoint event data and is the right party to contact with access, correction, deletion, or objection requests under applicable law (GDPR, the Australian Privacy Act 1988, and similar regimes).
For data we collect through the website (such as a waitlist email), or for general questions about GuardPlane’s data practices, contact us at [email protected]. We will respond within thirty days.
GuardPlane is an enterprise product not directed at children. The website does not knowingly collect information from anyone under 16.
SensiSec is based in Australia. The website CDN and email infrastructure may process data outside Australia. Endpoint event data does not flow to SensiSec; its location is determined by where your employer chooses to host their GuardPlane server.
We may update this policy as the product evolves. The “Last updated” date at the top reflects the most recent change. Material changes will be announced on this page and, where appropriate, by email to waitlist subscribers.
SensiSec Pty Ltd (ABN 88 663 013 063)
Australia
[email protected]