Get Started
Get Started
Sign In

CARRIER-VALIDATED VERIFICATION

Security & Compliance

Enterprise-ready data protection for address verification. GDPR, CCPA, and CPRA compliant. Your customer data is processed for validation only — never sold, never shared, never used for anything else.

Data Privacy

Address Guard operates as a data processor, handling your customer data solely for the purpose of address validation.

Regulatory Compliance

Address Guard is compliant with major data privacy regulations. We process personal data only as instructed by you (the data controller) and only for the purpose of validating addresses, emails, and phone numbers.

  • GDPR -- EU General Data Protection Regulation
  • CCPA -- California Consumer Privacy Act
  • CPRA -- California Privacy Rights Act
  • VCDPA -- Virginia Consumer Data Protection Act

Address Guard is classified as a data processor under GDPR. We do not determine the purpose or means of processing — you do. We process data solely to perform the validation services you’ve configured.

Data Processing Agreement (DPA)

A Data Processing Agreement is available for all merchants. The DPA outlines how Address Guard processes personal data on your behalf, including data handling procedures, security measures, sub-processor disclosures, and breach notification protocols.

To request a DPA, contact us at [email protected]. We provide executed DPAs typically within 2 business days.

  • Available for all merchants at no additional cost
  • Covers data processing scope, security obligations, and breach notification
  • Includes sub-processor list and update notification procedures
  • Standard or custom DPA formats accepted

Data Handling & Retention

We collect only the data necessary for validation. Nothing more.

What Data We Process

Address Guard processes only the data required to perform the validation services you’ve enabled. This includes:

  • Shipping addresses -- street address, city, state/province, postal code, country
  • Email addresses -- only if email validation is enabled
  • Phone numbers -- only if phone validation is enabled
  • Order metadata -- order ID, tags, and fulfillment status for workflow automation

We do not process payment information, browsing behavior, IP addresses, or any data beyond what is required for validation and workflow automation.

Retention & Encryption

Validation results and order data are retained for the duration of your account to support audit trails, analytics, and customer notification workflows. Data is deleted upon account termination or upon request.

  • Data encrypted in transit (TLS 1.2+) and at rest (AES-256)
  • Validation logs retained for account duration
  • Data deleted upon account termination
  • Erasure requests honored within 30 days

Sub-Processors

Address Guard uses a limited number of sub-processors to deliver validation services.

Validation Data Partners

Postal and carrier databases (USPS, Canada Post, Royal Mail, Australia Post, UPS, FedEx, DHL) used to verify address deliverability. Only the address data is transmitted for validation.

Hosting & Infrastructure

Cloud hosting providers for application and database infrastructure. All data is encrypted in transit and at rest. Infrastructure is located in secure, SOC 2-compliant data centers.

Email Delivery

Email service provider for sending customer notification emails. Only recipient email address and email content are shared for delivery purposes.

Authentication

Identity and authentication provider for merchant account access. No customer/order data is shared with authentication sub-processors.

A complete sub-processor list with entity names, purposes, and locations is included in the DPA. Merchants are notified of sub-processor changes in advance.

Privacy Requests

Address Guard supports data subject rights under GDPR, CCPA, CPRA, and VCDPA. We process privacy requests from merchants on behalf of their customers.

  • Erasure requests -- delete all data associated with a specific customer or order
  • Access requests -- provide a copy of all data held for a specific customer
  • Opt-out requests -- disable processing for specific customers or orders

To submit a privacy request, email [email protected] with the request type and relevant identifiers (order ID, email address, etc.). Requests are processed within 30 days.

Infrastructure Security

Address Guard’s infrastructure is built with security at every layer. From network-level protections to application-level access controls, your data is protected throughout its lifecycle.

  • Encryption in transit -- all data transmitted over TLS 1.2 or higher
  • Encryption at rest -- AES-256 encryption for stored data
  • Access controls -- role-based access, principle of least privilege
  • Monitoring -- continuous security monitoring and alerting
  • Secure development -- code review, dependency scanning, regular updates
  • Incident response -- documented breach notification procedures (72-hour notification per GDPR)

Built for Enterprise Security Requirements

GDPR Compliant

Full compliance with EU data protection regulations. Data processor classification with DPA available.

DPA Available

Standard or custom Data Processing Agreements for all merchants. Typically executed within 2 business days.

Encryption

TLS 1.2+ in transit. AES-256 at rest. Your customer data is encrypted at every stage.

Privacy by Design

Minimal data collection. Purpose-limited processing. Data deleted on account termination.

Inkbox

“Super happy I found this app! Our undeliverable addresses and associated labor have dropped by 40% since starting to use Address Guard!”



Yaniv Logistics Manager test

Xena Workwear

“Address Guard works like a charm and the support is TRULY fantastic. The founder is responsive and a fast implementor of upgrades. I would say that this is the best support I’ve ever experienced with a 3rd party app, hands down.”

Dmitry Chief Operations Officer

Sunday Swagger

“The integration process and support from Address Guard has been nothing but Outstanding!! The solution has performed exactly as expected and had offered a significant improvement to our deliverability.”

Gary Chief Operations Manager

Frequently Asked Questions

Is Address Guard GDPR compliant?
Yes. Address Guard operates as a data processor under GDPR. We process personal data only as instructed by you (the data controller) and only for the purpose of address, email, and phone validation. A Data Processing Agreement is available for all merchants.
No. Customer data is used solely for the purpose of validation and workflow automation. We do not sell, share, or use customer data for any purpose beyond delivering the services you’ve configured. Data is never used for advertising, profiling, or any secondary purpose.

Email [email protected] to request a DPA. We accept standard or custom DPA formats and typically return executed agreements within 2 business days. The DPA is available at no additional cost for all merchants.

Ready to Get Started?

Ready to Get Started?

Start for Free
Book a Demo

Enterprise-ready address verification with the security and compliance your team requires. Start with 100 free validations.