WS12.558 update: New sections 10A–10D codify the compliance framework that backs the identifier-ownership attestation checkbox, the AI Concierge actions (Plus tier), the data-broker removal opt-out drafting flow, the third-party abuse-report channel, and the data-sharing disclosures for our third-party service providers (HIBP, DeHashed, xAI/Grok). Sections 1–10 and 11+ are unchanged.
GalaxyWarden and DoxxScan™ do not crawl, scrape, or directly access third-party platforms such as Facebook, Twitch, Discord, PayPal, Twitter/X, Instagram, Steam, Reddit, or any other operator’s website or service. We do not log into platforms on your behalf, use platform APIs to enumerate accounts, or extract data from those services in any manner that could violate their Terms of Service.
The data we surface in DoxxScan™ reports and exposure summaries comes exclusively from: (a) public records and public web pages, (b) publicly-disclosed data breaches and leaks aggregated from corpus indexes such as Have I Been Pwned (HIBP), and (c) legally-licensed third-party data sources (including but not limited to DeHashed and similar threat-intelligence providers) where we hold a paid subscription with documented permission to query the data for security-monitoring purposes.
Platform names referenced in our marketing materials are used solely to describe the breadth of breach corpora we cross-reference. We make no claim of partnership or authorized access with any platform listed.
By accessing or using GalaxyWarden ("Service"), you agree to be bound by these Terms of Service and our Privacy Policy. If you do not agree, do not use the Service.
GalaxyWarden provides gaming security services including breach monitoring, security recommendations, and risk assessment. We use third-party services (breach intelligence providers, AI providers) to deliver features.
Paid subscriptions (Warden and Warden Plus) provide additional features. Subscriptions auto-renew unless cancelled. Refunds are handled per our refund policy. We reserve the right to change pricing with notice.
Authorization Certification: By using GalaxyWarden's breach monitoring services and by ticking the attestation checkbox presented at the time you add identifiers to monitoring, you certify and represent that:
Attestation enforcement: The Service enforces this warranty via an attestation checkbox at every identifier-entry surface. Submissions that omit the attestation are rejected server-side. A 30-day swap cooldown is also enforced per account (14 days for Warden Plus subscribers) to deter cycling through different identifiers to monitor people you do not have authorization to monitor.
Data Sources & Accuracy: Breach data is sourced from publicly disclosed security incidents and third-party providers. GalaxyWarden does not guarantee the completeness, accuracy, or timeliness of breach data. The presence or absence of data in our system does not definitively indicate whether your information has or has not been compromised.
User Responsibility: You are solely responsible for:
Prohibited Uses: You may NOT use breach data to:
Violation of these terms may result in immediate account termination and potential legal action.
You agree not to:
All content, features, and functionality are owned by GalaxyWarden and protected by intellectual property laws. You may not copy, modify, or distribute our content without permission.
GalaxyWarden uses artificial intelligence (including xAI/Grok) to generate personalized security insights, remediation mission steps, and risk assessments. AI-generated recommendations are provided for informational purposes only and should not be considered professional cybersecurity advice.
We do not guarantee the accuracy, completeness, or suitability of AI-generated content. Users should exercise independent judgment when acting on AI recommendations. GalaxyWarden is not responsible for any consequences resulting from following AI-generated advice.
Premium features include "DoxxScan" capabilities powered by third-party breach intelligence providers. By using DoxxScan features, you authorize GalaxyWarden to:
DoxxScan data is provided "as-is" from third-party sources. GalaxyWarden does not independently verify breach data and makes no guarantees about its accuracy or completeness.
GalaxyWarden offers referral and affiliate programs subject to the following terms:
GalaxyWarden provides a Data-Broker Removal dashboard at /protection/broker-removal that ranks data brokers most likely to hold your personal information, surfaces verified opt-out methods per broker (email, web form, fax), and (Warden Plus tier only) drafts opt-out request bodies using AI on demand.
Agency authorization — required before drafting: Before GalaxyWarden will draft an opt-out request that contains your name and address, you must affirmatively tick the attestation: “I am the person named above and authorize GalaxyWarden to draft opt-out requests on my behalf to the data brokers listed below.”
By ticking that attestation you represent and warrant that:
How requests are sent (WS12.585.120): When you authorize broker removal, GalaxyWarden sends an authorized-agent email to the broker from a GalaxyWarden-monitored sender address (e.g. brandon@galaxywarden.com) with you CC’d on the email. The broker can see you are a party to the request and can route any identity-verification challenge directly to you via the email thread. Some brokers may still send their verification link to your email of record on file with them; in that case you receive it as the named consumer and you click through.
No guarantee of removal. GalaxyWarden does not guarantee that any given broker will honor a removal request, nor any specific timeline for processing. Brokers operate under varying state laws (CCPA, CPRA, VCDPA, CTDPA, etc.) and individual policies; some require additional identity verification steps you must complete personally on their site, and a small number do not honor authorized-agent requests at all. Our service does its best to maximize success per broker but the outcome is ultimately controlled by the broker.
Manual verification may be required. Some brokers send identity-verification challenges (clickable confirmation links sent to your email of record, telephone callbacks, or photo-ID upload requests). These steps can only be completed by you. We surface them in your dashboard and email you when they occur.
If a broker pushes back, we step in. If any broker rejects, ignores, or escalates your request, reply to the email thread (or contact support@galaxywarden.com) and we will personally take it on — whether that means drafting a follow-up, sending the broker a CCPA right-to-cure notice, or escalating to the state attorney general’s office. The base $19 service covers automated submissions; our human follow-up assistance is included at no additional cost where reasonable.
Broker catalog accuracy: Opt-out URLs, methods, and email recipients are sourced from each broker’s officially-published privacy or opt-out page at the time of catalog assembly. Brokers change these endpoints from time to time; we periodically verify them but do not guarantee a working URL at any given moment. If you encounter a broken or outdated opt-out endpoint, please report it via /report-abuse or to support@galaxywarden.com.
Scope of broker removal — what this service does and does not cover. The Data-Broker Removal service (whether purchased one-time as part of the $19 OneShot or included with a Warden / Warden Plus subscription) is limited to data-broker and people-search sites — the for-profit aggregators in our directory whose business model is republishing your name, address, phone, and relatives. It does not and cannot remove:
For these unrecoverable exposures, what GalaxyWarden provides instead is visibility, remediation guidance, and continuous monitoring: your DoxxScan report shows you exactly what is exposed and where, your AI Concierge generates a custom remediation playbook (which passwords to rotate, which accounts to lock down, which identifiers to retire, which credit monitoring to enable), and a Warden / Warden Plus subscription continuously watches for new exposures and walks you through fresh remediations as they happen. Continuous breach monitoring and Concierge-guided remediation are not part of the one-time $19 OneShot purchase and require an active Warden or Warden Plus subscription.
Warden Plus subscribers have access to three AI Concierge actions:
Rate limits: AI Concierge actions are capped at 10 per 24-hour rolling window per account. Attempts above the cap are rejected with a clean error response. The cap protects against runaway API costs and abuse; users with legitimate need for more headroom may contact support.
Credential isolation guarantee: GalaxyWarden uses a third-party AI provider (xAI/Grok) to power these actions. We do not transmit your raw credentials to the AI provider. Specifically:
You agree to use AI Concierge outputs as drafts, not finished communications. Review every generated email or recommendation before acting on it. AI-generated content is provided “as is” under Section 11 and Section 8 above; we make no warranty as to accuracy, appropriateness, or legal suitability.
Audit log: Every AI Concierge action your account fires is recorded in an internal audit log (action name, hash of arguments, result status, timestamp). The audit log helps us detect abuse, surface bugs, and respond to authorized inquiries.
If a credential (email, phone, name+address) that you own is being monitored on GalaxyWarden without your authorization, you may submit a third-party abuse report at /report-abuse. You do not need to be a user of GalaxyWarden to submit a report.
What we do upon receiving a report:
Rate limit: The abuse-report endpoint accepts up to 20 submissions per day per IP address. Reports submitted from the same IP that we determine to be in bad faith may be deprioritized or referred to abuse-of-process review.
Submitting a knowingly false abuse report may itself violate these Terms and applicable laws. We document the IP address and user-agent string of every submission for this reason.
GalaxyWarden depends on a small number of third-party service providers to deliver its features. This section discloses what data is shared with each and under what conditions.
Have I Been Pwned (HIBP): We send the email addresses you register for monitoring to HIBP’s paid Pwned API to confirm whether those addresses appear in new breaches added to HIBP’s index. We do not send any other field types to HIBP (no phone, name, address, password, or hash). HIBP’s privacy policy applies to data submitted to their API.
DeHashed: We send identifiers you register for monitoring (email, username, phone, name, address) to DeHashed’s licensed API to retrieve breach intelligence. Returned records are stored on GalaxyWarden infrastructure and surfaced in your DoxxScan report. We hold a paid subscription with DeHashed and use the API under their permitted-use policy for security-monitoring purposes.
xAI / Grok: AI Concierge actions and AI Concierge chat send prompts to xAI’s Grok API. The contents of those prompts are limited to: (a) generic metadata about an exposure or broker (per Section 10B above); (b) prompt templates instructing the AI to use placeholder tokens for any user-specific values. We do not send raw credentials, passwords, hashes, SSNs, credit-card data, or the full text of any breach record to xAI.
SendGrid: We send email notifications (breach alerts, monitored-email verification links, abuse-report receipts) through SendGrid’s SMTP infrastructure. The recipient address, subject, and body of those emails pass through SendGrid’s systems.
Stripe: Subscription payments are processed by Stripe. GalaxyWarden does not store full payment-card numbers; only the Stripe subscription ID and the last 4 digits of the card on file. See Stripe’s privacy policy for details on how they handle payment data.
Render and Cloudflare: Our application is hosted on Render and fronted by Cloudflare. Both providers receive the HTTP request metadata necessary to route and serve traffic, including IP addresses, headers, and request paths.
We do not sell user data to any third party. We do not run advertising networks that share user-identifying data. Where additional providers are added in the future, this section will be updated and the change announced under Section 17 above.
THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, OR STATUTORY, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT.
We do not warrant that: (a) the Service will be uninterrupted or error-free; (b) breach data is complete, accurate, or current; (c) security recommendations will prevent all threats; (d) AI-generated content is accurate or appropriate for your situation.
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, GALAXYWARDEN AND ITS OFFICERS, DIRECTORS, EMPLOYEES, AND AGENTS SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING BUT NOT LIMITED TO LOSS OF PROFITS, DATA, USE, GOODWILL, OR OTHER INTANGIBLE LOSSES.
IN NO EVENT SHALL GALAXYWARDEN'S TOTAL LIABILITY EXCEED THE AMOUNT PAID BY YOU TO GALAXYWARDEN IN THE TWELVE (12) MONTHS PRECEDING THE CLAIM.
You agree to indemnify, defend, and hold harmless GalaxyWarden, its affiliates, officers, directors, employees, and agents from and against any claims, damages, losses, liabilities, costs, and expenses (including reasonable attorneys' fees) arising from:
These Terms shall be governed by and construed in accordance with the laws of the State of California, United States, without regard to its conflict of law provisions. Any legal action arising under these Terms shall be brought exclusively in the state or federal courts located in California.
Informal Resolution: Before filing any claim, you agree to attempt to resolve the dispute informally by contacting legal@galaxywarden.com. We will attempt to resolve the dispute within 30 days.
Binding Arbitration: Any dispute not resolved informally shall be settled by binding arbitration administered by the American Arbitration Association (AAA) under its Consumer Arbitration Rules in California.
Class Action Waiver: YOU AGREE THAT DISPUTES WILL BE RESOLVED ON AN INDIVIDUAL BASIS AND NOT AS PART OF ANY CLASS, CONSOLIDATED, OR REPRESENTATIVE ACTION.
Your use of the Service is governed by our Privacy Policy and Responsible Use Policy.
We may update these Terms at any time. For material changes, we will provide at least 30 days notice via email or in-app notification. Continued use after changes constitutes acceptance.
For questions about these Terms: legal@galaxywarden.com