Guardia AI

Cloud Infrastructure Compliance Automation

Customer Support

Our team is here to help you achieve and maintain continuous AI compliance for your Azure infrastructure. Guardia AI is an infrastructure-first Continuous Control Monitoring (CCM) platform. Use this page to report issues, share feedback, request a feature, or ask about extending your trial. Reach us by email or the form below.

Contact Us

Email Support

Send your question to our support team. We respond to all inquiries within one business day.

support@trustguardia.com

All plans

Response Time Commitments

Plan Email Response Critical Issue Channels
Free 5 business days Best effort Email
Starter — $598/mo 2 business days Next business day Email
Professional — $1,998/mo 4 business hours 2 business hours Email
Enterprise — $5,998/mo 1 business hour 30 minutes Email, Dedicated CSM

Feature FAQ

πŸ”„

How does Continuous Governance work?

Guardia AI's Continuous Control Monitoring (CCM) automatically re-scans your Azure cloud infrastructure β€” ML workspaces, Cognitive Services, Container registries, RBAC assignments, policy configurations, and diagnostic settings β€” on a recurring schedule based on your plan: Starter is manual on-demand only, Professional is bi-weekly, and Enterprise is daily. Each scheduled scan compares your current compliance posture against the previous result and emails you a report. If your score drops more than 5 points, or new critical findings appear, you'll also receive a separate Drift Alert email immediately. You can also trigger scans on-demand via the REST API from your CI/CD pipeline.

Free Trial users can still run scans manually from the portal at any time.

Starter, Professional, Enterprise
πŸ”

How are my scan reports encrypted?

Every infrastructure scan report is AES-256-GCM encrypted at rest before storage β€” on every plan, including Free Trial. By default, Guardia uses a Platform-Managed Key (PMK) in our Azure Key Vault. No plaintext report data is ever written to the database.

On Professional and Enterprise plans, you can upgrade to Customer-Managed Key (CMK / BYOK) encryption β€” your AES-256 secret lives in your own Azure Key Vault. Guardia reads it at scan time to encrypt reports and at read time to decrypt them. To enable CMK:

  1. Store a 32-byte base64 secret in your Azure Key Vault (e.g. openssl rand -base64 32).
  2. Grant Guardia’s service principal Get permission on that secret.
  3. Go to My Portal β†’ Security & Encryption β†’ Customer-Managed Keys, paste your Key Vault URL and secret name, and click Enable CMK.
  4. Guardia tests connectivity before saving. On success, a confirmation email is sent to the account owner.

What happens when I rotate my CMK key?

Azure Key Vault key rotation creates a new secret version at the same URI. Guardia handles this in two ways:

  • Automatic (daily): Guardia’s 24-hour health check polls all CMK tenants. If the secret version has changed, the version fingerprint is updated and a rotation-detected email is sent. No action required from you.
  • Manual (immediate): After rotating in Azure Key Vault, click Refresh Key Version in the portal or call PATCH /tenant/cmk/rotate-verify for instant confirmation.
  • Old versions: Do not delete or disable old secret versions in Key Vault until you are certain no reports reference them. Historical reports remain bound to the version used to encrypt them.

How do I switch back from CMK to PMK?

Removing CMK is a two-step confirmation process:

  1. Click Remove CMK in the portal. A confirmation email is sent to the account owner with a 30-minute time-limited link.
  2. Click the link in that email. Only then does the switch to PMK complete.

Important: After switching, do not delete your Key Vault secret. Historical CMK-encrypted reports remain bound to it and will become permanently unreadable if the secret is lost. You can re-enable CMK at any time β€” all switches are recorded in your encryption mode history.

Professional, Enterprise
πŸ› οΈ

What are IaC Remediation Exports?

After an infrastructure compliance scan, Guardia AI generates Infrastructure-as-Code remediation scripts for every finding in your Azure environment β€” in ARM, Bicep, or Terraform β€” targeting the specific Azure resources flagged in the scan format. These aren't generic templates; they are pre-filled with your subscription IDs, resource names, and the specific control being remediated. Download them directly from the scan results panel and apply them via your existing deployment pipeline.

Enterprise only
πŸ“‹

Which compliance frameworks are supported?

πŸ“‹ See the full control reference β€” all 55 controls across all 7 frameworks with article numbers and severity levels β†’

Guardia AI scans Azure cloud and AI infrastructure against seven regulatory frameworks. All findings are resource-level β€” specific Azure objects in your subscription(s): ISO 42001, SR 11-7, EU AI Act, MAS TRM, SOX, NIST AI RMF, and DORA. Starter plans can select up to 7 frameworks. Professional and Enterprise plans include all frameworks without restriction. Free Trial is limited to ISO 42001 and SR 11-7.

All plans
βš™οΈ

How do I connect my Azure subscription?

You need to create a service principal in your Azure tenant and grant it Reader access on the subscriptions you want scanned. Go to My Portal β†’ Azure Setup and paste your Tenant ID, Client ID, and Client Secret. Your credentials are stored encrypted at rest and never logged. Step-by-step instructions are in our πŸ“– User Guide Getting Started guide.

All plans

Submit a Support Request

Fill out the form below and we will reply to your email address within the SLA for your plan. For urgent issues email support@trustguardia.com. All automated platform notifications (governance reports, drift alerts, scan summaries) are also sent from this address β€” add it to your allowlist to ensure delivery.