- They themselves say "This page uses javascript to generate your addresses and sign your transactions within your browser, this means we never receive your private keys, this can be independently verified by reviewing the source code on github. You can even download this page and host it yourself or run it offline!"
Everyone should be very wary of any kind of javascript tool like this. The authors or someone who has "hacked" them can quietly change the code at any time, or it could quietly include online components that remain online even if you downloaded the script, even ones that don't become active until later. A billion dollars in eth was stolen from an exchange this year because they used a JS based "multisignature" wallet. Just downloading it right before you use it probably doesn't improve the security because they could have substituted it just before. Often malicious code sits out there on the internet live and active for months or years before anyone notices.
If it's your last option, then it is what it is, but don't think you're not handing your private keys over to some internet stranger-- because you are.
FWIW, if you can actually just get the private keys you can probably recover wallets like this with bitcoin core with no extreme difficulty and avoid the JS signing code vulnerability. But having not ever used Guarda I don't have a nice tutorial for you like this.