Privacy Policy

Effective: January 1, 2026 · Last updated: January 1, 2026

Introduction
Data We Collect
How We Use Your Data
Data Sharing & Disclosure
Data Security
Data Retention
GDPR Rights
CCPA Rights
HIPAA Compliance
Cookies & Tracking
International Data Transfers
Children’s Privacy

1. Introduction

Shield360, Inc. ("Shield360," "we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, applications, APIs, and related services (collectively, the "Service").

By accessing or using Shield360, you agree to this Privacy Policy. If you do not agree with the terms of this policy, please do not access the Service.

2. Data We Collect

We collect the following categories of information:

Account Information: Name, email address, company name, and billing details when you register for an account.
Website Data: URLs, page content hashes, script inventories, and network request metadata from monitored sites.
Threat Data: Detected threats, malicious script signatures, skimmer patterns, and vulnerability information.
Usage Data: Log data, IP addresses, browser type, device information, pages visited, and interaction patterns.
Communication Data: Support tickets, emails, chat transcripts, and feedback you provide.
Payment Data: Processed securely through Stripe. We do not store full credit card numbers on our servers.

3. How We Use Your Data

We use the information we collect to:

Provide, operate, and maintain the Shield360 Service
Detect, analyze, and respond to security threats on your websites
Generate compliance reports and audit trails
Send transactional notifications, security alerts, and service updates
Improve our threat detection algorithms and machine learning models
Process payments and manage subscriptions
Provide customer support and respond to inquiries
Comply with legal obligations and enforce our terms of service

We do not sell your personal data. We never have, and we never will.

We may share information in the following limited circumstances:

Service Providers: With trusted third-party vendors who assist in operating our Service (e.g., cloud hosting, payment processing, analytics), subject to confidentiality agreements.
Threat Intelligence: Anonymized and aggregated threat data may be shared with the security community to improve collective defense. This data never includes personally identifiable information.
Legal Requirements: When required by law, regulation, legal process, or governmental request.
Business Transfers: In connection with a merger, acquisition, or sale of assets, with prior notice to affected users.
With Your Consent: When you explicitly authorize us to share information with a third party.

5. Data Security

We implement industry-leading security measures to protect your data:

Encryption at Rest: All data is encrypted using AES-256 encryption.
Encryption in Transit: All communications use TLS 1.3.
Access Controls: Role-based access controls (RBAC) with multi-factor authentication for all employees.
Audit Logging: Comprehensive audit logs with blockchain-verified integrity.
Regular Assessments: Annual penetration testing and continuous vulnerability scanning.
SOC 2 Type II: Independently audited controls for security, availability, and confidentiality.

6. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. Specific retention periods:

Account Data: Retained for the duration of your account plus 30 days after deletion.
Threat Logs: Retained for 90 days (Free), 1 year (Pro), or as configured (Enterprise).
Audit Trails: Retained for 7 years to meet compliance requirements.
Billing Records: Retained for 7 years per tax and accounting regulations.

You may request deletion of your data at any time by contacting privacy@shield360.app.

If you are a resident of the European Economic Area (EEA), you have the following rights under the General Data Protection Regulation:

Right of Access: Request a copy of all personal data we hold about you.
Right to Rectification: Request correction of inaccurate or incomplete data.
Right to Erasure: Request deletion of your personal data ("right to be forgotten").
Right to Restrict Processing: Request that we limit the processing of your data.
Right to Data Portability: Receive your data in a structured, machine-readable format.
Right to Object: Object to processing based on legitimate interests or direct marketing.

To exercise these rights, contact our Data Protection Officer at dpo@shield360.app. We will respond within 30 days.

8. CCPA Rights (California Residents)

Under the California Consumer Privacy Act, California residents have the right to:

Know what personal information is collected, used, shared, or sold
Delete personal information held by businesses
Opt out of the sale of personal information (we do not sell your data)
Non-discrimination for exercising CCPA rights

To submit a CCPA request, email privacy@shield360.app or call 1-800-SHIELD-360.

9. HIPAA Compliance

For healthcare customers, Shield360 offers HIPAA-compliant configurations on Enterprise plans. We will execute Business Associate Agreements (BAAs) upon request and implement additional safeguards for Protected Health Information (PHI), including:

Dedicated, isolated infrastructure
Enhanced access controls and audit logging
Breach notification procedures within 60 days
Employee HIPAA training and compliance programs

10. Cookies & Tracking Technologies

We use the following types of cookies:

Essential Cookies: Required for the Service to function (authentication, security tokens). Cannot be disabled.
Analytics Cookies: Help us understand how users interact with our Service. We use privacy-respecting analytics (no cross-site tracking).
Preference Cookies: Remember your settings (theme, language, dashboard layout).

We do not use third-party advertising cookies or trackers. You can manage cookie preferences through your browser settings or our cookie consent banner.

11. International Data Transfers

Shield360 is headquartered in San Francisco, California. If you access the Service from outside the United States, your data may be transferred to, stored, and processed in the US or other countries where our service providers operate.

For EEA transfers, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission. We also maintain EU-US Data Privacy Framework certification.

12. Children’s Privacy

Shield360 is not directed at children under the age of 16. We do not knowingly collect personal information from children. If we discover that we have inadvertently collected data from a child under 16, we will promptly delete it. If you believe a child has provided us with personal data, please contact us at privacy@shield360.app.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. For significant changes, we will provide 30 days' advance notice via email.

Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Email: privacy@shield360.app
Data Protection Officer: dpo@shield360.app
Mail: Shield360, Inc., 535 Mission Street, Suite 1400, San Francisco, CA 94105