For California residents and California businesses processing California consumer data via ShieldMind. ShieldMind acts as a 'Service Provider' under the CCPA/CPRA; this notice describes our role, the data we process, and how California consumers can exercise their rights.
ShieldMind is a 'Service Provider' as defined by California Civil Code § 1798.140(ag) when processing Personal Information on behalf of Customer (a 'Business' under the CCPA).
We process Personal Information only to perform the security and compliance services for which Customer engaged us, and only on Customer's documented instructions. We do not sell, share, or use Personal Information for cross-context behavioral advertising.
Identifiers (Cal. Civ. Code § 1798.140(v)(1)(A)): name, work email, organization, IP address, device identifier.
Internet/network activity (1798.140(v)(1)(F)): browsing history, search history, interaction with websites and applications.
Professional/employment-related information (1798.140(v)(1)(I)): job title, employer, work device identifier.
Inferences (1798.140(v)(1)(K)): risk scores derived from the above for security alerting purposes.
We do NOT process: sensitive personal information (1798.140(ae)) except as incidentally captured in DLP scanning of customer-authored files, in which case the content is redacted before storage; geolocation beyond IP-derived country; biometric identifiers; precise geolocation.
Operating the security platform — endpoint security telemetry, DLP enforcement, shadow-IT discovery, AI-usage governance, threat detection, incident response.
Providing customer support and account administration.
Detecting security incidents, protecting against malicious or fraudulent activity, and prosecuting those responsible.
Complying with legal obligations.
Performing services on behalf of Customer (the Business).
ShieldMind does NOT sell Personal Information as 'sell' is defined in Cal. Civ. Code § 1798.140(ad).
ShieldMind does NOT share Personal Information for cross-context behavioral advertising as 'share' is defined in § 1798.140(ah).
ShieldMind does NOT use Personal Information for purposes other than performing the contracted services and the limited business purposes identified in § 1798.140(e).
ShieldMind does NOT combine Personal Information received from Customer with Personal Information received from any other source, except as permitted under § 1798.140(ag)(1)(D).
We have not sold or shared the Personal Information of any California consumer in the prior 12 months.
Personal Information is retained for the duration of the Customer agreement plus the period required to comply with legal obligations. Default retention windows are configurable by Customer at /dashboard/governance/policy. Upon Customer's instruction or termination, Personal Information is deleted or returned within 30 days, except where retention is required by law.
California consumers have the following rights under the CCPA/CPRA: (a) Right to Know what Personal Information is collected, used, shared, or sold; (b) Right to Delete; (c) Right to Correct inaccurate Personal Information; (d) Right to Limit use of Sensitive Personal Information; (e) Right to opt out of sale or sharing (not applicable — we don't do either); (f) Right to data portability; (g) Right to non-discrimination for exercising these rights.
Because ShieldMind processes Personal Information as a Service Provider on behalf of Customer (the Business), consumers should direct rights requests to Customer (their employer or the entity that deployed ShieldMind on their device). Customer Admins have self-service tooling at /dashboard/governance to action these requests.
If a California consumer submits a request directly to ShieldMind, we will: acknowledge within 10 business days; verify the consumer's identity to the extent reasonably possible; redirect the request to the appropriate Customer; and notify the consumer of the redirection. We will respond to verifiable requests within 45 calendar days, with one 45-day extension if needed (consumer notified).
Email: bd@dtrasglobal.com with subject line 'CCPA Request' and the type of request (Know / Delete / Correct / Limit / Portability).
Web form: /legal/data-request (coming soon).
Authorized agents may submit requests on behalf of consumers with the consumer's signed permission and proof of agent identity, per CCPA Regulations § 7063.
ShieldMind will not deny services, charge different prices, or provide a different level or quality of service to any California consumer who exercises CCPA/CPRA rights, except where the difference is reasonably related to the value provided to ShieldMind by the consumer's data, as permitted by § 1798.125.
ShieldMind does not knowingly sell or share the Personal Information of consumers under 16 years of age (and does not sell or share Personal Information of any age — see Section 4). If we become aware that we have processed such data without the required parental consent (under 13) or affirmative opt-in (13–15), we will delete it.
DTRAS-G Solutions Private Limited
Manipal, Udupi, Karnataka 576104, India
Privacy: bd@dtrasglobal.com
California-specific inquiries: bd@dtrasglobal.com
This notice will be reviewed and updated at least annually, or sooner if California law or our practices materially change.
Questions about this document? Email bd@dtrasglobal.com — we reply within 2 business days.