Privacy Policy.

ShieldMind Inc. ('ShieldMind', 'we', 'us') operates the ShieldMind security platform. This document explains what data we collect, why we collect it, and how we handle it.

Have a question? Email us at privacy@shieldmind.io. Our Data Protection Officer is reachable at the same address.

Account data: name, work email, organization, role.

Telemetry data from the ShieldMind agent: process events, network events, file events, browser URLs, AI prompts, clipboard content (when policy allows).

Billing data: handled by Stripe; we receive a customer ID but no full card numbers.

Web-traffic logs: standard server logs (IP, user-agent, timestamp) retained for 30 days for abuse prevention.

We collect telemetry data to operate the product you bought from us — detecting threats, blocking exfiltration, generating compliance reports. We never use customer telemetry to train models, sell to third parties, or advertise.

Primary region: AWS us-east-1. EU customers can opt into eu-west-1 residency.

Encrypted at rest with AES-256. Encrypted in transit with TLS 1.3. Cert-pinned uploads from the agent.

Retention: 90 days default for raw telemetry, 13 months for incident records. Customers can configure shorter retention.

Sub-processors listed at shieldmind.io/legal/sub-processors (Stripe, AWS, Vercel, etc.).

Law enforcement only when compelled by valid legal process — we publish a transparency report annually.

Never sold to data brokers or advertisers, full stop.

Access, correct, export, or delete your personal data at any time via privacy@shieldmind.io.

EU/UK residents: GDPR rights apply. California residents: CCPA rights apply. India: DPDP rights apply.

Request handling: we acknowledge within 5 business days and complete within 30 days.

We use first-party cookies for session management and analytics (Plausible — no cross-site tracking). No third-party advertising cookies. Cookie banner appears on first visit; preferences are honored across visits.

Material changes are announced via email to your account contact at least 30 days before they take effect. Minor clarifications appear here with an updated 'Last updated' stamp.