ShieldGraph is committed to meeting the highest standards of security and compliance. We continuously invest in certifications and frameworks that demonstrate our dedication to protecting your data.
Comprehensive audit of our security, availability, processing integrity, confidentiality, and privacy controls.
Estimated completion: Q3 2026
Full compliance with the EU General Data Protection Regulation. We uphold data subject rights and maintain lawful data processing practices.
Active
Compliant with the California Consumer Privacy Act. California residents have full access to their data rights including access, deletion, and opt-out.
Active
International standard for information security management systems (ISMS). Certification process planned to begin after SOC 2 completion.
Planned for Q1 2027
Primary data is stored in US-based data centers with SOC 2 certified infrastructure providers. EU customers may request data residency within the European Economic Area.
All data is encrypted at rest using AES-256 and in transit using TLS 1.3. Encryption keys are managed through a dedicated key management service with automatic rotation.
Scan data is retained for 90 days by default (configurable per plan). Account data is retained for 30 days after deletion. Billing records are retained for 7 years per regulatory requirements.
We use the following third-party sub-processors to deliver our services. All sub-processors are bound by data processing agreements.
| Provider | Purpose |
|---|---|
Cloudflare | CDN, DDoS Protection & WAF |
Vercel | Application Hosting & Deployment |
SendGrid | Transactional Email Delivery |
Stripe | Payment Processing & Billing |
Request access to our compliance documentation for your review.
Security Whitepaper
Data Processing Agreement (DPA)
Privacy Impact Assessment
Sub-processor List
Contact our compliance team for detailed documentation, custom DPAs, or to discuss your specific compliance requirements.
compliance@shieldgraph.com