Privacy Policy

We collect the following types of information when you use ShieldGraph:

1.1 Account Information

When you create an account, we collect your name, email address, company name, and billing information necessary to provide our services.

1.2 Usage Data

We automatically collect information about how you interact with our platform, including pages visited, features used, timestamps, browser type, and IP address.

1.3 Scan Data

When you perform security scans, we process and store scan configurations, target information (domains, IP addresses), scan results, vulnerability findings, and remediation tracking data. Scan data is treated as highly confidential and is isolated per tenant.

We use the information we collect for the following purposes:

We do not sell your personal data. We may share your information only in the following limited circumstances:

- Service Providers: We share data with third-party providers who assist in operating our platform (hosting, email, payment processing). These providers are contractually bound to protect your data.

- Legal Requirements: We may disclose information when required by law, subpoena, or government request.

- Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction.

- With Your Consent: We may share information when you explicitly authorize us to do so.

We implement industry-standard security measures to protect your data:

For more details, visit our Security page.

We retain your data for as long as your account is active or as needed to provide our services:

- Account Data: Retained for the duration of your account plus 30 days after deletion request.

- Scan Data: Retained according to your plan settings. Default retention is 90 days for completed scan results.

- Usage Logs: Retained for 12 months for analytics and security purposes.

- Billing Records: Retained for 7 years as required by applicable tax and financial regulations.

You may request deletion of your data at any time by contacting us.

Depending on your jurisdiction, you may have the following rights regarding your personal data:

- Right to Access: Request a copy of the personal data we hold about you.

- Right to Deletion: Request deletion of your personal data, subject to legal retention requirements.

- Right to Portability: Request your data in a structured, machine-readable format.

- Right to Rectification: Request correction of inaccurate personal data.

- Right to Restrict Processing: Request that we limit how we use your data.

- Right to Object: Object to processing of your data for certain purposes.

To exercise any of these rights, contact us at privacy@shieldgraph.com. We will respond within 30 days.

We use cookies and similar technologies for the following purposes:

- Essential Cookies: Required for the platform to function (authentication, session management).

- Analytics Cookies: Help us understand how users interact with our platform. These can be disabled.

- Preference Cookies: Remember your settings and preferences.

You can control cookie preferences through your browser settings. Disabling essential cookies may affect platform functionality.

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and, where appropriate, sending you an email notification. Your continued use of the service after changes become effective constitutes acceptance of the revised policy.

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

Email: privacy@shieldgraph.com

Data Protection Officer

ShieldGraph, Inc.

Attn: Privacy Team