Privacy Policy

Last updated: April 2026

What We Collect

When you use ShieldIQ, we collect your email address, name, and organization name for account management. We do not collect or store firewall configuration files — they are processed in memory and discarded immediately after analysis.

How We Use Your Data

We use your information to provide the ShieldIQ service, send audit reports, and communicate product updates. We never sell your data to third parties.

Firewall Configurations

Firewall configs uploaded for analysis are processed in server memory only. Raw configuration data is never stored in our database. Only the normalized audit findings (rule counts, severity levels, compliance mappings) are persisted. Your configs are never shared with third parties.

AI Processing

AI explanations are optional and off unless you enable them. When enabled, ShieldIQ sends our AI provider, Anthropic, the metadata for the flagged findings so it can write a plain-English explanation. This includes rule names and IDs, source and destination addresses (including IP ranges), services and ports, the rule action, and the firewall vendor; the executive summary additionally includes your device name and organization name. We do not send the raw uploaded configuration file. Anthropic does not train on API inputs and processes them under its commercial terms. If you prefer no third party to receive any rule data, run audits with AI disabled — all other processing stays within ShieldIQ.

Data Security

All data is encrypted in transit (TLS) and at rest (AES-256). API credentials stored for scheduled audits are encrypted with Fernet symmetric encryption. Access is controlled via JWT authentication with bcrypt password hashing.

Data Subject Rights

You have the following rights regarding your personal data:

  • Right to access your data
  • Right to request deletion of your account and all associated data
  • Right to export your audit history and findings
  • Right to correct inaccurate information

To exercise any of these rights, contact hello@getshieldiq.com.

Cookie Policy

ShieldIQ uses only essential cookies required for authentication (JWT session tokens). We do not use tracking cookies, analytics cookies, or third-party advertising cookies. All cookies are httpOnly and secure.

Third-Party Services

  • Stripe (payment processing) — processes billing data per their privacy policy.
  • Anthropic (AI analysis) — when AI explanations are enabled, receives finding metadata including rule names, source/destination addresses, ports, and the vendor (but never the raw config file). Anthropic does not train on API inputs. See the AI Processing section above.
  • Vultr (infrastructure hosting) — dedicated servers in Atlanta, US.

Data Retention

  • Audit findings and scores: retained until account deletion.
  • Firewall configurations: never stored (processed in memory only).
  • Audit logs: retained for 2 years for compliance purposes.
  • Account data: deleted within 30 days of account closure request.

International Data

ShieldIQ is hosted in the United States. If you are located outside the US, your data will be transferred to and processed in the US. We do not currently operate EU data centers.

Contact

Questions about this policy? Email hello@getshieldiq.com.