Last updated: April 2026
When you use ShieldIQ, we collect your email address, name, and organization name for account management. We do not collect or store firewall configuration files — they are processed in memory and discarded immediately after analysis.
We use your information to provide the ShieldIQ service, send audit reports, and communicate product updates. We never sell your data to third parties.
Firewall configs uploaded for analysis are processed in server memory only. Raw configuration data is never stored in our database. Only the normalized audit findings (rule counts, severity levels, compliance mappings) are persisted. Your configs are never shared with third parties.
When AI explanations are enabled, anonymized finding descriptions (not raw configs) are sent to our AI provider for analysis. No identifying information about your organization or network architecture is included in AI requests.
All data is encrypted in transit (TLS) and at rest (AES-256). API credentials stored for scheduled audits are encrypted with Fernet symmetric encryption. Access is controlled via JWT authentication with bcrypt password hashing.
You have the following rights regarding your personal data:
To exercise any of these rights, contact hello@getshieldiq.com.
ShieldIQ uses only essential cookies required for authentication (JWT session tokens). We do not use tracking cookies, analytics cookies, or third-party advertising cookies. All cookies are httpOnly and secure.
ShieldIQ is hosted in the United States. If you are located outside the US, your data will be transferred to and processed in the US. We do not currently operate EU data centers.
Questions about this policy? Email hello@getshieldiq.com.