Privacy & Security

ShieldFive Privacy Notice

We keep as little data as possible, and everything we do is to protect your encryption keys and your trust.

Data We Don’t See

  • We never store or transmit your encryption passphrases.
  • File contents are encrypted client-side; storage holds ciphertext only.
  • Filenames/folders are encrypted and hashed with keys you control.

Data We Do Process

  • Account email for auth and receipts.
  • Billing details if you subscribe (name, address, Stripe customer/subscription IDs).
  • Share access logs: country code and a hashed IP (no raw addresses) to prevent abuse.
  • Optional telemetry (Sentry/PostHog) is disabled unless env keys are set; properties are redacted to avoid filenames/paths.

Retention

We retain billing records as required for accounting. Share access logs store only hashed IP + country and are purged after 30 days (see ops runbook). Delete Account removes files, metadata, folders, subscriptions, and the Supabase auth user.

Breach Response

If we detect or suspect a breach:

  1. Contain: revoke compromised keys, stop deployments, rotate secrets.
  2. Assess: review logs (redacted), Supabase audit, Stripe webhook history.
  3. Notify: affected users within 72 hours with scope and required actions.
  4. Remediate: patch, rotate keys, and publish a postmortem.

Your Controls

  • Delete account anytime in Settings; we purge storage + metadata + auth.
  • Rotate metadata keys using the provided scripts and env vars.
  • Export billing records via Stripe customer portal (coming soon) or email support@shieldfive.com.

Contact

Questions? Email privacy@shieldfive.com or use the contact form.