Terms of Service & Policies

Last updated – 10 June 2025

Important – Please Read Carefully

This Legal Suite (collectively, the “Terms”) governs your access to and use of all websites, mobile/desktop applications and online services provided by ShieldFive Technologies, S.L. (“ShieldFive”, “we”, “us” or “our”), including ShieldFive Drive, ShieldFive Vault, ShieldFive Pass-Through API, related developer tools, and any other product or service that links to or otherwise incorporates these Terms (collectively, the “Services”).

By creating an account, activating a subscription or otherwise using the Services you acknowledge that you have read, understood and agree to be bound by these Terms. If you do not agree, do not use the Services.

These Terms are drafted to reflect the requirements of:

  • Regulation (EU) 2016/679 (General Data Protection Regulation – “GDPR”);
  • Spanish Organic Law 3/2018 and Law 34/2002 (LSSI-CE);
  • The ePrivacy Directive 2002/58/EC (as implemented in the EU/EEA);
  • Swiss Federal Act on Data Protection (FADP);
  • The United Kingdom GDPR and Data Protection Act 2018;
  • The California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA);
  • U.S. CAN-SPAM Act, Children’s Online Privacy Protection Act (COPPA) and other applicable laws.

Nothing in these Terms is intended to circumvent mandatory consumer protections provided by the laws of your habitual residence.

1. Definitions

TermMeaning
AccountThe credentials and profile that permit you (or an entity you represent) to access the Services.
AffiliateAny entity that directly or indirectly controls, is controlled by, or is under common control with ShieldFive.
ContentAll text, data, files, code, images or other materials uploaded, stored, generated or otherwise processed through the Services (excluding Usage Data and Feedback).
Business DayMonday – Friday, excluding Spanish national holidays.
Storage NodeA third-party device that stores encrypted data shards as part of ShieldFive’s distributed network.
Applicable LawAll laws, rules and regulations that apply to either party, including those listed in the preamble.

Undefined capitalised terms have the meaning assigned elsewhere in these Terms.

2. Eligibility & Authority

  1. Age Requirement. You must be at least 18 years old (or the age of majority where you live) to register for a paid plan. Minors aged 13 – 17 may only use a free Account with verifiable parental consent.
  2. Entity Users. If you create or administer an Account on behalf of a company or other legal entity, you represent that you have authority to bind that entity. “You” and “your” will then refer to both you and the entity.
  3. Prohibited Persons. You may not use the Services if you are located in, or are a national or resident of, any jurisdiction subject to a comprehensive EU, UK, Swiss or U.S. embargo or export restriction, or if you are on any relevant sanctions list.

3. Account Registration & Security

  1. Accurate Information. You agree to provide true, complete and current information when opening or updating your Account.
  2. Credentials. Keep your password, recovery keys and any API secrets confidential. ShieldFive cannot recover encrypted Content if you lose the keys.
  3. Security Notification. Notify us immediately at security@ShieldFive.com if you suspect unauthorised access or disclosure.
  4. Multiple Accounts. Except where expressly permitted in writing, you may hold only one free Account. Paid Accounts may create sub-users and aliases in accordance with the selected plan.

4. Service Description

ShieldFive provides end-to-end-encrypted, zero-knowledge cloud storage and ancillary productivity tools delivered via a hybrid decentralised architecture. Data is encrypted locally on your device, erasure-coded, and distributed across geographically diverse Storage Nodes. ShieldFive never possesses plaintext encryption keys.

5. Free & Paid Plans

  1. Plan Details. Features, quota, bandwidth, SLA level and pricing are described on the Pricing Page or an executed Order Form. We may reasonably modify free plans at any time.
  2. Trials. Free trials convert to the applicable paid plan at the end of the trial unless you cancel beforehand.
  3. Lifetime Plans. Lifetime plans last for 99 years or until ShieldFive ceases to operate the relevant Service, whichever occurs first, and are non-transferable.

6. Acceptable Use Policy (AUP)

You agree not to, and will not allow others to:

  • Use the Services in violation of Applicable Law, court order or ShieldFive’s AUP (incorporated by reference), including to store or share: child sexual abuse material, extremist propaganda, malware or content that infringes third-party rights.
  • Perform or facilitate unauthorised penetration tests, vulnerability scans or reverse engineering of the Services except through ShieldFive’s official bug-bounty programme.
  • Interfere with or disrupt the integrity or performance of the Services or any data contained therein.
  • Mislead or deceive others, including by phishing or impersonation.

Violation may result in rate-limiting, suspension or immediate termination without refund, and we may report unlawful conduct to competent authorities.

7. User Content & Storage Materials

  1. Ownership. As between you and ShieldFive, you retain all intellectual-property rights to your Content.
  2. Licence to ShieldFive. You grant ShieldFive and its subprocessors a worldwide, non-exclusive, royalty-free licence to host, copy, transmit and otherwise process Content solely for the purpose of providing the Services, resolving support requests, complying with law or enforcing these Terms.
  3. Responsibility. You are solely responsible for the nature, quality and legality of Content and for ensuring that your configuration (redundancy, geographic dispersion, retention, encryption keys) meets your compliance obligations.
  4. Sensitive Data. You shall not store special-category personal data, health records, cardholder data (PCI-DSS), or other data subject to heightened regulatory schemes unless you have first implemented all measures required under Applicable Law and executed the ShieldFive Data Processing Agreement (“DPA”).

8. Intellectual Property; Open Source

The Services, ShieldFive brand, source code (excluding components released under an open-source licence), design and documentation are protected by copyright, trademark and other laws. Nothing in these Terms transfers ownership of any ShieldFive IP to you. Where the Services incorporate open-source software, your use is additionally subject to the relevant open-source licences, which do not govern any hosted portions of the Services.

9. Third-Party Services & Integrations

The Services may contain links to, or integrations with, third-party applications. We do not endorse or assume responsibility for such third parties. Your dealings with them are solely between you and the third party and may be governed by separate terms.

10. Privacy & Data Protection

  1. Privacy Notice. Our Privacy Notice explains how we collect and process personal data. It forms part of these Terms.
  2. Controller / Processor Roles. Except for billing information (controller) and optional telemetry (which is disabled unless you configure env keys), ShieldFive acts as processor of personal data stored in your Content. The parties’ respective obligations are set out in the DPA.
  3. Hosting & Transfers. Customer data is hosted in the EU (Supabase, Frankfurt). Storage objects are encrypted client-side; metadata is encrypted server-side. If ShieldFive enables processors outside the EEA, we rely on SCCs and strong encryption that renders data unintelligible to the provider.
  4. California. ShieldFive is a “service provider” under the CCPA/CPRA and will not “sell” or “share” personal information as those terms are defined therein.

11. Security Measures

ShieldFive maintains a written information-security programme aligned with ISO/IEC 27001, including:

  • AES-256-GCM client-side encryption with per-file keys;
  • TLS 1.3 in transit;
  • Multi-factor authentication for administrative access;
  • Annual external penetration testing;
  • 24/7 monitoring and incident-response procedures;
  • Data-centre certifications (ISO 27001, SOC 2 Type II or equivalent).

12. Service Level Agreement (SLA)

  1. Availability Commitment. ShieldFive will make the core storage API available 99.99 % of each calendar month, excluding Scheduled Maintenance and Excused Outages (force majeure, third-party network failures, your acts or omissions, beta features, or suspension under these Terms).
  2. Credits. If monthly Availability falls below 99.99 %, you may request a service credit equal to: 10 % of monthly fee (≥99.0 % < 99.99 %); or 30 % (< 99.0 %). Credits are your sole remedy for failure to meet the SLA.

13. Fees, Billing & Taxes

  1. Fees. You will pay the fees described at the time of purchase or in your Order Form. All fees are exclusive of applicable taxes, which you shall pay or self-assess where required.
  2. Billing Cycle. Unless stated otherwise, subscriptions auto-renew for successive terms equivalent to the initial term.
  3. Payment Method. You authorise ShieldFive (or its payment processor) to charge your designated payment method on each renewal date. If payment fails and is not cured within 7 days, we may suspend or downgrade your Account.
  4. Refunds. First-time subscribers may cancel for any reason within 30 days of initial purchase and receive a prorated refund. Refunds are not available afterwards except as required by law.

14. Suspension & Termination

  1. By You. You may delete your Account at any time via the dashboard. Deleting your Account immediately terminates your licence to the Services but does not entitle you to a refund.
  2. By ShieldFive. We may suspend or terminate (i) for material breach upon 14 days’ written notice if the breach remains uncured, (ii) immediately for AUP violations or to comply with legal obligations.
  3. Effect. Upon termination we will delete or irreversibly anonymise Content within 30 days, except backups retained for disaster-recovery (up to 90 days) or as required by law.

15. Disclaimers

Except as expressly stated, the Services are provided “AS IS” and “AS AVAILABLE.” To the maximum extent permitted by law, ShieldFive disclaims all implied warranties (merchantability, fitness for a particular purpose, non-infringement, quiet enjoyment).

16. Limitation of Liability

  1. Indirect Damages. ShieldFive will not be liable for indirect, incidental, special, consequential or punitive damages, or for loss of profits, revenues, data or goodwill, even if advised of the possibility.
  2. Cap. ShieldFive’s aggregate liability arising out of or relating to the Services will not exceed the greater of (a) €100 or (b) the total fees you paid to ShieldFive in the 12 months preceding the event giving rise to the claim.
  3. Exceptions. The above exclusions and cap do not apply to liability that cannot be excluded under Applicable Law or to ShieldFive’s wilful misconduct or gross negligence.

17. Indemnification

You will indemnify and hold harmless ShieldFive, its Affiliates, and their respective directors, officers, employees and agents from and against any third-party claim arising from (a) your Content; (b) your breach of these Terms; or (c) your violation of Applicable Law.

18. Dispute Resolution & Governing Law

  1. Informal Resolution. Before filing a claim, each party agrees to attempt to resolve the dispute by emailing legal@ShieldFive.com with a concise description. If unresolved after 30 days, either party may proceed as set out below.
  2. Jurisdiction. If you are a consumer residing in the EEA, you may bring proceedings in your local courts. In all other cases, these Terms are governed by Spanish law and the courts of Valencia, Spain have exclusive jurisdiction.
  3. Arbitration for U.S. Consumers. If you reside in the United States, any dispute will be resolved by binding individual arbitration under the JAMS Consumer Arbitration Rules, with a waiver of class actions and jury trial. You may opt out by sending written notice within 30 days of first accepting these Terms.

19. Changes to Terms

We may amend these Terms by posting a revised version and updating the “Last Updated” date. Material changes will take effect 30 days after posting and will not be retroactive. Your continued use after that date constitutes acceptance.

20. Severability

If any provision is held unenforceable, it will be limited to the minimum extent necessary and the remainder shall remain in full force.

21. Miscellaneous

  • Entire Agreement. These Terms, the Privacy Notice, AUP, DPA and any Order Form constitute the entire agreement and supersede all prior agreements regarding the Services.
  • Assignment. ShieldFive may assign these Terms to an Affiliate or in connection with a merger or sale of assets. You may not assign without our prior written consent.
  • Force Majeure. Neither party is liable for failure to perform due to causes beyond reasonable control (e.g., natural disaster, war, labour dispute, internet disturbance).

Privacy Policy

ShieldFive values your privacy. This Privacy Policy explains how we collect, use, and protect your personal data when you use our Services.

1. Data Controller

Until formal business registration, the Services are operated by an individual based in Spain who assumes responsibility as the data controller under GDPR and related laws.

2. Data We Collect

  • Account data: Email, password (hashed), and optional profile details.
  • Usage data: Logs, metrics, and analytics (e.g., bandwidth, storage usage).
  • Communication data: Support requests, messages, or feedback.
  • Billing data: Only if and when you purchase a paid plan.

3. How We Use Your Data

  • To operate and maintain the Services
  • To provide customer support
  • To improve and secure our infrastructure
  • To comply with legal obligations

4. Legal Basis

We process your data based on your consent, the performance of our contract (Terms of Service), compliance with legal obligations, or legitimate interests (e.g., service security).

5. Data Sharing

We do not sell or share your personal data with third parties except:

  • When required by law or regulation
  • To service providers under confidentiality agreements (e.g., hosting, billing)

6. International Transfers

Your encrypted data shards may be distributed globally. Where required, we use appropriate safeguards such as Standard Contractual Clauses.

7. Your Rights

Under GDPR and applicable laws, you have the right to access, rectify, erase, or port your personal data, and to object or restrict processing. Contact us at legal@ShieldFive.com.

8. Data Retention

We retain account-related data for as long as your account is active and for legal compliance thereafter. Encrypted content is deleted within 30–90 days after account deletion.

9. Contact

ShieldFive Spain. For legal inquiries or data protection requests, please contact us at legal@ShieldFive.com.