Privacy & Cookie Notice
Plain-English summary: This notice explains what personal data Shield collects, why, and how you can control it. We keep it short so you can read it fast.
1. Who we are
- Shield Intelligence ApS, Nørrebrogade 36A, 1, 2200 Copenhagen N, Denmark (CVR 39484358).
- Email our privacy team at legal@shieldapp.ai.
- We are established in the EU and do not need an EU representative.
2. Personal data we collect
| Category | Examples | Source |
|---|---|---|
| Account data | Name, email, in-app organization name | You |
| LinkedIn profile & content data | Name, Public identifier, posts, post statistics (views, reactions, comments, reposts), post level audience demographics, profile views, connection & follower count | LinkedIn (via the Shield Chrome extension with your consent) |
| Billing data | Company name, VAT ID, address, invoices, credit card | You / payment processor |
| Support & feedback | Emails, chat transcripts | You |
| AI-Agent inputs | Prompts you send to the Shield AI Agent | You (when you use the Agent) |
We do not collect sensitive personal data.
3. Why we use it – legal bases
| Purpose | Legal basis |
|---|---|
| Provide & secure the Service | Contract (Art. 6 (1)(b) GDPR) |
| Improve features & debug | Legitimate interest (Art. 6 (1)(f)) |
| Create anonymized or aggregated analytics, benchmarks, and reports (including commercial insights products) that do not identify you, your organisation, or your users. | Legitimate interest (Art. 6 (1)(f) GDPR – our interest in understanding usage trends and improving and developing our products and services). You can object at any time (see § 8). |
| Product updates to existing customers (soft opt-in) | Legitimate interest / § 10(2) ePrivacy Directive |
| Marketing to non-customers | Consent (opt-in) |
| Cookies beyond strictly necessary | Consent (see § 4) |
When we say "anonymized" or "aggregated" data, we mean data that has been processed so it no longer relates to an identified or identifiable person or customer, and cannot reasonably be re-identified by us or by a third party. We do not attempt to re-identify individuals or customers from such data.
4. Cookies & similar tech
We set essential and analytics cookies.
| Tool | Cookie | Purpose | Lifetime |
|---|---|---|---|
| Auth0 | __session__* | Keeps you logged in | 1 month |
| PostHog | _ph_* | Landing page and in-product analytics | 12 months |
| Intercom | intercom-* | Customer support | 12 months |
| Stripe | __stripe_* | Payment provider | 12 months |
| Cloudflare | cf_clearance | Application firewall and bot detection | 12 months |
On our marketing website (shieldapp.ai), we use PostHog in cookieless mode: no analytics cookies are set; user counts use a privacy-preserving server-side hash.
5. Data sharing & sub-processors
- We never sell or rent personal data. We may create and use anonymized and/or aggregated data derived from your use of the Service for analytics, industry benchmarking, and to develop new products, features, or reports, including commercial insights reports. Any such outputs will not identify you, your organisation, or your users and will not disclose your confidential information.
- Processing partners (hosting, analytics, email, etc.) are listed under sub-processors.
- Google services are certified under the EU-US Data Privacy Framework (DPF), allowing lawful analytics transfers to the United States.
- If we ever work with a vendor outside an adequacy-listed country that is not DPF-certified, we will sign the EU Standard Contractual Clauses (SCCs) and apply supplementary safeguards.
6. International transfers
- Primary storage is in the EU — DigitalOcean FRA1 (Frankfurt) and AMS3 (Amsterdam) data centers.
- If a future vendor sits outside an adequacy country and lacks DPF certification, we will rely on the EU Standard Contractual Clauses plus supplementary measures.
7. Retention schedule
- Account & content data: deleted within 6 months after subscription ends.
- Back-ups: overwritten within 30 days.
- Invoices & transactional records: kept 5 years.
- Cookie data: see § 4 lifetimes.
8. Your rights
Access • Rectify • Delete • Restrict • Port • Object • Withdraw consent. Email legal@shieldapp.ai with your request; we may ask for proof of identity and will reply within 30 days.
You also have the right to object at any time to our use of your data to create anonymized or aggregated analytics, benchmarks, or reports. If you do not want your data to be included in these analyses, email legal@shieldapp.ai and we will honor your objection for future processing.
9. Complaints
If you have concerns about how we handle personal data, email legal@shieldapp.ai first — we'll do our best to fix the issue. You also have the right to lodge a complaint with your supervisory authority, for example the Danish Data Protection Agency (Datatilsynet) or the authority in your country of residence.
10. Changes
We post updates for material changes at least 30 days before they take effect.