LegalPrivacy PolicyThis Privacy Policy explains how ShieldOps AI ("we," "our," or "us") collects, uses, discloses, and protects information about you when you use our platform, services, and website at shieldops-ai.dev (collectively, the "Service").This page is provided as a product/legal draft and should be reviewed by qualified legal counsel before public launch.Information We CollectWe may collect the following categories of information: (1) Account Information including your name, email address, password hash, and organization details; (2) Uploaded Content including Dockerfiles, Compose files, Kubernetes manifests, and other configuration files you submit for analysis; (3) Usage Data including analysis history, feature usage patterns, API calls, and operational logs; (4) Device and Connection Information including IP address, browser type, operating system, and referrer data; (5) Payment Information processed securely through our third-party payment providers (Stripe, PayPal, Paymob); and (6) Communications including support tickets, feedback, and correspondence.How We Use Your InformationWe use collected information to: (1) Provide, maintain, and improve the Service; (2) Process and analyze uploaded files for security vulnerabilities and compliance; (3) Generate reports, SBOMs, and remediation recommendations; (4) Manage your account and provide customer support; (5) Communicate about service updates, security notices, and billing; (6) Detect, investigate, and prevent fraudulent or unauthorized activities; (7) Comply with legal obligations; and (8) Aggregate anonymized data for platform improvements and research.Data RetentionWe retain your personal information for as long as your account is active or as needed to provide services. Analysis inputs and results are retained for 12 months from the date of creation, unless you request earlier deletion. Usage logs are retained for 90 days. After account closure or data deletion requests, we will delete or anonymize your data within 30 days, except where retention is required by law, for ongoing disputes, or for legitimate business purposes such as fraud prevention. Backup copies may persist for up to 60 additional days after deletion.Data Sharing and Third-Party ServicesWe do not sell your personal information. We may share information with: (1) Service providers including cloud infrastructure (Render), database services (PostgreSQL), payment processors (Stripe, PayPal, Paymob), email services, and AI analysis providers (Google Gemini) who process data on our behalf under strict data processing agreements; (2) Legal authorities when required by law, court order, or governmental regulation, or when necessary to protect our rights, safety, or property; (3) Business transferees in connection with a merger, acquisition, or sale of assets, with notice provided to you; and (4) With your explicit consent for other purposes. All third-party service providers are contractually bound to use only the minimum necessary data and to protect your information.Data SecurityWe implement appropriate technical and organizational measures to protect your data including: encryption in transit using TLS 1.3; encryption at rest using AES-256 for sensitive data; access controls limiting data access to authorized personnel; regular security assessments and penetration testing; secrets redaction in analysis outputs and reports; tenant isolation ensuring data separation between organizations; and audit logging for critical operations. While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.Your Rights Under GDPR (European Users)If you are located in the European Economic Area (EEA), you have the following rights under the General Data Protection Regulation: (1) Right of Access to receive a copy of your personal data; (2) Right of Rectification to correct inaccurate personal data; (3) Right to Erasure ("Right to be Forgotten") to request deletion of your personal data; (4) Right to Restrict Processing to limit how we use your data; (5) Right to Data Portability to receive your data in a structured, commonly used format; (6) Right to Object to processing based on legitimate interests; (7) Right to withdraw consent where processing is based on consent; and (8) Right to lodge a complaint with your local data protection authority. To exercise these rights, contact us at dockeranalyzer@gmail.com. We will respond within 30 days.Your Rights Under CCPA (California Residents)If you are a California resident, you have the right to: (1) Know what personal information is collected about you and how it is used and shared; (2) Request deletion of your personal information (subject to exceptions); (3) Opt-out of the sale of your personal information (we do not sell personal information); (4) Non-discrimination for exercising your privacy rights. To exercise these rights, contact us at dockeranalyzer@gmail.com. We will verify your identity before processing requests. You may designate an authorized agent to make requests on your behalf with written authorization.Cookies and Tracking TechnologiesWe use essential cookies required for platform functionality including session management (7-day session cookie), CSRF protection, language preferences, and authentication tokens. We may use analytics cookies to understand how visitors use our Service (Google Analytics or similar). Marketing and advertising cookies will only be used after obtaining your consent where required by law. You can manage cookie preferences through your browser settings. Note that blocking essential cookies may prevent login or core platform features from working.Data PortabilityYou may request a copy of your personal data in a portable format. To request data export: (1) Email dockeranalyzer@gmail.com with your request; (2) We will provide data in JSON format within 30 days; (3) Data may include account information, analysis history, uploaded files metadata, and generated reports. Large data exports may require additional processing time. This service is provided at no cost unless requests are excessive or repetitive.Account DeletionTo delete your account and associated data: (1) Log into your account and navigate to Settings, or email dockeranalyzer@gmail.com from your registered email; (2) We will verify your identity and send a confirmation link; (3) Upon confirmation, your account will be deactivated and scheduled for deletion; (4) Most personal data will be deleted within 30 days; (5) Some data may be retained longer for legal compliance, fraud prevention, or legitimate business purposes as described in the Data Retention section. Analysis results and reports cannot be recovered after deletion.Children's PrivacyOur Service is not directed to individuals under 16 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child under 16, please contact us immediately at dockeranalyzer@gmail.com, and we will take steps to delete that information promptly.International Data TransfersYour information may be transferred to and processed in countries other than your country of residence, including the United States and other jurisdictions where our service providers operate. When we transfer data internationally, we ensure appropriate safeguards are in place including: Standard Contractual Clauses (SCCs) approved by the European Commission; data processing agreements with all service providers; and compliance with applicable data protection laws. By using our Service, you consent to such transfers.Changes to This Privacy PolicyWe may update this Privacy Policy periodically to reflect changes in our practices, technology, or legal requirements. We will notify users of material changes via email or prominent notice on the platform at least 30 days before the change takes effect. The "Last Updated" date at the top of this policy indicates when it was last revised. Your continued use of the Service after changes constitutes acceptance of the updated policy.Contact UsFor questions about this Privacy Policy, to exercise your rights, or to report a privacy concern, contact us at: Email: dockeranalyzer@gmail.com. We aim to respond to all inquiries within 30 days. For unresolved concerns, you may have the right to lodge a complaint with your local data protection supervisory authority.Last updated: May 7, 2026