Privacy Policy
Last updated: July 21, 2025
Our Commitment to Privacy
At ShieldIQ, we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, store, and share your data when you use our browser extension and related services, including our website and premium subscription features.

Privacy-First Approach: We believe in minimal data collection and maximum user control. We only collect what is absolutely necessary to provide our security services and comply with applicable privacy laws including GDPR and CCPA.

Data Controller: BrightMinds Systems LLC is the data controller for all personal information collected through our services.

1. Information We Collect
   1.1 Automatically Collected Information
   We automatically collect minimal technical data necessary for security protection:

• Threat Detection Data: URLs, file hashes, and metadata of potential threats (no personal content or browsing history)
• Performance Metrics: Extension response times and error rates to optimize service quality
• Error Reports: Crash reports and error logs (completely anonymized, no personal identifiers)
• Usage Statistics: Feature usage patterns (aggregated and anonymized across all users)
• Device Information: Browser type, extension version, and operating system (for compatibility)
1.2 Information You Voluntarily Provide
We only collect personal information when you explicitly provide it:

• Account Information: Email address (required only for premium accounts and support)
• Payment Information: Processed securely through Stripe (we never store payment details)
• Settings and Preferences: Your security configuration choices and whitelisted domains
• Support Communications: Information you provide when contacting customer support
• Feedback and Reports: Voluntary threat reports and service feedback
1.3 Information We Explicitly Do NOT Collect
We are committed to minimal data collection and explicitly do not collect:

• Complete browsing history or visited websites
• Personal files, documents, or downloads (unless actively scanned for threats)
• Passwords, login credentials, or authentication tokens
• Video, audio, or streaming platform content
• Personal communications, messages, or emails
• Location data or IP addresses (beyond what's necessary for threat detection)
• Social media activity or personal profile information
2. How We Use Your Information
We use your information only for the specific purposes outlined below, based on legitimate business interests and your consent where required:

• Security Protection: Analyze threat patterns and provide real-time malware protection
• Service Delivery: Process payments through Stripe for premium subscriptions
• Service Improvement: Enhance threat detection algorithms using anonymized data
• Account Management: Manage premium subscriptions and sync settings across devices
• Support Services: Respond to inquiries and provide technical assistance
• Legal Compliance: Meet regulatory requirements and protect user safety
• Communications: Send service updates and security alerts (opt-out available)
Legal Basis (GDPR): We process data based on legitimate interests (security), contract performance (premium services), and consent (marketing communications).

1. Data Storage and Security
   Local Storage
   Most of your data is stored locally on your device using secure browser storage APIs. This includes your settings, whitelist, and threat detection cache.

Cloud Storage (Premium Only)
Premium users can sync settings across devices. This data is encrypted at rest and in transit using industry-standard encryption (AES-256).

Security Measures
• End-to-end encryption for all data transmission
• Regular security audits and penetration testing
• Access controls and employee training
• Secure servers with physical and network security
4. Data Sharing and Third-Party Services
We do not sell, rent, or trade your personal information. We may share limited data only in the specific circumstances outlined below:

Third-Party Service Providers
• Stripe (Payment Processing): For premium subscriptions, we share your email and payment information with Stripe to process payments. Stripe's privacy policy applies to this data.
• Supabase (Cloud Infrastructure): For premium account management and settings sync, hosted with enterprise-grade security
• Email Service Provider: For sending account verification and service communications only
Limited Data Sharing
• Legal Requirements: When required by law, court order, or to protect user safety
• Business Transfers: In case of merger or acquisition (with advance user notification)
• Threat Intelligence: Anonymous, aggregated threat data to improve security for all users
• Emergency Situations: To prevent harm to users or the public
Data Processing Agreements: All third-party providers are bound by data processing agreements and must meet the same privacy standards we maintain.

1. Your Privacy Rights & GDPR/CCPA Compliance
   General User Rights
   • Access: View and download all personal data we have about you
   • Update: Correct any inaccurate or incomplete information
   • Delete: Request complete deletion of your account and associated data
   • Export: Download your settings and preferences in a portable format
   • Opt-out: Disable data collection (with reduced functionality)
   GDPR Rights (EU Residents)
   Under the General Data Protection Regulation, you have the following rights:

• Right to Information: Clear information about how we process your data
• Right of Access: Obtain a copy of your personal data within 30 days
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: "Right to be forgotten" - delete your data
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive data in a machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Lodge a Complaint: File complaints with supervisory authorities
CCPA Rights (California Residents)
Under the California Consumer Privacy Act, you have the following rights:

• Right to Know: What personal information we collect and how it's used
• Right to Delete: Request deletion of personal information
• Right to Opt-Out: Opt-out of the sale of personal information (we don't sell data)
• Right to Non-Discrimination: Equal service regardless of privacy choices
• Right to Correct: Request correction of inaccurate personal information
How to Exercise Your Rights
To exercise any of these rights, contact us at support@shieldiq.io with:

• Your email address associated with your account
• Specific request type (access, delete, correct, etc.)
• Verification of your identity (for security purposes)
Response Time: We will respond to verified requests within 30 days (GDPR) or 45 days (CCPA).

1. Cookies and Tracking
   ShieldIQ uses minimal cookies and tracking technologies:

• Essential Cookies: Required for the extension to function properly
• Authentication Cookies: For premium account login (secure, HttpOnly)
• No Third-Party Tracking: We do not use advertising or analytics cookies
• Local Storage: Browser storage for settings and preferences
7. Children's Privacy
ShieldIQ is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

1. Changes to This Policy
   We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on our website and updating the "Last updated" date. For significant changes, we may also send you a notification through the extension or via email.

Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: support@shieldiq.io

Support: support@shieldiq.io

Address: BrightMinds Systems LLC, 8 The Green, Suite A, Dover, 9901, US