Privacy Policy

Introduction

AI Shield ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our browser extension and services.

Information We Collect

Information You Provide

• Account Information: Email address, company name
• Payment Information: Processed securely through Stripe (we do not store payment card details)
• API Keys: Generated automatically for authentication

Information Collected Automatically

• Detection Data: Types of sensitive data detected (PII patterns), timestamps, AI platform URLs
• Usage Data: Extension activity, detection counts
• Technical Data: Browser type, operating system, IP address (for security purposes only)

Information We Do NOT Collect

• Actual Content: We do NOT store the actual sensitive data detected (e.g., the real CPF/credit card numbers)
• Conversation Content: We do NOT store your conversations with AI platforms
• Browsing History: We only monitor supported AI platforms while the extension is active

How We Use Your Information

We use your information to:

• Provide Services: Detect and alert you about sensitive data in AI interactions
• Generate Reports: Monthly compliance reports for your organization
• Process Payments: Through our payment processor, Stripe
• Send Communications: Service emails, API keys, monthly reports
• Improve Services: Analyze aggregated usage patterns
• Ensure Security: Detect and prevent fraud or abuse

Legal Basis for Processing (GDPR)

We process your data under the following legal bases:

• Contract Performance: To provide the services you subscribed to
• Legitimate Interest: To improve our services and ensure security
• Consent: For marketing communications (which you can opt out of)
• Legal Obligation: To comply with applicable laws and regulations

Data Sharing and Disclosure

Service Providers

• Stripe: Payment processing (PCI-DSS compliant)
• Resend: Email delivery service
• Railway: Hosting infrastructure (EU servers)
• Vercel: Website hosting

Legal Requirements

We may disclose your information if required by law, legal process, or government request.

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred.

We do NOT sell your personal data to third parties.

Data Retention

• Account Data: Retained while your subscription is active, plus 90 days after cancellation
• Detection Logs: Retained for 12 months for compliance reporting
• Payment Records: Retained for 7 years for tax and accounting purposes (as required by law)
• Deleted Data: Permanently deleted within 30 days of retention period end

Your Rights (GDPR & CCPA)

You have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data ("right to be forgotten")
• Restriction: Limit how we process your data
• Portability: Receive your data in a structured, machine-readable format
• Objection: Object to processing based on legitimate interests
• Withdraw Consent: Opt out of marketing communications at any time

To exercise these rights, contact us at: support@getaishield.eu

Data Security

We implement industry-standard security measures:

• Encryption: Data encrypted in transit (TLS/SSL) and at rest (AES-256)
• Access Controls: Strict authentication and authorization protocols
• Regular Audits: Security assessments and penetration testing
• Minimal Data Collection: We collect only what is necessary
• Pseudonymization: Sensitive data is masked before storage

International Data Transfers

Our servers are located in the European Union. If you access our services from outside the EU, your data may be transferred to and processed in the EU under GDPR protections.

Cookies and Tracking

Our website uses:

• Essential Cookies: Required for the website to function
• Analytics Cookies: To understand how you use our site (you can opt out)

Our browser extension does NOT use cookies or trackers.

Children's Privacy

Our services are not intended for children under 18. We do not knowingly collect data from children.

EU AI Act Compliance

AI Shield is designed to help organizations comply with the EU AI Act by:

• Detecting and preventing inadvertent disclosure of personal data to AI systems
• Providing audit trails of data interactions with AI platforms
• Enabling organizations to demonstrate compliance with AI governance requirements

Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or prominent notice on our website.

Contact Us

For privacy-related questions or to exercise your rights:

• Website: https://getaishield.eu
• Support: support@getaishield.eu