🔒 Legal

Privacy Policy

Effective Date: March 1, 2026 · Last Updated: March 1, 2026
Controller: TitanShieldAI, Inc. · Contact: privacy@titanshield.ai

TL;DR: We collect only what we need to run the service. We never sell your data. You can delete everything at any time. We use industry-standard encryption at rest and in transit. GDPR and CCPA compliant.

1. Who We Are

TitanShieldAI, Inc. ("TitanShieldAI", "we", "us", or "our") operates the security monitoring and threat intelligence platform available at titanshield.ai and any associated APIs, SDKs, and subdomains (collectively, the "Service").

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Service. By using the Service, you agree to the collection and use of information described in this Policy.

2. Information We Collect

2.1 Account Information

When you register via GitHub OAuth, we receive: your public GitHub username, email address, and profile name. We do not receive or store your GitHub password.

2.2 Usage & Telemetry Data

To provide threat detection and security monitoring, our SDK may collect:

Request metadata: HTTP method, path, status code, response time, timestamp
Client IP addresses (used for threat scoring; never sold or shared with third parties)
User-agent strings and browser fingerprints (for bot detection)
Rate-limit and anomaly events triggered by your applications
Security event logs (threats detected, blocked requests, rule triggers)

2.3 Payment Information

Payments are processed by Stripe, Inc. We receive only a payment token and subscription status. We never see or store your full card number, CVV, or bank details.

2.4 Communications

If you contact us or join our waitlist, we store your email address and the content of your message to respond to you.

2.5 Cookies & Local Storage

Name	Purpose	Duration
`__session`	Firebase Auth session token	Session
`ts_pref`	Dashboard display preferences	1 year
`_ga`	Anonymous analytics (Google Analytics, if enabled)	2 years

You may disable cookies in your browser settings. Core functionality requires the session cookie.

3. How We Use Your Information

Service delivery: Authenticate users, provide dashboard access, process security events
Threat intelligence: Aggregate anonymized signals across our network to improve detection models
Security monitoring: Detect abuse, fraud, and unauthorized access to our own platform
Product improvement: Analyze feature usage to improve the Service
Communications: Send transactional emails (alerts, billing receipts, account notices) and, with consent, product updates
Legal compliance: Meet our legal obligations and respond to lawful requests

We will not use your data for advertising purposes or sell it to data brokers — ever.

4. Legal Basis for Processing (GDPR)

Processing Activity	Legal Basis
Account creation & authentication	Contract (Art. 6(1)(b))
Security event monitoring	Legitimate interests (Art. 6(1)(f))
Marketing communications	Consent (Art. 6(1)(a))
Payment processing	Contract (Art. 6(1)(b))
Legal compliance	Legal obligation (Art. 6(1)(c))

5. Data Sharing & Disclosure

We share your data with the following categories of recipients only:

Firebase / Google Cloud: Infrastructure, authentication, and database hosting
Stripe: Payment processing
GitHub: OAuth authentication only
Legal authorities: When required by law, court order, or to protect our rights

All third-party processors are bound by data processing agreements. We do not sell, rent, or trade your personal data to any third party for their own marketing purposes.

6. Data Retention

We retain personal data for as long as your account is active or as needed to provide services. Detailed security event logs are retained for 90 days. Aggregated, anonymized analytics are retained indefinitely. You may request deletion at any time (see Section 8).

7. Security

We implement enterprise-grade security measures including:

AES-256 encryption at rest for all stored data
TLS 1.3 encryption in transit
Quantum-signed audit logs (ML-DSA-65) for tamper-evidence
QRNG (Quantum Random Number Generator) session tokens
Role-based access controls with least-privilege enforcement
Regular penetration testing and security audits

No method of electronic transmission is 100% secure. We notify affected users within 72 hours of discovering a breach material to their data.

8. Your Rights

👁️

Access

Request a copy of all personal data we hold about you.

✏️

Rectification

Correct inaccurate or incomplete personal data.

🗑️

Erasure

Request deletion of all your personal data ("right to be forgotten").

⏸️

Restriction

Request we limit how we use your data while a dispute is resolved.

📦

Portability

Receive your data in a structured, machine-readable format (JSON/CSV).

🚫

Objection

Object to processing based on legitimate interests or for direct marketing.

To exercise any right, email privacy@titanshield.ai. We respond within 30 days. California residents have additional rights under the CCPA — see Section 10.

9. International Data Transfers

TitanShieldAI operates primarily in the United States. If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, your data may be transferred to the US. We rely on Standard Contractual Clauses (SCCs) approved by the European Commission to safeguard such transfers.

10. California Privacy Rights (CCPA / CPRA)

California residents have the right to:

Know what personal information we collect and how it is used
Delete personal information, subject to certain exceptions
Opt out of the sale of personal information (we do not sell personal information)
Non-discrimination for exercising your privacy rights
Correct inaccurate personal information under the CPRA

To submit a CCPA request, email privacy@titanshield.ai with the subject "CCPA Request".

11. Children's Privacy

The Service is not directed to individuals under 16 years of age. We do not knowingly collect personal information from children. If we become aware that a child under 16 has provided personal information, we will delete it immediately. Contact privacy@titanshield.ai if you believe we have inadvertently collected such information.

12. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by email (if you have an account) and by posting the updated policy with a new "Last Updated" date. We encourage you to review this page periodically. Continued use of the Service after changes constitutes acceptance.

13. Contact

For privacy-related questions, requests, or complaints:

Email: privacy@titanshield.ai
General: hello@titanshield.ai
Website: titanshield.ai

EU/UK residents may also lodge a complaint with their local data protection authority.