Compliance
Compliance & Data Protection
We're committed to protecting your data and complying with global privacy regulations.
Regulatory Compliance
GDPR
General Data Protection Regulation
Compliant
European Union
- Right to access personal data
- Right to data portability
- Right to erasure (right to be forgotten)
- Data processing transparency
- Privacy by design and by default
- Breach notification within 72 hours
CCPA
California Consumer Privacy Act
Compliant
California, USA
- Right to know what data is collected
- Right to delete personal information
- Right to opt-out of data sales
- Non-discrimination for privacy rights
- Privacy policy disclosure
SOC 2 Type II
Service Organization Control
In Progress
Global
- Security controls audited
- Availability monitoring
- Processing integrity verification
- Confidentiality measures
- Privacy safeguards
Your Privacy Rights
Access Your Data
Request a copy of all personal data we have about you.
Email us at privacy@agent-shield.com
Rectify Your Data
Update or correct inaccurate personal information.
Update in dashboard settings or email us
Delete Your Data
Request deletion of your account and all associated data.
Settings → Account → Delete Account
Data Portability
Export your data in a machine-readable format.
Dashboard → Export Data
Withdraw Consent
Opt-out of data processing at any time.
Settings → Privacy Settings
Lodge a Complaint
File a complaint with your local data protection authority.
Contact us at privacy@agent-shield.com
Data Processing Activities
| Purpose | Data Collected | Legal Basis | Retention |
|---|---|---|---|
| Service Delivery | Account info, API keys, agent logs | Contract performance | Until account deletion |
| Security & Fraud Prevention | IP addresses, login history, device info | Legitimate interest | 90 days |
| Analytics & Improvement | Usage statistics, feature usage | Legitimate interest | 1 year |
| Marketing Communications | Email address, preferences | Consent | Until consent withdrawn |
Security Measures
Encryption
AES-256 at rest, TLS 1.3 in transit
Access Controls
Role-based access, multi-factor authentication
Audit Logging
Comprehensive logging of all data access
Regular Audits
Quarterly security and compliance reviews
International Data Transfers
How we handle data across borders
Standard Contractual Clauses (SCCs)
We use EU-approved SCCs for all data transfers outside the EEA.
Data Residency
Primary data storage in Google Cloud (multi-region: US, EU). Enterprise customers can request specific regions.
Third-Party Processors
We maintain a list of all sub-processors and notify you of changes. Current processors: Google Cloud Platform, Firebase.
Data Breach Response
Our incident response process
<1hr
Detection Time
<24hrs
Initial Assessment
<72hrs
Authority Notification
Immediate
User Notification
In the unlikely event of a data breach, we will notify affected users immediately and report to relevant authorities within 72 hours as required by GDPR.