Privacy Policy

Last updated: 10/02/25

Schild Technologies ("we", "us", or "our") is committed to protecting the privacy and security of the data entrusted to us. This privacy policy describes how we collect, use, store, share, and protect information when you use our software-as-a-service (SaaS) platform ("Platform") designed for security organizations.

1. Information We Collect

We collect and process the following types of information:

a. Account and Organization Data

  • Name, email address, phone number of account administrators and users
  • Organization name and contact details
  • Billing and payment information (processed through our payment processor, Stripe)
  • Account preferences and settings

b. Operational and Employment Data

  • Personnel information including type of employment and pay rate
  • Client and site details
  • SecOps parameters
  • Uploaded files
  • Internal messages
  • Assignment history, shift records, and activity logs

c. Technical Data

  • IP addresses, device information, browser type, and operating system
  • Log data and usage analytics (for security and performance monitoring)
  • Session cookies necessary for platform functionality
  • Access logs and authentication records

2. How We Use Information

We use the information we collect for the following purposes:

  • Provide, operate, and maintain the Platform and its features
  • Process transactions and manage billing
  • Ensure compliance, operational accountability, and regulatory requirements
  • Monitor and improve system reliability, security, and user experience
  • Provide customer support and respond to inquiries
  • Fulfill legal and regulatory obligations
  • Assist with account access recovery when requested by authorized administrators
  • Detect, prevent, and address technical issues, fraud, or security threats
  • Send notices about service changes, updates, or security alerts

3. Data Sharing and Disclosure

We do not sell, rent, or trade your data. We may share data only under the following limited circumstances:

a. Service Providers

We work with trusted third-party service providers who assist us in operating our Platform. These providers have access to your information only to perform specific tasks on our behalf and are obligated to protect your information. Our service providers include:

  • Cloud hosting providers for data storage and infrastructure
  • Stripe for payment processing

b. Account Recovery

We may share information with you or your authorized representatives to assist with account access recovery in cases of root administrator lockout, following appropriate verification procedures.

c. Legal Obligations

We may disclose your information when required by law or in response to valid legal requests, including to:

  • Comply with legal process
  • Enforce our Terms of Service or other agreements
  • Protect the rights, property, or safety of Schild Technologies, or its customers
  • Detect, prevent, or address fraud, security, or technical issues

d. Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your information.

4. Data Security

We take data security seriously and have implemented technical and organizational measures to protect your information from unauthorized access, disclosure, alteration, or destruction. Our security practices include:

  • Encryption of data in transit
  • Encryption of data at rest in our databases and storage systems
  • Multi-layer access controls with role-based permissions
  • Audit logging and monitoring of system access
  • Regular security assessments, vulnerability scanning, and penetration testing
  • Prompt security patching and updates
  • Training on data protection and security best practices
  • Secure authentication mechanisms and password requirements

While we implement strong security measures, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security but are committed to protecting your information using industry best practices.

5. International Data Transfers

Our Platform and data infrastructure are located in the United States. If you access our services from outside the United States, your information will be transferred to, stored, and processed in the United States.

By using our Platform, you consent to the transfer of your information to the United States. We ensure appropriate safeguards are in place to protect your information in accordance with this privacy policy and applicable data protection laws.

6. Data Retention

We retain your information for different periods depending on the type of data and purpose:

  • Active accounts: We retain all data for as long as your organization maintains an active account with us
  • After cancellation: Following account cancellation, we will delete uploaded operational data within months, unless retention is required for legal, regulatory, or contractual obligations
  • Inactive accounts: We may delete accounts and associated data after a period of inactivity. We will provide advance notice before such deletion occurs
  • Legal requirements: Some data may be retained longer when necessary to comply with legal obligations, resolve disputes, enforce agreements, or as required by applicable employment and tax laws

Upon request and subject to legal requirements, we can provide information about specific data retention periods applicable to your account.

7. Your Rights and Choices

You have certain rights regarding your personal information. Depending on your jurisdiction, these may include:

General Rights

  • Access: Request access to the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information, subject to legal and contractual obligations
  • Portability: Request a copy of your data in a structured, commonly used format
  • Objection: Object to certain processing activities
  • Restriction: Request restriction of processing under certain circumstances

California Residents (CCPA)

Under the California Consumer Privacy Act (CCPA), California residents have specific rights including:

  • Right to know what personal information we collect, use, disclose, and sell
  • Right to request deletion of personal information
  • Right to opt-out of the sale of personal information (note: we do not sell personal information)
  • Right to non-discrimination for exercising your CCPA rights

To exercise these rights, please contact us here.

European Users (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR) including:

  • Right to access your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten") under certain circumstances
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing based on legitimate interests
  • Right to withdraw consent at any time (where processing is based on consent)
  • Right to lodge a complaint with your local data protection authority

Our legal basis for processing your data includes: performance of contract, compliance with legal obligations, legitimate interests, and consent where applicable.

Exercising Your Rights

To exercise any of these rights, please contact us here. We will respond to your request within the timeframe required by applicable law. We may need to verify your identity before processing your request to protect your privacy and security.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to operate and secure our Platform. Here's what we use:

Essential Cookies

We use essential session cookies that are necessary for the Platform to function properly. These cookies enable core functionality such as user authentication, session management, and security features. These cookies cannot be disabled as they are required for the Platform to operate.

9. Data Breach Notification

In the event of a data breach that affects your personal information, we will notify you and, where required, relevant regulatory authorities within 72 hours of becoming aware of the breach.

Our notification will include information about the nature of the breach, the data affected, potential consequences, and the measures we are taking to address the breach and prevent future incidents.

10. Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect, use, or disclose personal information from minors.

If we become aware that we have inadvertently collected personal information from someone under 18 who is not a business owner or personnel, we will take steps to delete such information promptly. If you believe we have inappropriately collected information from a minor, please contact us immediately.

11. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will update the date at the top of this policy.

For material changes that significantly affect your rights or how we use your information, we will provide prominent notice through the Platform or by email to your registered email address at least 30 days before the changes take effect.

Your continued use of the Platform constitutes acceptance of this privacy policy. If you do not agree with the changes, please discontinue use of the Platform.

12. Contact Us

If you have questions, concerns, or requests regarding this privacy policy or our data practices, please contact us here. We will respond to your inquiry as promptly as possible.

Features

Resources

Legal

© 2025 Schild Technologies