Skip to main content

Privacy Policy

Last updated: April 11, 2026

1. Who We Are

ShieldPi (“we,” “us,” “our”) operates the ShieldPi Watchtower platform at shieldpi.io — an automated LLM security scanner. This policy explains what data we collect, how we use it, and your rights.

Contact: support@shieldpi.io

2. Data We Collect

Account Information

  • Email address and password (hashed)
  • Plan tier and billing information

Scan Data

  • Target URLs, API endpoints, and agent connection details you provide
  • Scan configurations and schedules
  • Scan results: vulnerability findings, payloads, model responses, security scores
  • Generated reports (PDF, JSON, CSV, Markdown, HTML)

Usage Data

  • Pages visited, features used, scan frequency
  • Browser type, device, and IP address

3. How We Use Your Data

  • To operate and improve the ShieldPi platform
  • To run security scans against your specified targets
  • To generate vulnerability reports and security scores
  • To populate the public LLM Security Leaderboard (aggregated, anonymized model scores only)
  • To send service-related communications

We never sell your data. We do not share scan results, target information, or vulnerability findings with third parties.

4. Data Storage & Security

  • Backend infrastructure hosted on Hetzner (Germany), encrypted at rest and in transit
  • Frontend served via Vercel with edge caching
  • All API communication over HTTPS with TLS 1.3
  • Passwords hashed with bcrypt; API keys encrypted with AES-256
  • Database backups encrypted and stored separately

5. Data Retention

Scan results and reports are retained based on your plan:

PlanRetention
Free7 days
Pro ($499/mo)90 days
Team365 days
EnterpriseCustom

You can delete your account and all associated data at any time from Settings.

6. Cookies

We use essential cookies for authentication and session management. We do not use advertising or tracking cookies.

  • Session cookie — Maintains your login state. Expires when you close your browser or after 30 days.
  • Preference cookie — Stores UI preferences (theme, sidebar state). Persistent.

No third-party analytics or advertising cookies are used.

7. Your Rights (GDPR)

If you are in the EU/EEA, you have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your data (“right to be forgotten”)
  • Export your data in a portable format
  • Object to data processing
  • Withdraw consent at any time

To exercise any of these rights, contact support@shieldpi.io. We will respond within 30 days.

8. Changes to This Policy

We may update this policy as our platform evolves. Material changes will be communicated via email to registered users. Continued use of ShieldPi after changes constitutes acceptance.