Data Processing Agreement

Plain-English summary: This DPA makes Shield a processor of your personal data under GDPR. It mirrors our Terms of Service and Privacy Notice in short, clear clauses.

1. Parties

Controller (Customer): The entity accepting Shield's Terms of Service.
Processor (Shield): Shield Intelligence ApS, Nørrebrogade 36A, 1, 2200 Copenhagen N, Denmark (CVR 39484358).

2. Subject-matter & duration

Processing of LinkedIn profile data, usage analytics, and any content you upload while your subscription is active.
Ends when all customer data is deleted under § 10.

3. Nature & purpose of processing

Provide, secure, and improve the Shield platform, and generate Aggregated Data in accordance with § 14.
The Shield AI Agent (included in new trials) processes prompts for content suggestions and analytics per the AI Policy.

4. Types of personal data & data subjects

Profile identifiers, headlines, posts, profile, content and usage metrics.
Users of the customer's Shield workspace.

(Full tables in Annex I.)

5. Processor obligations

Process only on documented instructions (this DPA + in-app settings).
Ensure confidentiality and limit staff access.
Implement security measures in Annex II.
Sub-processors only with notice and right to object (Annex III list).
Assist controller with data-subject rights, DPIAs, and consultations.
Delete or return data under § 10.

6. Sub-processors

Current Public Sub-processor list (email alerts for changes ≥ 30 days in advance).

7. Security measures

Encryption in transit (TLS 1.2+) and at rest.
Logical segregation by organization IDs.
Access via SSO/MFA; least-privilege RBAC.
Daily backups → encrypted → stored in EU; overwritten within 30 days.
24/7 monitoring, alerting, and automated failover.

(Details in Annex II.)

8. International transfers

Primary storage. Customer Data rests in DigitalOcean FRA 1 (Frankfurt) and AMS 3 (Amsterdam).
AI prompts. The Shield AI Agent is included in new trials. When you use it, the prompt text is sent to OpenAI, LLC and Anthropic PBC in the United States for inference. Both are certified under the EU–US Data-Privacy Framework (DPF); if that framework or adequacy decision lapses, Shield relies on the EU 2021 Standard Contractual Clauses (SCCs) Module 2 plus the safeguards in Annex IV.
Operational vendors with third-country processing. Limited personal data may also be processed outside the EEA by: Intercom, Mailjet / Postmark, Auth0, Stripe, Cloudflare, Google Workspace, Google Cloud Platform, Sentry (all United States), and Userback (Australia). Where the vendor is DPF-certified, Shield relies on the DPF; otherwise the SCCs Module 2/3 and the measures in Annex IV apply.
Analytics collected through PostHog EU Cloud remains inside the EEA.

9. Audit rights

Annual security report & questionnaire free of charge.
One on-site audit per 12-month period on 30-days' notice; customer bears reasonable costs.

10. Breach notification

Shield will notify the customer within 24 hours after confirming a personal-data breach, sharing known details and mitigation steps.

11. Liability

Each party's total liability under this DPA is capped at the fees paid in the preceding 12 months (except for death, personal injury, or wilful misconduct where limitation is unlawful).

12. Termination & deletion

On termination of the Service, Shield deletes customer data within 6 months; backups overwritten within 30 days.

13. Governing law & venue

Danish law; exclusive venue: Copenhagen City Court.

14. Aggregated and anonymized data

14.1 Customer acknowledges that Shield may generate Aggregated Data from the Customer Personal Data processed under this DPA and may use such Aggregated Data for its own legitimate business purposes, including analytics, industry benchmarking, and the development, improvement, and provision of products, services, and reports (including commercial insights reports), provided that such Aggregated Data:

(a) does not identify Customer, any data subject, or any of Customer's users;

(b) does not include Customer Confidential Information in identifiable form; and

(c) is not reasonably capable of being used, alone or in combination with other data, to re-identify any natural person or Customer.

14.2 For the purposes of this § 14, "Aggregated Data" means data that has been combined with other data and summarized to a level that no longer relates to an identified or identifiable natural person or Customer.

14.3 Shield will not attempt to re-identify any data subject or Customer from Aggregated Data.

14.4 Once created in accordance with this § 14, Aggregated Data is not considered personal data under this DPA and Shield may process it as an independent controller.

Annex I – Description of processing

Item	Details
Purpose	Provide the Shield analytics platform (including the Shield AI Agent for new trials) and generate Aggregated Data as described in § 14.
Data categories	Name, LinkedIn profile URL, posts and metrics; account email; usage analytics
Data subjects	Customer employees or contractors who use Shield
Retention	Active subscription; deleted 6 months post-termination

Annex II – Technical & organisational measures (TOMs)

Encryption in transit and at rest.
Access control: SSO/MFA, RBAC, annual access review.
Data segregation by organization ID.
Secure software dev lifecycle (GitHub PR reviews, static analysis, dependency scanning).
Logging & monitoring, alerts triaged 24/7.

Annex III – Authorized sub-processors

Vendor	Purpose	Location(s)	Transfer mechanism*	Key safeguards
OpenAI, LLC	AI-model inference (prompts via MCP)	United States	EU–US DPF / SCCs M 2 fallback	TLS 1.2+, at-rest encryption; no model training; 30-day log retention
Anthropic PBC	AI-model inference (prompts via MCP)	United States	EU–US DPF / SCCs M 2 fallback	Same as above
Intercom Inc.	Chat & support tickets	EU primary, US fail-over	EU–US DPF / SCCs M 2 fallback	EU data storage; audited access log
Mailjet SAS / Postmark (ActiveCampaign LLC)	Transactional email	France primary, US MTAs	EU–US DPF / SCCs M 2 fallback	TLS, DKIM / SPF; ≤45-day message retention
Auth0 (Okta Inc.)	Identity provider / SSO	EU edge, US core	EU–US DPF / SCCs M 2 fallback	Token & log encryption; anomaly-detection only
Google Workspace	Corporate email & docs metadata	United States	EU–US DPF	Metadata only; no production data
Google Cloud Platform	Social-login avatars & object storage	United States	EU–US DPF	Signed URLs; server-side encryption
Cloudflare Inc.	CDN & WAF	Global incl. US	EU–US DPF / SCCs M 2 fallback	Regional Edge inside EEA for primary traffic
Stripe Payments Europe / Stripe Inc.	Payment processing	Ireland & US	Stripe BCRs / EU–US DPF	PCI-DSS L1; tokenization
Sentry Inc.	Error logging & monitoring	United States	SCCs M 2	PII scrubber; 90-day retention
Userback Pty Ltd	Feature-request screenshots	Australia	SCCs M 2	ISO 27001; access-controlled blobs

* If the EU-US DPF or other adequacy decision becomes unavailable, Shield relies on the EU 2021 SCCs Module 2/3 plus the technical & organisational measures in Annex II and Annex IV.

EU-only vendors (DigitalOcean, ChartMogul, PostHog EU Cloud, Rewardful, etc.) and any future EU-hosted additions appear solely on the live Public Sub-processor list.

Annex IV – Transfer safeguards

EU–US DPF (self-certification) for Google Workspace, Google Cloud Platform, OpenAI, Anthropic, Intercom, Mailjet / Postmark, Auth0, Cloudflare, Stripe.
EU 2021 SCCs Module 2/3 + Annex II TOMs for Sentry, Userback, and as fallback for any DPF-certified vendor if the framework is invalidated.
Binding Corporate Rules (BCRs) – Stripe Payments Europe (processing under approved BCRs).
Additional technical measures for all transfers: TLS 1.2+ in transit, AES-256 at rest, strict access control, short log retention (<30 days) in US regions.

Signature

Processor	Date
Shield Intelligence ApS	12 Dec 2025
ANDREAS JONSSON CEO, SHIELD

(Customer accepts these terms by creating a Shield account or otherwise using the Service.)

UK or Swiss data exporter? Email legal@shieldapp.ai and we'll countersign the UK IDTA Addendum or Swiss clauses within seven (7) business days.