Trust & Security

We are stewards of your data.

At Shield we believe that your data belongs to you and it is our top priority to ensure that our users and their data is safe and secure.

Hosting and Storage

All Shield services and data are hosted with DigitalOcean on servers in Frankfurt, Germany and Amsterdam, Holland. DigitalOcean employs robust physical and virtual security programs, including SOC 2 Type II, ISO/IEC 27001:2013, and PCI-DSS certifications. For more information please see their legal documents and Security Certification Reports.

Encryption

All incoming data to Shield is encrypted in transit and all data stored by Shield is encrypted at rest using SHA-256 encryption. Our API and application endpoints utilize TLS/SSL cryptographic protocols.

Session tokens

We utilize session tokens to obtain authorized access to relevant data endpoints via active consent from each user upon signup, using the Shield Chrome Extension. This grants us access to port the necessary data to both deliver our services and grant users access to what rightfully belongs to them - their data.

Virtual Private Cloud

All servers are located within isolated Virtual Private Cloud networks separated from other networks to prevent unauthorized access.

Incident Response

Shield has a process for handling any and all types of incidents and security events which includes escalation procedures, prompt mitigation and post mortem. All employees are informed of these policies and are ready to take appropriate action.

Backups and Monitoring

We utilize DigitalOcean’s backup services to reduce the risk of data loss in the event of failure or unforeseen events. Furthermore, we perform our own backups of all user data and employ multiple monitoring services to alert the team in event of any failures affecting users.

Security Awareness

All Shield employees go through employee onboarding including security awareness training, data privacy & security best practices covering password management, phishing and more.

Confidentiality

All Shield employees have signed confidentiality agreements before undertaking any activities in the company.

Permissions and Authentication

Access to the Shield backend infrastructure is limited to relevant individuals who require such access for their role in the company.

PCI Compliance

All payments processed via Shield are handled by Stripe Payments. Details on their setup and compliance can be found here.

Third-Party Penetration Testing

Shield undergoes independent third-party penetration tests bi-annually to identify and eliminate any security vulnerabilities.

Read more about Your Data.