Privacy Policy

Last Updated: April 2026

This Privacy Policy explains how SovereignShield ("we", "us", or "our") collects, uses, formats, and protects data when you use the SovereignShield API and website.

1. Information We Collect

Because SovereignShield operates as a security middleware, we process API queries containing text payloads.

• Log Data: We collect metadata including IP addresses, timestamps, and API key hashes for rate-limiting and firewall purposes.
• Payload Data: Data sent to the /report endpoint is stored to train and improve the AdaptiveShield deterministic engine.

2. Data Processing and Retention

We act as a Data Processor for the payloads sent to our API.

• All API logs (including potentially sensitive blocked payloads) are retained for a maximum of 30 days, at which point a pruning script permanently deletes them.
• If you use the deterministic-only tier, your data is never sent to third-party LLM providers.
• Data submitted via the /scan/veto endpoint may be processed by your configured LLM provider securely.

3. Your Rights (GDPR / CCPA)

Under applicable privacy laws, you have the right to request access to, correction of, or deletion of the personal data we hold about you. You may also withdraw your consent for future processing. To exercise these rights, please contact our Data Protection Officer at: contact@sovereign-shield.net

4. Sub-processors

SovereignShield uses the following sub-processors to deliver its service:

• Google Cloud Platform: Hosting and database storage (Region: us-central1).
• Stripe: Payment processing.

5. Contact Us

For privacy-related inquiries, please contact us at contact@sovereign-shield.net.