Privacy Policy

1. Introduction

Shieldbase AI Pte. Ltd. (“Shieldbase”, “we”, “our”, or “us”) is committed to protecting personal and organizational data and ensuring transparency in how we collect, use, and safeguard information.

This Privacy Policy explains how Shieldbase collects, processes, and protects data when you use our products, services, and platforms (collectively, the “Services”).

Shieldbase is headquartered in Singapore and complies with the Personal Data Protection Act 2012 (PDPA), the EU General Data Protection Regulation (GDPR), and other international privacy frameworks.

Where we access or process data via third-party APIs (e.g., Google Workspace APIs, Microsoft Graph, Slack, Zoom, Salesforce), we also comply with those providers’ user-data and developer policies.

2. Scope

This Policy applies to:

• Users of Shieldbase AI platforms, APIs, and applications;
• Enterprise customers and their authorized users;
• Visitors to Shieldbase websites and resources.

It does not apply to third-party services with their own privacy policies.

3. Information We Collect

a. Account and Contact Information

Name, email, organization, title, phone, and credentials.

b. Usage and Activity Data

Log files, access timestamps, API usage, interactions, and device identifiers.

c. Customer Data and Content

Content, documents, databases, or data processed through Shieldbase AI. Shieldbase acts as a data processor, handling such data solely under the customer’s instructions.

d. Technical Data

Browser, operating system, IP address, cookies, and identifiers.

e. AI Training and Model Improvement Data

Shieldbase does not use customer data from enterprise or dedicated environments to train shared foundation models.

f. Data from Third-Party APIs

If you enable integrations with third-party APIs (e.g., Google Workspace, Microsoft 365, Slack, Zoom, Salesforce):

• We access only the minimum necessary scopes and obtain explicit user consent;
• We follow Google Workspace API Services User Data Policy and equivalent frameworks;
• We do not use such data for advertising, resale, or model training;
• We clearly disclose each integration’s purpose, data access, and retention behavior.

4. How We Use Information

We process data to:

1. Provide and maintain our Services;
2. Authenticate and manage user access;
3. Improve performance, security, and usability;
4. Deliver support, communications, and updates;
5. Fulfil legal or regulatory obligations;
6. Execute authorized third-party integrations strictly as described above.

5. Legal Bases for Processing

Depending on jurisdiction, processing may rely on:

• Performance of a contract;
• Legitimate interest (balanced against user rights);
• Compliance with legal obligations;
• User consent for specific or third-party data uses.

6. Data Storage and Transfers

Data is stored in secure centers located in Singapore and other approved regions per data-residency requirements. Cross-border transfers use Standard Contractual Clauses, Data Transfer Agreements, or equivalent safeguards. Third-party API data transfers comply with the relevant provider’s policy and applicable laws.

7. Subprocessors and Sharing

Shieldbase does not sell personal data. Data may be shared only with:

• Authorized service providers or subprocessors bound by PDPA/GDPR-compliant agreements;
• Legal or regulatory authorities where required;
• Successors in a merger/acquisition under confidentiality;
• Third-party APIs, strictly within approved limited-use purposes and with explicit consent.

A current list of subprocessors is maintained at https://shieldbase.ai/subprocessors.

8. Data Retention

Data is retained only as long as necessary for stated purposes or legal obligations. Upon termination or request, data is securely deleted or anonymized. Third-party API data is cached temporarily (if needed) and purged within 30 days unless the user opts for longer retention.

9. Security

Shieldbase applies industry-standard security:

• Encryption (at rest & in transit)
• Role-based access control
• Continuous monitoring
• Regular penetration and compliance assessments

For APIs with restricted scopes (e.g., Google Workspace), we meet or exceed the provider’s additional security requirements, including periodic independent audits if mandated.

10. Your Rights

Depending on jurisdiction, you may:

• Access, correct, or delete personal data;
• Withdraw consent or object to processing;
• Request restriction or portability of data;
• Revoke third-party API access at any time via your Shieldbase account, provider’s console, or by emailing privacy@shieldbase.ai.

We respond within legal timeframes and confirm revocations or deletions upon completion.

11. Cookies and Tracking

We use cookies and similar technologies to enhance experience and measure usage. Cookie preferences can be adjusted via browser settings. If a third-party integration uses its own cookies, this will be disclosed and subject to its respective policy.

12. AI Transparency and Ethical Use

Shieldbase adheres to the following AI governance principles:

• No model training using customer or API data;
• Explainability and human oversight in decision-critical contexts;
• Compliance with Singapore’s Model AI Governance Framework and emerging AI regulations worldwide.

Any AI use of third-party data strictly follows limited-use and consent rules.

13. International Compliance

Shieldbase complies with:

• Singapore PDPA;
• EU GDPR;
• UK Data Protection Act 2018;
• Relevant U.S., Australian, and APAC privacy laws;
• Third-party API provider data policies (e.g., Google Workspace API Services User Data Policy).

14. Changes to this Policy

We may update this Policy periodically. Material changes will be communicated directly to registered users or posted with a revised effective date. We will also update this Policy if third-party provider terms change materially.

15. Contact Us

Shieldbase AI Pte. Ltd.

1 Marina Boulevard, Singapore 018989

Email: privacy@shieldbase.ai