Contact Us

Contact Us

Privacy Policy

Privacy Policy

Privacy Policy

Last Updated: 21 October 2025

1. Introduction

Shieldbase AI Pte. Ltd. (“Shieldbase”, “we”, “our”, or “us”) is committed to protecting personal and organizational data and ensuring transparency in how we collect, use, and safeguard information.

This Privacy Policy explains how Shieldbase collects, processes, and protects data when you use our products, services, and platforms (collectively, the “Services”).

Shieldbase is headquartered in Singapore and complies with the Personal Data Protection Act 2012 (PDPA), the EU General Data Protection Regulation (GDPR), and other international privacy frameworks.

Where we access or process data via third-party APIs (e.g., Google Workspace APIs, Microsoft Graph, Slack, Zoom, Salesforce), we also comply with those providers’ user-data and developer policies.

2. Scope

This Policy applies to:

  • Users of Shieldbase AI platforms, APIs, and applications;

  • Enterprise customers and their authorized users;

  • Visitors to Shieldbase websites and resources.

It does not apply to third-party services with their own privacy policies.

3. Information We Collect

a. Account and Contact Information

Name, email, organization, title, phone, and credentials.


b. Usage and Activity Data

Log files, access timestamps, API usage, interactions, and device identifiers.


c. Customer Data and Content

Content, documents, databases, or data processed through Shieldbase AI.
Shieldbase acts as a data processor, handling such data solely under the customer’s instructions.


d. Technical Data

Browser, operating system, IP address, cookies, and identifiers.


e. AI Training and Model Improvement Data

Shieldbase does not use customer data from enterprise or dedicated environments to train shared foundation models.


f. Data from Third-Party APIs

If you enable integrations with third-party APIs (e.g., Google Workspace, Microsoft 365, Slack, Zoom, Salesforce):

  • We access only the minimum necessary scopes and obtain explicit user consent;

  • We follow Google Workspace API Services User Data Policy and equivalent frameworks;

  • We do not use such data for advertising, resale, or model training;

  • We clearly disclose each integration’s purpose, data access, and retention behavior.

4. How We Use Information

We process data to:

  1. Provide and maintain our Services;

  2. Authenticate and manage user access;

  3. Improve performance, security, and usability;

  4. Deliver support, communications, and updates;

  5. Fulfil legal or regulatory obligations;

  6. Execute authorized third-party integrations strictly as described above.

5. Legal Bases for Processing

Depending on jurisdiction, processing may rely on:

  • Performance of a contract;

  • Legitimate interest (balanced against user rights);

  • Compliance with legal obligations;

  • User consent for specific or third-party data uses.

6. Data Storage and Transfers

Data is stored in secure centers located in Singapore and other approved regions per data-residency requirements.
Cross-border transfers use Standard Contractual Clauses, Data Transfer Agreements, or equivalent safeguards.
Third-party API data transfers comply with the relevant provider’s policy and applicable laws.

7. Data Sharing and Disclosure

Shieldbase does not sell personal data.
Data may be shared only with:

  • Authorized service providers or subprocessors bound by PDPA/GDPR-compliant agreements;

  • Legal or regulatory authorities where required;

  • Successors in a merger/acquisition under confidentiality;

  • Third-party APIs, strictly within approved limited-use purposes and with explicit consent.

A current list of subprocessors is maintained at https://shieldbase.ai/subprocessors.

8. Data Retention

Data is retained only as long as necessary for stated purposes or legal obligations.
Upon termination or request, data is securely deleted or anonymized.
Third-party API data is cached temporarily (if needed) and purged within 30 days unless the user opts for longer retention.

9. Security

Shieldbase applies industry-standard security:

  • Encryption (at rest & in transit)

  • Role-based access control

  • Continuous monitoring

  • Regular penetration and compliance assessments

For APIs with restricted scopes (e.g., Google Workspace), we meet or exceed the provider’s additional security requirements, including periodic independent audits if mandated.

10. Your Rights

Depending on jurisdiction, you may:

  • Access, correct, or delete personal data;

  • Withdraw consent or object to processing;

  • Request restriction or portability of data;

  • Revoke third-party API access at any time via your Shieldbase account, provider’s console, or by emailing privacy@shieldbase.ai.

We respond within legal timeframes and confirm revocations or deletions upon completion.

11. Cookies and Tracking

We use cookies and similar technologies to enhance experience and measure usage.
Cookie preferences can be adjusted via browser settings.
If a third-party integration uses its own cookies, this will be disclosed and subject to its respective policy.

12. AI Transparency and Ethical Use

Shieldbase adheres to the following AI governance principles:

  • No model training using customer or API data;

  • Explainability and human oversight in decision-critical contexts;

  • Compliance with Singapore’s Model AI Governance Framework and emerging AI regulations worldwide.
    Any AI use of third-party data strictly follows limited-use and consent rules.

13. International Compliance

Shieldbase complies with:

  • Singapore PDPA;

  • EU GDPR;

  • UK Data Protection Act 2018;

  • Relevant U.S., Australian, and APAC privacy laws;

  • Third-party API provider data policies (e.g., Google Workspace API Services User Data Policy).

14. Changes to this Policy

We may update this Policy periodically.
Material changes will be communicated directly to registered users or posted with a revised effective date.
We will also update this Policy if third-party provider terms change materially.

15. Contact Us

Shieldbase AI Pte. Ltd.
1 Marina Boulevard, Singapore 018989
Email: privacy@shieldbase.ai


Annex A — Third-Party API Integrations and Data Use Policy

1. Purpose

Shieldbase offers optional integrations with third-party services (Google Workspace, Microsoft 365, Slack, Zoom, Salesforce, etc.) to enable user-initiated data exchange.
All integrations require explicit consent and operate on the principle of minimum necessary access.

2. Data Collection and Use

Data from third-party APIs is used only to:

  • Deliver the integration’s visible functionality;

  • Execute user-initiated operations;

  • Support synchronization, indexing, or analytics requested by the user;

  • Provide related customer support.

Shieldbase will never sell or use such data for advertising, profiling, or model training outside the authorized environment.

3. Provider Policy Compliance

We comply with:

  • Google Workspace API Services User Data Policy & Limited Use Requirements

  • Microsoft Graph API Terms of Use

  • Slack API Developer Policy

  • Zoom Developer Platform Terms

  • Salesforce API Terms of Use, and similar frameworks

Commitments include:

  • Minimal scope requests;

  • Transparent consent prompts;

  • No hidden secondary use;

  • Immediate revocation support;

  • Encryption and secure storage.

4. Storage and Retention

API-sourced data is stored securely in the region selected by the customer.
Transient caching may occur for session performance; cached data is auto-purged within 30 days (max).
Longer retention requires explicit customer configuration.

5. User Control and Revocation

Users may revoke API permissions through:

  • The Shieldbase “Manage Integrations” dashboard;

  • The provider’s account console; or

  • Emailing privacy@shieldbase.ai.
    All related tokens and cached data are deleted within 30 days of revocation.

6. Security and Access Controls

  • OAuth 2.0 authorization;

  • TLS 1.2+ encryption;

  • Encrypted token storage;

  • Role-based access control & audit logging;

  • Periodic independent security assessments (if required by API providers).

7. Subprocessors and Sharing

Subprocessor use is limited to those necessary for integration delivery and governed by Shieldbase’s DPA and the relevant provider’s limited-use clauses.
A public subprocessor list is maintained online.

8. Incident Management and Notification

In case of a confirmed or suspected breach affecting API-sourced data, Shieldbase will:

  • Investigate promptly;

  • Notify affected users, customers, and API providers;

  • Cooperate with authorities to resolve the incident.

9. Termination of Integration

Upon integration deactivation, all associated credentials and data are deleted within 30 days, unless legal retention applies.
Confirmation of deletion is available upon request.

10. Contact

Questions or concerns about third-party integrations can be directed to:
Shieldbase Pte. Ltd.
22 Sin Ming Lane #06-76 Midview City Singapore 573969
Email: privacy@shieldbase.ai