1. Introduction
This Privacy Policy explains how Silver Vibes Kft. ("ShieldShed", "we", "us", or "our"), located at 1118 Budapest, Torbágy utca 5. 10. em. 40. ajtó, Hungary, collects, uses, and protects your personal data when you use DomainShield and other ShieldShed services (collectively, the "Service").
We are committed to protecting your privacy in compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the Hungarian Act CXII of 2011 on Informational Self-Determination and Freedom of Information, and other applicable data protection laws.
2. Data Controller
The data controller is Silver Vibes Kft., registered in Hungary under company registration number Cg.01-09-415376, tax number HU32271430.
Data protection contact: privacy@shieldshed.com
3. Personal Data We Collect
3.1 Account Data
When you register for the Service, we collect:
- Email address (used as login identifier)
- Password (stored in hashed form; we never store plaintext passwords)
- Company name
- Tax identification number (for invoicing purposes)
3.2 Service Configuration Data
To provide the Service, we collect:
- Notification email addresses (one or more addresses where alerts are sent)
- Brand names and domain names you wish to monitor
3.3 Automatically Collected Data
When you use the Service, we automatically collect:
- IP address and approximate geolocation
- Browser type, operating system, and device information
- Pages visited, features used, and timestamps
Google Analytics 4: We use Google Analytics 4 to understand how users interact with the Service. GA4 uses cookies and collects anonymized usage data. Google may process this data in the United States. For more information, see Google's privacy policy.
3.4 Payment Data
Payments are processed by Stripe, Inc. We do not store credit card numbers or full payment details on our servers. Stripe acts as an independent data controller for payment data. See Stripe's privacy policy.
We receive and store from Stripe: last four digits of your card, card type, expiration date, billing address, and transaction history.
4. Legal Bases for Processing
We process your personal data based on the following legal grounds under GDPR Article 6(1):
- Contract performance (Art. 6(1)(b)): Account data, service configuration data, and payment data are necessary to provide the Service under our Terms of Service.
- Legitimate interest (Art. 6(1)(f)): Security monitoring and service improvement. Our legitimate interest is to maintain, improve, and secure the Service.
- Legal obligation (Art. 6(1)(c)): Tax and invoicing records as required by Hungarian tax law.
- Consent (Art. 6(1)(a)): Google Analytics cookies and newsletter subscription. You may withdraw cookie consent through our cookie settings and unsubscribe from the newsletter at any time using the link in each email.
5. How We Use Your Data
We use your personal data for the following purposes:
- Providing and operating the Service (domain and brand monitoring, alerts, reports)
- Account management and authentication
- Sending service-related notifications and alerts to your specified email addresses
- Processing payments and generating invoices
- Analyzing usage patterns to improve the Service
- Ensuring the security and integrity of the Service
- Complying with legal obligations
- Sending product launch notifications and updates to newsletter subscribers (only with explicit consent)
6. Data Sharing and Third Parties
We share personal data with the following categories of recipients:
- Stripe, Inc. (payment processing) — acts as independent data controller for payment data. Based in the United States; transfers covered by Standard Contractual Clauses.
- Google LLC (Google Analytics 4) — anonymized usage data. Based in the United States; transfers covered by the EU-US Data Privacy Framework.
- Microsoft Azure (hosting infrastructure) — all Service data is hosted in Azure West Europe (Netherlands). Microsoft acts as a data processor under a Data Processing Agreement.
- Usercentrics A/S (Cookiebot) (consent management) — manages cookie consent preferences. Based in Denmark (EU). Stores consent records for compliance documentation.
We do not sell your personal data. We may disclose data if required by law or to protect our legal rights.
7. International Data Transfers
Your Service data is stored exclusively in the European Union (Azure West Europe, Netherlands). Some data may be transferred to the United States through our use of Stripe and Google Analytics. These transfers are protected by:
- EU-US Data Privacy Framework (for Google)
- Standard Contractual Clauses approved by the European Commission (for Stripe)
8. Data Retention
We retain your personal data for the following periods:
- Account data: For the duration of your account, plus 30 days after deletion.
- Service configuration data: For the duration of your account.
- Invoicing and tax records: 8 years from the date of the transaction, as required by Hungarian tax law.
- Usage analytics: 26 months (Google Analytics default retention period).
- Server logs: 90 days.
- Newsletter subscription: Until you unsubscribe. Upon unsubscription, your email address is deleted within 30 days. Consent records (date, time, IP) are retained for 5 years as proof of consent.
9. Your Rights
Under the GDPR, you have the following rights:
- Right of access (Art. 15): Obtain a copy of your personal data.
- Right to rectification (Art. 16): Correct inaccurate personal data.
- Right to erasure (Art. 17): Request deletion of your personal data.
- Right to restriction (Art. 18): Restrict processing in certain circumstances.
- Right to data portability (Art. 20): Receive your data in a structured, machine-readable format.
- Right to object (Art. 21): Object to processing based on legitimate interests.
- Right to withdraw consent: Withdraw consent for cookie-based analytics or newsletter subscription at any time. For cookies, click the cookie icon in the bottom-left corner of the website or visit our Cookie Declaration page. For the newsletter, click the unsubscribe link in any email.
To exercise your rights, contact us at privacy@shieldshed.com. We will respond within 30 days.
You also have the right to lodge a complaint with the Hungarian National Authority for Data Protection and Freedom of Information (NAIH): naih.hu, or your local EU supervisory authority.
10. Cookies
We use Cookiebot (provided by Usercentrics A/S) as our Consent Management Platform (CMP) to manage cookie consent in compliance with GDPR. Cookiebot categorizes cookies into the following standard categories:
- Strictly necessary cookies: Essential for the website to function, including the Cookiebot consent cookie that remembers your preferences. These do not require consent.
- Preference cookies: Enable the website to remember choices you make. Currently not in use on this website.
- Statistics cookies (Google Analytics 4): Used to collect anonymized usage statistics. These cookies are only set with your explicit consent. Legal basis: GDPR Art. 6(1)(a) — consent.
- Marketing cookies: Used to track visitors across websites for advertising purposes. Currently not in use, but may be enabled in the future for Google Ads and LinkedIn campaigns. These will only be set with your explicit consent.
You can change or withdraw your cookie consent at any time by clicking the cookie icon in the bottom-left corner of the website, or by visiting our Cookie Declaration page.
You can also opt out of Google Analytics using the Google Analytics Opt-out Browser Add-on.
11. Security
We implement appropriate technical and organizational measures to protect your personal data, including:
- Encryption in transit (TLS 1.2+) and at rest
- Hashed password storage using industry-standard algorithms
- Access controls and authentication for internal systems
- Regular security assessments
- EU-only data residency (Azure West Europe)
12. Children
The Service is not directed at individuals under the age of 16. We do not knowingly collect personal data from children.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service. The "Last updated" date at the top of this policy indicates when it was last revised.