shieldbot

Privacy

Last updated: 2026-05-20

What we store

  • Account: Google ID + email from Firebase Auth. Used only to authenticate the dashboard.
  • API keys: a SHA-256 hash + the first/last few characters; never the raw key after creation.
  • Upstream provider keys (your Anthropic / OpenAI key): AES-256-GCM encrypted at rest with a Cloud KMS-bound secret.
  • Usage events: per request, we record timestamp, model, token counts, cost, scan verdict + finding types, and latency. No prompt or response text.
  • Redacted previews: when scanMode=block fires, we store the redacted prompt (e.g. my ssn is [SSN REDACTED]) for audit. Originals never persist.

What we don't store

  • Full prompt or response content.
  • Anything from /v1/scan (the unauthenticated endpoint) — those calls are ephemeral.
  • Browser cookies. Auth uses Firebase ID tokens in localStorage, scoped to the dashboard.

Who can see it

Nobody outside ShieldBot operators (currently: 1 person). We don't sell, share, or train on your data. We may forward block events to the webhook URL you configure — that payload contains only the metadata listed above (no prompt content).

Where it lives

Google Cloud (Firestore + Cloud Run) in us-central1. For EU customers needing residency in eu-west1, reach out.

Deletion

Revoke a key to disable it. To delete your account and all associated data, email us and we wipe within 7 days.

Third parties

  • Anthropic / OpenAI: we forward your traffic to them using your key.
  • Anthropic (for scanning): when you create traffic that passes the regex stage, we send the user-visible prompt text to Claude Haiku for ML classification. Anthropic's data policy applies to those scanner calls.
  • Google Cloud: our infrastructure provider.