Privacy Policy

Last updated: 8 May 2026

This privacy policy explains how we collect, use, store, and protect your personal data when you use Digital Shields. It has been drafted in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Information We Collect

2.1 Account Information

When you create a Digital Shields account, we collect:

• Full name
• Email address
• Password (stored only as a cryptographic hash — we never store your actual password)
• Location (optional — used to tailor regional safety recommendations)
• Children's ages (optional — used only to personalise safety recommendations)

2.2 Child Profile Data

Parents and guardians may create child profiles within their account. For each child profile, we collect:

• Child's first name only (never surname or full name)
• Age
• Devices they use (e.g. iPhone, Xbox, tablet)
• Apps and platforms they use (e.g. YouTube, Roblox, TikTok)

We never collect full names, photographs, school names, addresses, or other identifying information about children. See Section 5 for further details on how we handle children's data.

2.3 Usage Data

We collect data about how you use the service, including:

• Pages visited within the portal
• Family Safety Audit progress
• Course completion progress
• Shield AI queries and conversations
• Community forum posts and replies
• Safety Score history
• Engagement events (e.g. feature interactions, button clicks)
• Resource bookmarks

2.4 Payment Data

All payment processing is handled entirely by Stripe. We do not store your credit card number, expiry date, or CVV on our servers. The only payment-related data we store is your Stripe customer ID and subscription ID, which allow us to manage your subscription status. Stripe processes your payment data under their own privacy policy.

2.5 Technical Data

We collect limited technical data to maintain the security and performance of the service:

• IP address (used for rate limiting and abuse prevention — not stored long-term)
• User agent string (browser and device type)
• Timestamp of requests

2.6 Communication Data

We keep records of transactional emails we send to you, including:

• Email verification messages
• Password reset emails
• Threat alert notifications
• Weekly safety digest emails

3. How We Use Your Information

We use your personal data for the following purposes:

• Provide the service — deliver the Digital Shields portal, including audits, courses, AI assistant, and community features
• Personalise recommendations — tailor safety advice based on your children's ages, devices, and apps
• Process payments — manage your subscription via Stripe
• Send alerts and digests — deliver threat alerts and weekly safety digest emails when you have opted in
• Moderate the community — review and manage community forum content to maintain a safe environment
• Improve AI responses — periodically review anonymised, aggregated query patterns (e.g. which safety topics are most commonly asked about) to refine our system prompts and safety content. We do not use your queries to train any AI model, and your conversations are never shared with Anthropic for model training (Anthropic's API data usage policy confirms API inputs and outputs are not used for training). "Improving Shield AI" means improving the instructions and context we give to the AI, not training the AI itself.
• Enforce our terms — take action against accounts that violate our Terms of Service
• Prevent fraud and abuse — detect and block suspicious activity, bot attacks, and platform abuse
• Comply with law — meet legal obligations under UK law, including tax, data protection, and law enforcement requirements

4. Legal Basis for Processing (UK GDPR Article 6)

We rely on the following lawful bases under Article 6(1) of the UK GDPR:

• Performance of a contract — Article 6(1)(b): Processing necessary to deliver the service you signed up for, including account management, providing access to portal features, processing payments, and managing your subscription.
• Legitimate interests — Article 6(1)(f): Processing necessary for our legitimate interests, including platform security, fraud prevention, abuse detection, service improvement, and community moderation. We have conducted balancing tests to ensure these interests do not override your rights and freedoms.
• Consent — Article 6(1)(a): Processing based on your freely given consent, including marketing emails, optional notification preferences (threat alerts, weekly digests), and the AI memory feature (Fortress plan). You can withdraw consent at any time via your Settings page.
• Legal obligation — Article 6(1)(c): Processing necessary to comply with UK law, including retention of payment records for HMRC tax requirements (7 years) and responding to valid law enforcement requests.

5. Children's Data and the Age Appropriate Design Code (AADC)

Digital Shields is a service designed exclusively for parents and guardians aged 18 and over. We take the protection of children's data extremely seriously.

• Children cannot create accounts. Only adults aged 18+ may register for Digital Shields.
• Child profile data is provided by parents about children — it is never collected directly from children themselves.
• Lawful basis for child data: Child profile data constitutes personal data about a third party (the child) provided by the parent. We process this data under legitimate interests (Article 6(1)(f)) — specifically, the parent's legitimate interest in protecting their child's online safety. We have conducted a balancing test as part of our DPIA (see Section 10) and concluded that, given the minimal nature of the data (first names and ages only), the protective purpose of the processing, and the parent's full control over creation and deletion of profiles, the parent's interests are not overridden by the child's rights and freedoms.
• Minimal data only: We store only first names and ages in child profiles. We never collect or store children's full names, photographs, school names, home addresses, or other identifying information.
• Parental control: Parents can view, edit, and delete child profiles at any time from their portal Settings.
• No profiling of children: We do not build behavioural profiles of children, apply nudge techniques directed at children, or track children's location.
• ICO AADC compliance: We have considered the ICO's Age Appropriate Design Code (Children's Code) in our design decisions. Because our service is directed at parents rather than children, and child data is limited to first names and ages provided by parents, the AADC standards are addressed through our design choices.
• Under-13 safeguard: If we become aware that a child under 13 has directly provided personal data to us (for example, by creating an account), we will delete that data immediately and terminate the associated account.

6. Who We Share Your Data With

We share your data only with the following trusted data processors, each of which processes data on our behalf under a data processing agreement:

• Stripe (payment processing) — United States — protected by the UK International Data Transfer Agreement (IDTA) or UK Addendum to EU SCCs, as issued by the ICO
• Anthropic (Shield AI queries via Claude API) — United States — queries are anonymised and no personally identifiable information is sent — protected by the UK Addendum to EU SCCs. Anthropic's API data usage policy confirms that API inputs and outputs are not used to train their models.
• Railway (hosting infrastructure) — United States — protected by the UK International Data Transfer Agreement (IDTA) or UK Addendum to EU SCCs
• Resend (transactional email delivery) — United States — protected by the UK International Data Transfer Agreement (IDTA) or UK Addendum to EU SCCs
• Cloudflare (Turnstile bot protection) — United States / European Union — protected by the UK International Data Transfer Agreement (IDTA) or UK Addendum to EU SCCs
• GitHub (CI/CD automation and source code management) — United States — protected by the UK International Data Transfer Agreement (IDTA) or UK Addendum to EU SCCs

We never sell your personal data to anyone. We never share your data with advertisers, marketing companies, or data brokers.

7. International Transfers

Your personal data is processed on servers located in the United States by our infrastructure and service providers (Railway, Anthropic, Stripe, Resend, Cloudflare, and GitHub).

These international transfers are protected by the following safeguards as required by Chapter V of the UK GDPR:

• UK International Data Transfer Agreements (IDTAs) or the UK Addendum to EU SCCs, as issued by the ICO under Section 119A of the Data Protection Act 2018, incorporated into our data processing agreements with each provider. The ICO ceased recognising bare EU Standard Contractual Clauses for UK GDPR transfers after 21 March 2024; all our transfer mechanisms use the ICO-approved instruments.
• Transfer Risk Assessments (TRAs): We conduct a transfer risk assessment for each international transfer, evaluating the processor's data protection practices, security measures, and the legal framework of the destination country, in accordance with ICO guidance.
• Supplementary measures: Including encryption in transit (TLS) and at rest, access controls, data minimisation, and pseudonymisation where appropriate.

The UK has an adequacy decision for the European Union/EEA. For transfers to the United States, we rely on the IDTA or UK Addendum, together with supplementary technical and organisational measures, to ensure your data receives an equivalent level of protection to that provided under the UK GDPR.

8. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected. Our specific retention periods are:

• Account data: Retained while your account is active. Deleted within 30 days of account deletion.
• Community posts: Retained until you or an administrator deletes them. On account deletion, posts are anonymised (author name removed) rather than deleted, to preserve community context.
• AI chat history: Retained for 90 days, then automatically deleted. During this period, anonymised query patterns may be reviewed for service improvement purposes under our legitimate interests (Article 6(1)(f)). This secondary use has been assessed as part of our Data Protection Impact Assessment — see Section 10.
• AI memory (Fortress plan): Retained until you manually clear it via Settings or delete your account.
• Payment records: Retained for 7 years as required by UK tax law (HMRC requirements under the Taxes Management Act 1970).
• Server logs: Retained for 30 days, then automatically deleted.
• Security and rate-limit data: Retained for 24 hours, then automatically deleted.
• Engagement events: Retained for 12 months, then automatically deleted.

9. Your Rights Under UK GDPR

Under the UK GDPR, you have the following rights in relation to your personal data:

• Right of access (Article 15): You can request a copy of all personal data we hold about you. Use Settings > Download my data in the portal, or email us.
• Right to rectification (Article 16): You can correct inaccurate or incomplete data. Edit your details via your Settings page, or email us for assistance.
• Right to erasure (Article 17): You can request deletion of your personal data. Use Settings > Delete my account in the portal, or email us. Note: some data may be retained where we have a legal obligation (e.g. payment records for HMRC).
• Right to data portability (Article 20): You can export your personal data in a structured, commonly used, machine-readable format (JSON). Use Settings > Download my data in the portal.
• Right to restrict processing (Article 18): You can request that we restrict processing of your data in certain circumstances, such as while we verify the accuracy of your data or assess an objection.
• Right to object (Article 21): You can object to processing based on our legitimate interests. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.
• Rights related to automated decision-making (Article 22): We do not make decisions based solely on automated processing that produce legal effects or similarly significant effects concerning you. See Section 10 for details.
• Right to withdraw consent: Where processing is based on consent, you can withdraw it at any time. Toggle notification preferences off in your Settings, or email us. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

How to exercise your rights: Use the self-service options in your portal Settings page, or email support@digitalshields.co.

Response time: We will respond to your request within 30 calendar days. If your request is particularly complex or we receive a large number of requests, we may extend this by a further 60 days, in which case we will inform you of the extension and the reasons for it within the initial 30-day period.

Cost: Exercising your rights is free of charge. We may charge a reasonable fee or refuse to act on requests that are manifestly unfounded or excessive, particularly if they are repetitive.

10. Automated Decision-Making, Profiling, and DPIA

• Safety Score: Your Family Safety Score is calculated locally in your browser based on your audit responses. It is not transmitted to or processed on our servers for decision-making purposes. Your Safety Score does not affect your account access, subscription, or the features available to you.
• AI recommendations: Recommendations provided by Shield AI are educational and advisory in nature only. They are not legally binding, do not constitute professional advice, and do not produce legal or similarly significant effects.
• No automated decisions with legal effect: We do not profile users for marketing purposes, and we do not make any decisions based solely on automated processing that produce legal effects or similarly significant effects concerning you, as defined by Article 22 of the UK GDPR.

Data Protection Impact Assessment (DPIA)

We have conducted a Data Protection Impact Assessment under Article 35 of the UK GDPR. This assessment covers the processing of parental queries about children's online safety through AI technology, the collection of child profile data (ages, devices, apps) from parents as third-party data, and the retention of AI conversation logs. The DPIA evaluates the necessity and proportionality of this processing, identifies risks to data subjects, and documents the technical and organisational measures we have implemented to mitigate those risks. The DPIA is reviewed and updated whenever we introduce significant changes to our data processing activities. A copy of the DPIA is held internally and is available to the ICO upon request.

11. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction:

• Password hashing: All passwords are hashed using bcrypt with 12 salt rounds — we never store plaintext passwords
• Encryption in transit: All connections use HTTPS/TLS encryption
• HSTS with preload: HTTP Strict Transport Security is enforced with preload to prevent downgrade attacks
• CSRF protection: Cross-site request forgery protection using the double-submit cookie pattern
• Rate limiting: Authentication endpoints are rate-limited to prevent brute-force attacks
• Session management: JWT token-based session management with secure token handling
• Encryption at rest: Database encryption at rest via Railway/PostgreSQL infrastructure
• Security reviews: Regular security reviews and code audits
• Least privilege: Administrative access follows the principle of least privilege

12. Cookies and Local Storage

Digital Shields uses a minimal number of cookies and localStorage items, all of which are strictly essential for the service to function. We do not use advertising cookies, tracking cookies, or third-party analytics cookies.

For full details of the cookies and local storage items we use, including their names, purposes, and durations, please see our Cookie Policy.

13. Data Breaches

In the event of a personal data breach, we will follow the procedures required by Articles 33 and 34 of the UK GDPR:

• ICO notification: Where a breach is likely to result in a risk to the rights and freedoms of individuals, we will notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach, where feasible.
• User notification: Where a breach is likely to result in a high risk to your rights and freedoms, we will notify affected users without undue delay, providing clear information about the nature of the breach and the steps you can take to protect yourself.

14. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices, services, or legal requirements.

• For significant changes, we will notify you by email and display a notice in the portal before the changes take effect.
• The "Last updated" date at the top of this page reflects the most recent revision.
• Previous versions of this policy are available on request by emailing support@digitalshields.co.

15. Complaints and Contact

For privacy-related enquiries, data access requests, or to exercise any of your rights:

Infinity X Investments Ltd (trading as Digital Shields)
Email: support@digitalshields.co
Company Registration: 16998775
Registered in England and Wales

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Website: ico.org.uk
Helpline: 0303 123 1113
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF