Privacy Policy

Last updated: 1 April 2026

1. Information We Collect

1.1 Account Information

When you create a Digital Shields account, we collect:

• Full name
• Email address
• Password (stored securely as a cryptographic hash — we never store your actual password)
• Location (optional)
• Children's ages (optional — used only to personalise safety recommendations)

1.2 Usage Data

We automatically collect:

• Pages visited within the portal
• Family Safety Audit progress
• Course completion progress
• Shield AI queries (to improve the service)
• Community forum posts and replies

1.3 Payment Information

Payments are processed by Stripe. We do not store your credit card number, expiry date, or CVV on our servers. Stripe handles all payment data under their own privacy policy.

1.4 Cookies

We use essential cookies for authentication and session management. See our Cookie Policy for details.

2. How We Use Your Information

We use your information to:

• Provide and maintain the Digital Shields service
• Personalise safety recommendations based on your children's ages
• Send threat alerts and safety digest emails (if opted in)
• Process subscription payments via Stripe
• Moderate the community forum
• Improve Shield AI responses
• Comply with legal obligations

3. Legal Basis for Processing (UK GDPR)

We process your data under the following lawful bases:

• Contract: To provide the service you signed up for
• Legitimate interests: To improve the platform and prevent misuse
• Consent: For optional marketing emails and notification preferences
• Legal obligation: To comply with UK law

4. Who We Share Your Data With

We only share data with:

• Stripe — Payment processing
• Anthropic — Shield AI queries are processed by Anthropic's Claude API. Queries do not include your name or email.
• Railway — Our hosting infrastructure provider

We never sell your personal data. We never share your data with advertisers.

5. Data Retention

• Account data: Retained while your account is active, deleted within 30 days of account deletion
• Community posts: Retained until you or an admin deletes them
• AI chat logs: Retained for 90 days, then automatically deleted
• Payment records: Retained for 7 years as required by UK tax law

6. Your Rights

Under UK GDPR, you have the right to:

• Access — Request a copy of your personal data
• Rectification — Correct inaccurate data via your Settings page
• Erasure — Delete your account and all associated data
• Portability — Export your data in a machine-readable format
• Restriction — Restrict processing in certain circumstances
• Object — Object to processing based on legitimate interests
• Withdraw consent — Turn off notification preferences at any time

To exercise any of these rights, email support@digitalshields.co. We will respond within 30 days.

7. Children's Privacy

Digital Shields is a service for parents and guardians, not for children. We do not knowingly collect personal data from anyone under 18. If you believe a child has created an account, please contact us immediately.

8. Data Security

We protect your data with:

• Passwords hashed with bcrypt (industry standard)
• HTTPS/SSL encryption on all connections
• JWT token-based authentication
• Database hosted on encrypted infrastructure (Railway/PostgreSQL)
• Regular security reviews

9. International Transfers

Your data is processed on servers in the United States (Railway infrastructure) and by Anthropic (US-based). These transfers are protected by Standard Contractual Clauses as required by UK GDPR.

10. Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes via email or a notice in the portal. The "Last updated" date at the top reflects the most recent revision.

11. Contact Us

For privacy-related enquiries, data access requests, or complaints:

Infinity X Investments Ltd (trading as Digital Shields)
Email: support@digitalshields.co
Company Registration: 16998775
Registered in England and Wales

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Website: ico.org.uk
Helpline: 0303 123 1113