Privacy Policy | BlackShield

Privacy controls backed by infrastructure code, tenant isolation, and managed-cloud safeguards.

BlackShield is not treating privacy as a static notice page. The service is deployed on AWS managed infrastructure, operated by an Irish company, and reinforced by code-level controls for tenant scoping, hashed credentials, access governance, auditability, and secure transport.

Effective date

March 18, 2026

Last updated

March 18, 2026

What data BlackShield processes

BlackShield is a B2B security platform, so the data we process is oriented around account access, tenant configuration, scanner output, reporting, and operational reliability rather than consumer profiling.

Account and identity data includes user email, display information, role assignment, and authentication-provider metadata needed to manage access.
Tenant data includes company identifiers, API key metadata, feature configuration, audit context, and settings used to operate a tenant workspace.
Security operations data includes findings, affected assets, remediation context, repository or cloud metadata, and operational telemetry needed to deliver the service.
Public-site Google Analytics measurement is consent-managed through a region-scoped banner and Google consent mode rather than enabled by default everywhere.

Infrastructure safeguards built into the platform

The privacy baseline is not just policy language. It is reflected in the infrastructure code that provisions how data stores, queues, secrets, and traffic are handled.

PostgreSQL storage is provisioned with encryption at rest, generated database credentials in AWS Secrets Manager, and backup retention defined in infrastructure configuration rather than left implicit.
The reports bucket is encrypted with S3-managed encryption, blocks all public access, enforces SSL, and applies lifecycle expiration rules to age out old report objects.
The ingestion transport uses encrypted SQS queues with a dead-letter queue so ingestion traffic can be retried and contained without silently disappearing.
The VPC layout keeps stateful services in isolated subnets, while customer-facing traffic is routed through a managed load balancer with HTTPS when certificate wiring is enabled.

Application-layer privacy controls in source code

Privacy protection also depends on application behavior. The backend includes explicit code paths for tenant isolation, secret handling, role checks, and auditability.

Tenant context is resolved from authenticated users or API keys, and request handling carries a company_id context so data access is scoped to the active tenant.
Raw API keys are shown once and stored as SHA-256 hashes; user passwords are stored with bcrypt rather than in reversible form.
Role- and permission-based checks are enforced on sensitive routes such as reports, API keys, notifications, billing, and tenant-rights operations.
Audit trails are recorded for authentication activity, identity changes, remediation workflows, platform-admin actions, and support impersonation sessions.
Security headers are applied on responses, including HSTS in staging and production, frame denial, referrer controls, and a restrictive permissions policy.

Retention, deletion, and lifecycle handling

Data lifecycle is treated as an operational process, not a vague promise. Retention and deletion controls are tied to environment settings, lifecycle rules, and tenant offboarding flows.

Database backup retention and log retention are defined in environment configuration, making retention posture explicit in infrastructure code.
Report artifacts in S3 follow lifecycle expiration rules, and tenant data export or delete workflows are supported through documented tenant-rights flows.
Deletion and offboarding remain subject to backup windows, legal obligations, and contractual commitments that may apply to the customer relationship.

AWS provider assurance and certification context

BlackShield is built on AWS because it provides a mature managed-cloud baseline with broad security engineering investment and extensive third-party assurance programs.

AWS publicly maintains a large portfolio of compliance and certification programs for the underlying cloud infrastructure used by managed services such as compute, storage, databases, and networking.
Those infrastructure-level attestations strengthen the physical, environmental, and foundational cloud controls on which the service depends.
They do not automatically certify BlackShield itself, which is why we also rely on our own application-layer controls, tenant isolation, logging, access controls, and customer contracting artifacts.

Cross-border data handling and customer review

BlackShield is operated from Ireland, while the default hosted region is in the United States. That means privacy and procurement review should consider both the Irish operating entity and the US-hosted service footprint.

Customers with EEA, UK, or similar transfer requirements should review the hosting model together with the DPA and procurement package before production onboarding.
If a customer requires additional regional, contractual, or subprocessor review, those requirements should be captured before launch rather than after data has begun to flow.
The privacy page complements, but does not replace, signed legal documents, trust documentation, and customer-specific data-processing commitments.