Privacy Policy

1. Data Controller & Processor Roles

ShieldComms LLC is a company organized under the laws of the State of Michigan, USA. Our role with respect to personal data varies depending on the type of data involved:

• Data controller: For Tenant account data -- including business information, payment details, and authentication credentials -- ShieldComms acts as the data controller, determining the purposes and means of processing.
• Data processor: For Provider and Client data processed on behalf of Tenants -- including phone numbers, message content, and booking data -- ShieldComms acts as a data processor, processing data on the instructions of the Tenant (who is the data controller for their providers' and clients' personal data).
• Tenant responsibilities: Tenants are responsible for their own privacy obligations to their providers and clients, including providing appropriate privacy notices and obtaining necessary consents.

2. Categories of Personal Data Collected

ShieldComms collects and processes the following categories of personal data:

• Tenant data: Name, email address, business name and information, payment information (processed by Stripe -- ShieldComms does not store full card numbers), and authentication credentials (managed by Clerk).
• Provider data: Name, phone number, and geographic location (used for proxy number matching).
• Client data: Name, phone number, and booking and assignment details.
• Message data: SMS message content, timestamps, delivery status, and sender/recipient proxy mappings.
• Moderation data: AI moderation scores, flagged content categories, and moderation actions taken.
• Usage data: Log data, IP addresses, browser and device information, session data, and pages visited.
• Derived data: Aggregated analytics and AI-generated scores.

3. Purposes of Data Processing

We process personal data for the following purposes:

• Providing the proxy communication service, including routing messages and assigning proxy numbers to provider-client pairs.
• Sending automated notifications and booking reminders on behalf of Tenants.
• AI content moderation and safety scoring (beta feature).
• Geographic number matching to assign proxy numbers with relevant area codes.
• Billing and subscription management through Stripe.
• Customer support and service inquiries.
• Service improvement and analytics using aggregate and anonymized data only.
• Legal compliance, fraud prevention, and platform security.
• Responding to lawful requests from law enforcement agencies.

4. Legal Basis for Processing

We process personal data on the following legal bases:

• Contractual necessity: Processing that is required to provide the service under our Terms of Service, including message routing, proxy number assignment, billing, and account management.
• Legitimate interests: Processing for security, fraud prevention, service improvement, and aggregate analytics, where our interests are not overridden by your data protection rights.
• Legal obligations: Data retention for tax and financial compliance, and responding to valid law enforcement requests.
• Consent: Where specifically required, such as for marketing communications to Tenants. You may withdraw consent at any time.

5. Third-Party Data Sharing

ShieldComms shares personal data with the following categories of third-party service providers, each for specific and limited purposes:

• Twilio -- SMS and voice message routing, proxy phone number provisioning and management.
• Stripe -- Payment processing and subscription billing.
• Clerk -- User authentication and identity management.
• AI service providers -- Message content analysis for moderation scoring.
• Cloud infrastructure (AWS) -- Data hosting and storage.
• Law enforcement -- When required by valid legal process (subpoena, court order, or equivalent).

ShieldComms does not sell personal information.

ShieldComms does not share personal information for cross-context behavioral advertising.

All sub-processors are contractually required to protect personal data to standards equivalent to those described in this Privacy Policy.

6. SMS-Specific Privacy Disclosures

Because ShieldComms facilitates SMS communications through proxy phone numbers, the following disclosures apply specifically to messaging data:

• Phone numbers are collected to provide the proxy communication service. They are necessary for routing messages between providers and clients.
• Proxy numbers mask real phone numbers -- providers and clients communicate through proxy numbers without seeing each other's real phone numbers.
• All message content sent through proxy numbers is stored and accessible to the subscribing Tenant through the ShieldComms dashboard.
• Opt-out: Recipients can text STOP to any proxy number to opt out of messages from that number.
• Message frequency varies based on booking activity and tenant notification settings.
• Standard message and data rates may apply.
• Phone numbers collected through the service are not shared with third parties for marketing, sold, or used for purposes unrelated to service delivery.

7. AI Processing & Automated Decision-Making

When AI moderation is enabled by a Tenant, message content is processed by automated systems. This section describes how AI processing works and your related rights.

• When AI moderation is enabled, message content is sent to third-party AI providers for analysis and scoring.
• AI generates moderation scores that may result in messages being flagged for review or blocked from delivery.
• Customer message data is not used to train AI models.
• Tenants can review and override AI moderation decisions through the ShieldComms dashboard.
• Under applicable state privacy laws -- including the California Consumer Privacy Act (CCPA/CPRA), the Colorado Privacy Act (Colorado CPA), and the Connecticut Data Privacy Act (CTDPA) -- individuals may have the right to opt out of automated decision-making that produces legal or similarly significant effects.
• For Provider and Client data, such opt-out requests should be directed to the Tenant (data controller), who manages the provider-client relationship.

8. Data Retention

ShieldComms retains personal data for the following periods:

• Active account data: Retained for the duration of the subscription and for a reasonable period thereafter.
• Message content: Retained for the duration of the subscription and for a reasonable period thereafter.
• AI moderation logs: Retained alongside message content for the same duration.
• Billing and financial records: Retained for 7 years for tax and financial compliance.
• Consent records: Retained for 5 years, aligned with the TCPA statute of limitations.

ShieldComms does not currently offer automated data deletion upon account cancellation. To request data export or deletion, contact info@shieldcomms.com.

9. Consumer Rights (Multi-Jurisdiction)

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Right to know / access: Request information about what personal data we collect, use, and disclose about you.
• Right to delete: Request deletion of your personal data, subject to certain legal exceptions.
• Right to correct: Request correction of inaccurate personal data.
• Right to data portability: Receive your personal data in a structured, commonly used, machine-readable format.
• Right to opt out of sale/sharing: ShieldComms does not sell personal data. This right is provided for compliance with applicable laws.
• Right to opt out of automated decision-making: Relevant for AI moderation features. See Section 7 for details.
• Right to non-discrimination: Exercising your privacy rights will not result in discriminatory changes to service quality or pricing.

Exercising Your Rights

For Tenant (account holder) data: Submit requests to info@shieldcomms.com. Identity verification is required. We will respond within 45 days of receiving a verifiable request.

For Provider and Client data: ShieldComms processes Provider and Client data on behalf of Tenants. Requests from providers and clients regarding their personal data should be directed to the Tenant (their service provider). ShieldComms will assist Tenants in fulfilling such requests.

These rights are provided in compliance with: the California Consumer Privacy Act and California Privacy Rights Act (CCPA/CPRA), the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (Colorado CPA), the Connecticut Data Privacy Act (CTDPA), and other applicable state privacy laws.

10. Data Security

ShieldComms implements appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction:

• Encryption in transit (TLS) and at rest for all personal data.
• Role-based access controls and authentication to limit data access to authorized personnel.
• Regular security monitoring and vulnerability assessments.
• Incident response procedures to address security events promptly.

11. Data Breach Notification

In the event of a data breach involving personal data, ShieldComms will:

• Notify affected individuals without unreasonable delay.
• Comply with Michigan law (MCL 445.72) and all applicable state breach notification laws.
• Include in the notification: a description of the breach, the types of personal data affected, the steps ShieldComms has taken in response, and contact information for further inquiries.

12. Children's Privacy

ShieldComms is a business-to-business service and is not directed at children under the age of 13.

• ShieldComms does not knowingly collect personal data from children under 13.
• If we become aware that personal data from a child under 13 has been collected, we will delete it promptly.
• If you believe a child under 13 has provided personal data through the service, please contact us at info@shieldcomms.com.

13. International Data Transfers

All data collected by ShieldComms is processed and stored in the United States.

• For data subjects in the European Union, United Kingdom, or European Economic Area: transfers of personal data to the United States are made under applicable legal mechanisms, including Standard Contractual Clauses (SCCs) or the EU-US Data Privacy Framework.
• By using the service, you acknowledge that your data will be transferred to and processed in the United States.

14. Cookies & Tracking

ShieldComms uses minimal tracking technologies:

• The ShieldComms landing site (shieldcomms.com) uses minimal or no cookies.
• The ShieldComms application (app.shieldcomms.com) uses cookies that are necessary for authentication and session management.
• No third-party advertising or behavioral tracking cookies are used on any ShieldComms property.

15. Policy Updates

ShieldComms may update this Privacy Policy from time to time to reflect changes in our practices, applicable laws, or regulatory requirements.

• The "Last Updated" date is displayed prominently at the top of this page.
• Material changes will be communicated via email to account holders.
• This policy is reviewed and updated annually at minimum, in accordance with CCPA requirements.

16. Contact

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:

ShieldComms LLC
Michigan, USA
info@shieldcomms.com

For privacy-specific inquiries or rights requests: info@shieldcomms.com