We do not sell, rent, or share your personal information with third parties. The ShieldKey proxy forwards request headers and body to upstream providers as-is, but we never log request or response bodies. Only metadata (timestamps, status codes, latencies, source IPs) is recorded.

Privacy Policy

Last updated: February 16, 2026

1. Information We Collect

  • Account information: email address and hashed password.
  • API keys: encrypted with AES-256-GCM using an Argon2id-derived key. We never store plaintext keys.
  • Usage data: request counts, timestamps, source IPs, and latencies for every proxied request.
  • Device information: we do not use cookies, tracking pixels, or analytics SDKs. We collect only the minimum data required to operate the service.

2. How We Use Your Information

We use the information we collect to:

  • Authenticate your identity and provide the proxy service.
  • Enforce the access policies you configure (IP allowlists, rate limits, geo-restrictions).
  • Detect anomalies and alert you to suspicious activity.
  • Generate anonymous, aggregate statistics to improve the service.

3. Data Storage and Security

  • All data is stored in PostgreSQL on Railway (US region).
  • API keys are encrypted at rest with AES-256-GCM using an Argon2id-derived encryption key.
  • Passwords are hashed with Argon2id.
  • All data in transit is protected by TLS.

4. Data Sharing

We do not sell, rent, or share your personal information with third parties. The ShieldKey proxy forwards request headers and body to upstream providers as-is, but we never log request or response bodies. Only metadata (timestamps, status codes, latencies, source IPs) is recorded.

5. Data Retention

  • Audit logs: retained for 90 days, then permanently purged.
  • Account data: retained until you delete your account.
  • Encrypted keys: deleted immediately when you revoke a token or delete your account.

6. Your Rights

You have the right to:

  • Export your audit logs via the API at any time.
  • Revoke any shield token instantly from the dashboard.
  • Delete your account entirely, which permanently removes all stored data including encrypted keys, audit logs, and account information.

7. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will notify you via the ShieldKey dashboard. Continued use of the service after changes constitutes acceptance of the updated policy.

8. Contact

If you have questions about this Privacy Policy, contact us at privacy@shieldkey.io.