Privacy Policy
Last updated: February 21, 2026
1. Introduction
TitanShield SAS ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application security testing platform ("Service").
We comply with the General Data Protection Regulation (GDPR) and French data protection laws (CNIL regulations).
Data Controller: TitanShield SAS, France
2. Information We Collect
2.1 Information You Provide
- Account Information: Name, email address, password (hashed), company name (optional)
- Payment Information: Processed securely by Stripe. We do not store credit card numbers
- Applications: Mobile applications you upload for security analysis
- Feedback: Vulnerability feedback and comments you provide
2.2 Information Collected Automatically
- Usage Data: Pages visited, features used, analysis history (via Plausible Analytics - privacy-friendly, no cookies)
- Technical Data: IP address (anonymized), browser type, device information
- Essential Cookies: Session management, authentication state
2.3 Information We Do NOT Collect
- We do not use tracking cookies or third-party advertising trackers
- We do not sell or share your data with advertisers
- We do not perform behavioral profiling for marketing
3. How We Use Your Information
We use your information for the following purposes:
| Purpose | Legal Basis (GDPR) |
|---|---|
| Provide and maintain the Service | Contract performance (Art. 6(1)(b)) |
| Process payments and subscriptions | Contract performance (Art. 6(1)(b)) |
| Send service-related notifications | Contract performance (Art. 6(1)(b)) |
| Improve ML false positive detection | Legitimate interest (Art. 6(1)(f)) |
| Respond to support requests | Contract performance (Art. 6(1)(b)) |
| Comply with legal obligations | Legal obligation (Art. 6(1)(c)) |
| Prevent fraud and abuse | Legitimate interest (Art. 6(1)(f)) |
4. Data Storage and Security
4.1 Where We Store Your Data
- Primary Database: PostgreSQL hosted on EU-based infrastructure (Germany)
- File Storage: S3-compatible object storage - EU region (Germany)
- Payment Processing: Stripe - EU data centers
All data is stored exclusively within the European Union. We do not transfer data outside the EU.
4.2 Security Measures
- All data encrypted in transit (TLS 1.3)
- Data encrypted at rest (AES-256)
- Passwords hashed with bcrypt
- Regular security audits
- Access controls and audit logging
4.3 Data Retention
- Account Data: Retained while account is active
- Uploaded Applications: Deleted after analysis or retained per your settings
- Analysis Results: Retained until you delete them
- After Account Deletion: All data permanently deleted within 30 days
5. Data Sharing
We do NOT sell your data. We only share data with:
| Third Party | Purpose | Data Shared |
|---|---|---|
| Stripe | Payment processing | Email, payment details |
| EU Cloud Provider | Infrastructure hosting (database, file storage) | Account data, uploaded apps, reports |
| Plausible Analytics | Privacy-friendly analytics | Anonymized usage data (no cookies) |
| Postmark/Resend | Transactional emails | Email address, name |
6. Your Rights (GDPR)
Under the GDPR, you have the following rights:
Right to Access
Request a copy of your personal data
Right to Rectification
Correct inaccurate personal data
Right to Erasure
Request deletion of your data ("right to be forgotten")
Right to Restriction
Limit how we process your data
Right to Portability
Receive your data in a machine-readable format
Right to Object
Object to processing based on legitimate interest
To exercise any of these rights, contact us at privacy@titanshield.tech
We will respond within 30 days as required by GDPR.
7. Cookies
We use only essential cookies required for the Service to function:
| Cookie | Purpose | Duration |
|---|---|---|
| session | Authentication and session management | Session (until logout) |
| csrf_token | Security - prevent cross-site request forgery | Session |
| lang | Remember language preference | 1 year |
| cookies_accepted | Remember cookie consent choice | 1 year |
We do NOT use:
- Advertising or tracking cookies
- Third-party marketing cookies
- Social media tracking pixels
8. International Transfers
Your data is primarily stored in the European Union. If data is transferred outside the EU, we ensure adequate protection through:
- EU Standard Contractual Clauses (SCCs)
- Adequacy decisions by the European Commission
9. Children's Privacy
The Service is not intended for users under 16 years of age. We do not knowingly collect personal information from children under 16.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by:
- Email notification to registered users
- Prominent notice on the Service
Your continued use after changes constitutes acceptance of the updated policy.
11. Complaints
If you believe we have violated your privacy rights, you have the right to lodge a complaint with:
CNIL (French Data Protection Authority)
3 Place de Fontenoy
TSA 80715
75334 PARIS CEDEX 07
France
Website: www.cnil.fr
12. Contact Us
For privacy-related inquiries:
Email: privacy@titanshield.tech
General Contact: contact@titanshield.tech
Website: https://titanshield.tech