Privacy Policy

1. Information We Collect

Right Shield LLC ("Right Shield," "we," "us," or "our") collects information about you when you visit our website, contact us, or engage our services. The categories of information we collect include:

1.1 Information You Provide Directly

• Contact information: name, email address, company name, and phone number submitted via intake forms or email;
• Brand information: trademark registrations, copyright registrations, brand asset descriptions, and infringement details you submit to our scan tool or during intake;
• Account credentials: if you create an account, a hashed password and session token;
• Payment information: handled exclusively by our payment processor; we do not store full card numbers.

1.2 Information Collected Automatically

• IP addresses, collected for rate-limiting and abuse prevention purposes;
• Browser type, operating system, and referrer URL via server access logs;
• Aggregated page-view counts via privacy-first analytics (no personally identifiable data in analytics logs).

We do not use tracking pixels, third-party advertising cookies, or cross-site behavioral profiling. See our Cookie Policy for full details.

2. How We Use Information

We use the information we collect to:

• Provide, operate, and improve the Services;
• Prepare and submit intellectual property enforcement notices on your behalf;
• Communicate with you about your engagement, including status updates and documentation;
• Verify your identity and authority to submit enforcement actions;
• Detect, prevent, and respond to fraud, abuse, and security incidents;
• Comply with legal obligations and respond to lawful requests from government authorities;
• Analyze aggregate usage patterns to improve site performance (no individual tracking).

We do not sell your personal information. We do not use your information for targeted advertising.

3. Information Sharing & Disclosure

Right Shield does not sell or rent your personal information. We share information only in the following limited circumstances:

3.1 Service Providers

We engage the following third-party infrastructure providers, each of whom processes data solely on our behalf under data processing agreements:

• Vercel Inc. — website hosting and edge infrastructure (United States);
• Resend Inc. — transactional email delivery (United States);
• Upstash Inc. — Redis-based rate limiting and session caching (United States, EU options available);
• Google LLC (Gemini AI API) — AI-assisted document analysis proxied through our server; no raw PII is transmitted to this endpoint.

3.2 Platforms & Registrars (Engagement-Specific)

When acting as your enforcement agent, we transmit the minimum information necessary to third-party platforms, registrars, and domain dispute bodies (e.g., WIPO, NAF) to execute notices and filings on your behalf. This is inherent to the service and is authorized by you at intake.

3.3 Legal Disclosures

We may disclose information when required by law, court order, or valid governmental request, or when we believe in good faith that disclosure is necessary to protect the rights, property, or safety of Right Shield, our clients, or others.

4. Data Retention

We retain different categories of data for different periods:

• IP address logs: 90 days, after which they are automatically purged from rate-limit stores;
• Client engagement records (notices, evidence packages, correspondence): retained indefinitely to support future legal proceedings and audit requirements, unless you request deletion;
• Inactive account data: accounts with no activity for 12 consecutive months are flagged for deletion review; we will notify you before deletion;
• Email communications: retained for the duration of your engagement plus 3 years for legal hold purposes.

Upon written request, we will delete personal information not subject to a legal hold or ongoing legal obligation within 30 days.

5. Your Rights

Depending on your jurisdiction, you may have the following rights with respect to your personal information:

5.1 GDPR Rights (EEA & UK Residents)

• Right of access — obtain a copy of personal data we hold about you;
• Right to rectification — correct inaccurate or incomplete data;
• Right to erasure ("right to be forgotten") — subject to legal hold exceptions;
• Right to restriction of processing;
• Right to data portability — receive your data in a machine-readable format;
• Right to object to processing based on legitimate interests.

5.2 CCPA Rights (California Residents)

• Right to know what personal information we collect, use, disclose, and sell (we do not sell);
• Right to delete personal information (subject to legal hold exceptions);
• Right to opt-out of the sale of personal information (not applicable — we do not sell);
• Right to non-discrimination for exercising your privacy rights.

To exercise any of these rights, contact us at legal@rightshield.io. We will respond within 30 days.

6. International Data Transfers

Right Shield is based in the United States. If you are accessing our Services from outside the United States, your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your jurisdiction.

For transfers from the European Economic Area or United Kingdom, we rely on standard contractual clauses approved by the European Commission as the legal mechanism for such transfers, where applicable. For questions about our transfer mechanisms, contact us at legal@rightshield.io.

7. Children's Privacy

The Services are not directed to individuals under the age of 13, and we do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will promptly delete it. If you believe we may have inadvertently collected such information, please contact us at legal@rightshield.io.

8. Security Measures

Right Shield implements technical and organizational security measures designed to protect your personal information against unauthorized access, disclosure, alteration, or destruction. These measures include:

• TLS 1.3 encryption for all data in transit;
• Encryption at rest for sensitive client data and evidence packages;
• Role-based access controls limiting data access to authorized personnel on a need-to-know basis;
• Regular security reviews and dependency audits;
• Incident response procedures with client notification obligations.

No security system is impenetrable. In the event of a data breach affecting your personal information, we will notify you as required by applicable law.

9. Changes to Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date and, where required, provide advance notice. We encourage you to review this page periodically. Your continued use of the Services after changes become effective constitutes your acceptance of the updated policy.

10. Contact Information for Privacy Requests

For privacy-related inquiries, data access requests, or to exercise any of your rights described above: