ShieldNodeShieldNode
Start free

Legal

Privacy Policy

Effective date: March 12, 2026 — Last updated: March 12, 2026

This Privacy Policy describes how Dorunaitsu LLC ("ShieldNode", "we", "us", or "our"), a Delaware limited liability company, collects, uses, and protects information when you use our service at shieldnode.app.

By using ShieldNode, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Account Information

When you register, we collect your email address and authentication credentials via Supabase Auth (Google OAuth or email/password). We do not store passwords — authentication is handled entirely by Supabase.

1.2 API Credentials (Sensitive Data)

When you add a service to ShieldNode, you provide an API base URL and credentials (API keys, tokens, or passwords) for that service. This is the most sensitive data we handle. We protect it as follows:

  • Credentials are encrypted using AES-256-GCM before being stored in our database.
  • Encryption keys are stored separately from the encrypted data.
  • Credentials are never stored in plaintext — not in our database, logs, caches, or any other system.
  • Decryption occurs in memory only, during request forwarding, and only when necessary.

1.3 Virtual Keys

Virtual keys generated by ShieldNode are hashed on creation using a one-way function. The plaintext key is shown to you exactly once and is not recoverable afterward. We store only the hash for authentication purposes.

1.4 Request Logs

When requests are proxied through ShieldNode, we log the following metadata for each request:

  • HTTP method (GET, POST, etc.)
  • Request path (URL without query parameters containing sensitive data)
  • HTTP status code
  • Response latency in milliseconds
  • Timestamp

We do not log request bodies, response bodies, authorization headers, or any payload content. Log retention depends on your plan (7 days on Free, 30 days on Pro, 90 days on Team).

1.5 Technical Data

We may collect IP addresses for security purposes (rate limiting, abuse prevention) and session tokens stored in cookies for authentication. We do not use analytics tools, advertising trackers, or behavioral tracking of any kind.

2. How We Use Your Information

  • To provide the service — authenticating you, storing your services and virtual keys, forwarding proxied requests to target APIs.
  • To enforce security — detecting abuse, rate limit violations, and unauthorized access.
  • To process payments — billing for paid plans via Stripe (web) or RevenueCat (mobile). Payment card data is processed entirely by these providers and never touches our servers.
  • To communicate with you — transactional emails (account creation, password reset). We do not send marketing emails without your explicit consent.
  • To comply with legal obligations — responding to lawful requests from authorities.

3. Data Sharing and Third Parties

We do not sell, rent, or trade your personal information. We share data only with the following service providers, limited to what is necessary for them to perform their function:

SupabaseAuthentication and database hostingUSA
Render.comBackend API server hostingUSA
VercelFrontend hosting (shieldnode.app)USA
StripePayment processing (web subscriptions)USA
RevenueCatMobile subscription management (future)USA

We may disclose your information if required by law, court order, or to protect the rights, property, or safety of ShieldNode, our users, or the public.

4. Data Retention

  • Account data — retained as long as your account is active. Deleted within 30 days of account deletion request.
  • Encrypted credentials — deleted immediately when you delete a service.
  • Virtual key hashes — deleted when the key is deleted.
  • Request logs — automatically deleted after 7 days (Free), 30 days (Pro), or 90 days (Team).
  • Payment records — retained as required by applicable law (typically 7 years).

5. Security

We implement industry-standard security measures including:

  • AES-256-GCM encryption for all stored API credentials
  • One-way hashing for virtual keys
  • TLS/HTTPS encryption for all data in transit
  • No plaintext credential storage at any layer (application, database, cache, or logs)
  • Access controls limiting who can access production systems

No method of transmission over the internet is 100% secure. We cannot guarantee absolute security, but we take every reasonable measure to protect your data.

6. Your Rights under GDPR (EU/EEA Users)

If you are located in the European Union or European Economic Area, you have the following rights under the General Data Protection Regulation (GDPR):

  • Right of access — request a copy of the personal data we hold about you.
  • Right to rectification — request correction of inaccurate data.
  • Right to erasure — request deletion of your personal data ("right to be forgotten").
  • Right to data portability — receive your data in a structured, machine-readable format.
  • Right to object — object to processing of your personal data.
  • Right to restrict processing — request that we limit how we use your data.

Our legal basis for processing your data is: contract performance (providing the service you signed up for) and legitimate interests (security, abuse prevention). To exercise any of these rights, contact us at contact@shieldnode.app.

7. Your Rights under CCPA (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

  • Right to know — request information about what personal data we collect and how we use it.
  • Right to delete — request deletion of your personal data, subject to certain exceptions.
  • Right to opt-out of sale — we do not sell personal information. This right is not applicable.
  • Right to non-discrimination — we will not discriminate against you for exercising your privacy rights.

To submit a request, contact us at contact@shieldnode.app. We will respond within 45 days.

8. Cookies and Local Storage

ShieldNode uses only essential cookies necessary for the service to function. See our Cookie Policy for full details. We do not use advertising cookies, analytics cookies, or any third-party tracking.

9. Children's Privacy

ShieldNode is not directed at children under the age of 16. We do not knowingly collect personal information from children under 16. If you believe we have inadvertently collected such information, please contact us immediately at contact@shieldnode.app and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email (to the address associated with your account) or by posting a notice on shieldnode.app. Your continued use of the service after changes take effect constitutes acceptance of the updated policy.

11. Contact

For any privacy-related questions, data requests, or concerns:

Dorunaitsu LLC

Delaware, United States

contact@shieldnode.app