Privacy Policy

Overview

AIShield is operated by SpearCompute Sdn Bhd ("we", "us", "AIShield"), a company registered in Malaysia. This policy explains what personal data we collect, why we collect it, and what your rights are.

We're built on a simple principle: your data is yours. We don't sell it. We don't share it with advertisers. We collect only what's needed to protect you from threats, and we let you delete everything in one click.

Data we collect

Account information

• Email address (for login and notifications)
• Phone number (optional, for SMS alerts and 2FA)
• Encrypted password hash (we never see your actual password)
• Subscription tier and billing status

Threat detection data

• Suspicious URLs, SMS content, or call metadata you submit for analysis
• Device permission state (which apps have access to what)
• Threat detection results and history

Technical data

• App version, OS version, device model
• Anonymized crash reports (with your consent)
• IP address (for security and abuse prevention only)

We do not collect: your contacts, your photos, your call recordings, your message contents (unless you submit them for scanning), your location (unless you grant explicit permission), or your browsing history.

How we use your data

• To protect you: Analyze submitted threats, detect AI-generated content, alert you to risks
• To run the service: Authenticate you, deliver notifications, process subscriptions
• To improve detection: Train our AI models on aggregated, anonymized threat patterns (you can opt out)
• To comply with law: Respond to lawful requests from authorities (we publish a transparency report)

We use Anthropic's Claude API to analyze threats. Submitted text is sent to Anthropic for analysis under their privacy terms. Anthropic does not train on this data. Sessions are not retained beyond the API request.

Third parties we work with

• Anthropic — AI threat analysis (Claude API)
• Cloudflare — hosting, security, CDN
• Stripe — payment processing (we never see your card)
• Twilio — SMS delivery for alerts and 2FA
• SendGrid — transactional email delivery

Each of these has been vetted for PDPA and GDPR compliance. We have signed Data Processing Agreements (DPAs) with all of them.

Your rights

You have the following rights over your data, regardless of where you are:

• Access — Request a full copy of all data we hold on you
• Correct — Update inaccurate information at any time
• Delete — Erase everything we have ("right to be forgotten")
• Export — Download your data in JSON format
• Object — Opt out of analytics, marketing, or AI model improvement
• Restrict — Pause processing while disputes are resolved
• Complain — File a complaint with your data protection authority

To exercise any of these rights, email dpo@aishield.com or use the in-app data controls. We respond within 14 days (faster than the 30-day legal requirement).

Data retention

• Account data: retained while your account is active, plus 30 days after deletion
• Threat history: 7 days (Free), 1 year (Pro), as configured (Enterprise)
• Submitted scan content: deleted within 24 hours after analysis
• Audit logs: 1 year for security and legal compliance
• Backups: rolling 30-day window, then permanently deleted

PDPA Notice (Malaysia)

This section is published in compliance with the Personal Data Protection Act 2010 (Act 709) of Malaysia.

Data User

SpearCompute Sdn Bhd, registered in Malaysia, is the Data User in respect of your personal data.

Purpose of processing

We process your personal data for the purposes described in "How we use your data" above. Your data may be processed by our staff and authorized third parties (listed above) located in Malaysia, Singapore, the United States (Cloudflare, Anthropic), and the European Union.

Disclosure

We may disclose your data to: our service providers (under DPAs); regulators or law enforcement (when legally required); a successor entity in case of merger or acquisition (you'll be notified). We will never sell your data.

Your rights under PDPA

• Request access to your personal data (Section 30)
• Request correction of inaccurate data (Section 34)
• Withdraw consent for processing (Section 38)
• Limit processing of your data (Section 42)

Consent

By using AIShield, you consent to the processing described in this policy. You may withdraw consent at any time by emailing dpo@aishield.com or deleting your account.

For PDPA-related complaints, you may also contact the Personal Data Protection Department of Malaysia (JPDP) at pdp.gov.my.

GDPR (EU users)

If you are in the EU, EEA, or UK, the General Data Protection Regulation (GDPR) and UK GDPR apply to your data.

The legal bases we rely on:

• Contract — to provide the service you've signed up for
• Consent — for analytics, marketing, AI model improvement (you can withdraw)
• Legitimate interests — for fraud prevention, security, and service improvement
• Legal obligation — to comply with regulatory requirements

Cross-border data transfers from the EU to Malaysia are protected by Standard Contractual Clauses (SCCs).

Our EU representative is appointed under Article 27 GDPR. Contact via eu-rep@aishield.com.

You may file complaints with your local data protection authority. A list is available at edpb.europa.eu.

Cookie Policy

AIShield's website uses cookies and similar technologies to provide and improve our service. You can manage your preferences anytime via the consent banner or the Manage consent link in our footer.

Categories of cookies

We do not use third-party advertising trackers, social media pixels, or session replay tools.

Contact our Data Protection Officer

For any privacy concern, data request, or complaint:

For policy changes: we'll notify you by email at least 30 days before any material changes take effect.