Privacy Policy

Last Updated: January 2025

DLX7 ShieldNet ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our content protection platform and related services (collectively, the "Service").

1. Information We Collect

1.1 Information You Provide

We collect information you provide directly when using our Service:

• Account Information: Email address, name, and authentication credentials provided through Google OAuth.
• Payment Information: Billing details processed securely through Stripe. We do not store complete credit card numbers on our servers.
• Service Configuration: Protected content definitions, element selectors, and security preferences.
• Communications: Information you provide when contacting our support team or participating in surveys.

1.2 Information Collected Automatically

When you use the Service, we automatically collect:

• Service Activity Data: Protected content monitoring events, drift detections, recovery actions, API usage, and system health metrics.
• Device and Browser Information: IP address, browser type, operating system, device identifiers, and referring URLs.
• Cookies and Similar Technologies: Session identifiers and authentication tokens necessary for Service functionality.

1.3 Information from Third Parties

• Authentication Providers: Profile information from Google OAuth including email address and basic profile data.
• Payment Processors: Transaction confirmation and subscription status from Stripe.

2. How We Use Your Information

We use collected information for the following purposes:

• Service Delivery: Provide, maintain, and improve the content protection Service, including real-time monitoring, drift detection, and automated recovery.
• Security and Protection: Monitor for unauthorized access, prevent fraud, ensure system integrity, and maintain cryptographic verification of protected content.
• Account Management: Create and manage your account, process payments, and handle subscription lifecycle.
• Analytics and Optimization: Analyze Service performance, identify usage patterns, and optimize system efficiency.
• Customer Support: Respond to inquiries, troubleshoot issues, and provide technical assistance.
• Legal Compliance: Comply with applicable laws, regulations, and legal processes.
• Communications: Send Service-related notices, security alerts, and administrative messages. We do not send marketing communications without explicit consent.

3. How We Share Your Information

We share information only in the following circumstances:

3.1 Service Providers

We engage third-party service providers who perform functions on our behalf:

• Stripe: Payment processing and subscription management. See Stripe Privacy Policy.
• Google OAuth: Authentication services. See Google Privacy Policy.
• Supabase: Database infrastructure. See Supabase Privacy Policy.
• Vercel: Application hosting and edge deployment. See Vercel Privacy Policy.

3.2 Legal Requirements

We may disclose information if required by law or in response to valid legal processes, including subpoenas, court orders, or law enforcement requests.

3.3 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and provide notice on our website before your information becomes subject to a different privacy policy.

3.4 With Your Consent

We may share information for purposes not described in this Privacy Policy with your explicit consent.

4. Data Retention

We retain your information for as long as necessary to provide the Service and fulfill the purposes outlined in this Privacy Policy:

• Account Data: Retained while your account is active and for 90 days after account closure to facilitate reactivation.
• Service Activity Logs: Security events and drift detection logs retained for 365 days for analysis and compliance purposes.
• Payment Records: Transaction records retained for 7 years to comply with financial regulations.
• Legal Obligations: Information retained longer when required by law or to establish, exercise, or defend legal claims.

5. Data Security

We implement appropriate technical and organizational measures to protect your information:

• Encryption: Data encrypted in transit using TLS 1.3 and at rest using AES-256 encryption.
• Access Controls: Strict access controls limit personnel access to personal information on a need-to-know basis.
• Authentication: Multi-factor authentication required for administrative access to production systems.
• Monitoring: Continuous security monitoring and intrusion detection systems.
• Regular Audits: Periodic security audits and vulnerability assessments.

While we strive to protect your information, no method of transmission or storage is completely secure. We cannot guarantee absolute security but will notify you promptly of any breach that may compromise your information.

6. Your Privacy Rights

Depending on your jurisdiction, you may have the following rights:

6.1 GDPR Rights (European Economic Area)

• Access: Request a copy of your personal data.
• Rectification: Request correction of inaccurate or incomplete data.
• Erasure: Request deletion of your personal data under certain circumstances.
• Restriction: Request restriction of processing your personal data.
• Data Portability: Request transfer of your data to another service provider.
• Object: Object to processing of your personal data for direct marketing or other purposes.
• Withdraw Consent: Withdraw consent where processing is based on consent.

6.2 CCPA Rights (California Residents)

• Know: Right to know what personal information we collect, use, disclose, and sell.
• Delete: Right to request deletion of personal information.
• Opt-Out: Right to opt-out of the sale of personal information. (Note: We do not sell personal information.)
• Non-Discrimination: Right not to receive discriminatory treatment for exercising privacy rights.

6.3 Exercising Your Rights

To exercise any of these rights, contact us at privacy@cogen.cloud. We will respond to your request within 30 days. You may be required to verify your identity before we fulfill your request.

7. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws different from your jurisdiction. We ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses approved by the European Commission.
• Processing agreements with service providers requiring equivalent data protection.
• Adherence to recognized data protection frameworks.

8. Children's Privacy

The Service is not intended for individuals under the age of 16. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us immediately. If we discover we have collected information from a child, we will delete it promptly.

9. Cookies and Tracking Technologies

We use cookies and similar technologies to provide and improve the Service:

• Essential Cookies: Required for authentication, security, and core Service functionality. These cannot be disabled.
• Authentication Tokens: Secure HttpOnly cookies for session management.

We do not use advertising cookies or third-party tracking cookies. You can manage cookie preferences through your browser settings, though disabling essential cookies will prevent you from using the Service.

10. Third-Party Links

The Service may contain links to third-party websites or services not operated by us. We are not responsible for the privacy practices of third parties. We encourage you to review the privacy policies of any third-party services you access.

11. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of material changes by:

• Posting the updated policy on this page with a new "Last Updated" date.
• Sending email notification to the address associated with your account.
• Displaying a prominent notice on our website.

Your continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy.

12. Contact Information

For questions, concerns, or requests regarding this Privacy Policy or our data practices, contact:

DLX7 ShieldNet
Email: privacy@cogen.cloud
Support: support@cogen.cloud

We will respond to all legitimate requests within 30 days.

13. Data Protection Officer

For GDPR-related inquiries, you may contact our Data Protection Officer at dpo@cogen.cloud.

You also have the right to lodge a complaint with your local data protection authority if you believe we have not adequately addressed your concerns.