This article will guide you through:
1 - How Shield complies with GDPR
Yes, Shield is GDPR-compliant. Here’s how:
Data collection and consent:
Shield connects to LinkedIn via active user sessions, and by virtue of active consent from each individual account owner.
When connecting to Shield, users verify their account using a unique, personal Shield token. This process ensures users provide active consent for us to process their data.
Data retention and deletion:
Users can delete their own accounts and data at any time.
Shield has technical controls in place to enforce retention periods in accordance with GDPR, and to delete user data when it’s no longer needed to provide our services.
Shield enforce GDPR’s 6-month data retention policy after account closure (unless the user deletes their data first, of course).
Invoice and payment related data will be kept for longer in compliance with the law.
2 - Data security and protection
Here are the steps we take to ensure your data is protected:
EU GDPR-compliant practices:
We follow GDPR to collect, process, and store user data responsibly within the European Union, and only with trusted third-party sub-processors with strong security and data integrity.
Secure infrastructure:
Shield uses trusted cloud providers like Auth0 (identity management) and Digital Ocean (databases and servers).
Auth0 ensures secure storage of usernames, passwords, and tokens using one-way encryption. SOC 2 and ISO27001 certified.
Digital Ocean provides managed databases with regular backups and failsafe mechanisms. SOC 2 and ISO27001 certified.
3 - Additional questions
If your org has additional questions in relation to GDPR, please refer to our legal documentation or send an email to [email protected]
—
The Shield team