Shielda — Cookie Policy

Last Updated: 2026-04-23 Effective Date: 2026-04-23

This Cookie Policy explains how Shielda Security, Inc. ("Shielda," "we," "us") uses cookies and similar technologies when you visit shielda.io, app.shielda.io, docs.shielda.io, and trust.shielda.io (collectively, the "Sites"). Read alongside our Privacy Policy.

---

What are cookies

Cookies are small text files placed on your device when you visit a website. They let the site recognise your browser and remember information about your visit. We also use related technologies (local storage, session storage) interchangeably referred to as "cookies" in this policy.

Categories we use

We use only the following categories. We do not use advertising or cross-site tracking cookies.

Category Purpose Examples Duration Consent ---------------------------------------:-------: Strictly necessary Required for the service to function — authentication, CSRF protection, load balancing, session state. appSession (Auth0), Host-csrf, load-balancer stickiness Session or ≤ 7 days Not required (essential) Preferences Remember UI choices (theme, sidebar state, language). theme, sidebar-collapsed ≤ 1 year Not required (not tracking) Analytics (first-party) Aggregate product-usage metrics to improve the service. Self-hosted — no third-party analytics SDK is loaded until you opt in. posthogdistinctid (post-launch, opt-in only) ≤ 1 year Required (opt-in) Security telemetry Detect abuse and credential stuffing — rate-limit tokens, fingerprint-free bot detection. rl Session Not required (essential)

Third-party services

We integrate with the following third parties that may set their own cookies when you land on pages served by them (e.g. redirects through Auth0 or Stripe Checkout). These are governed by each vendor's own cookie policy.

Auth0 (authentication) — see auth0.com/privacy. Stripe (billing) — see stripe.com/cookie-settings. Cloudflare (edge / DDoS protection) — see cloudflare.com/cookie-policy.

A full sub-processor list is maintained at SUBPROCESSORS.md.

Your choices

Browser controls: Most browsers let you refuse or delete cookies. Refusing strictly-necessary cookies will prevent you from logging in. Analytics opt-out: Analytics cookies are opt-in only. You can revoke consent any time from Settings → Privacy in the dashboard, or by clearing the analyticsconsent=true cookie. Do Not Track: We honour the Sec-GPC (Global Privacy Control) signal. When set, analytics cookies are never placed regardless of consent state.

Changes to this policy

We will update this page when we add or remove a cookie. Material changes are announced on trust.shielda.io 30 days in advance.

Contact

Questions: privacy@shielda.io. EU/UK data-subject requests: dpo@shielda.io.