Privacy Policy

For the purposes of this Privacy Policy, ‘we’, ‘us’, ‘our’ and ‘TeamShield’ all refer to TeamShield, Inc., a Delaware C-Corp, and ‘you’ refers to you, the user of our Services. 

A) Intro/Summary: TeamShield is Private by Design

Your privacy is of the utmost importance to us, and our mission is to protect and enhance the privacy of our users. TeamShield is committed to privacy and is private by design.

TeamShield utilizes state-of-the-art security and end-to-end encryption to provide a number of online collaboration and business productivity tools in one solution - such as secure and private messaging, files sharing and sending - to our users (“Services” - see the full definition of our “Services” in our Terms of Service above). Your messages and files remain always encrypted (except when you or your intended recipients are viewing them locally on a device using our Services), so that they can never be decrypted or viewed by anyone but yourself and your intended recipients. In particular, neither TeamShield as an organization, nor anyone working at TeamShield, even our technical and security staff, has any way of reading your messages or viewing your files. By the design and architecture of our systems, we simply can’t.

Furthermore, as part of our commitment to preserving the privacy and security of your personal data, when you use our applications:

• we will never rent nor sell your personal information, 
• we do not serve any ads from any third party within our ecosystem (nor provide information to others so that they can target you with advertising or other commercial means),
• we only store the minimum data and metadata needed to function and offer secure, private and feature-rich Services.
• We do NOT use Google Analytics in our applications.

 Whenever possible, even metadata is encrypted in a way that we can decrypt it. We believe that the least information we can know about you, the better.

Please note that, as described in C.1, in our marketing oriented website, landing page and blog, there are different necessary and optional cookies and scripts than in our applications.

 

B) Types of accounts and definition of “You”

Unless otherwise noted, “you” (“your”, “yours” and their capitalized versions) throughout our Privacy Policy and Terms of Service, refers to the end-user. You are the person who completed the last step of signing up for an account by choosing a passphrase and accepting our Terms of Service and Privacy Policy in the last stage of the signup process; “you” also refers to non-registered users who are recipients of at least one of our users and who have received a password protected communication from one of our users, also accepting our Terms and Privacy Policy or accessing our web app to retrieve the communication sent to them by one of our users.

In case:

- you represent an organization, such as a business, team or educational institution, that utilizes our Services through a Corporate Account (from now on we may also refer to you as “Corporate Account Administrator”, or “Organizational Account Administrator”, or simply “Account Administrator”), or

- you represent a Family, that utilizes our Services through a Family account (from now on we may also refer to you as “Family Account Administrator”, or “Organizational  Account Administrator”, or simply “Account Administrator”), or  

- you are an end user of TeamShield Services and/or of a TeamShield account provided by your organization or company, (from now on we may also refer to you as  “Non-Administrator Member”),

please see the Organizational Accounts section of this privacy policy to learn how we process your data and further policies that apply to your account.

If you are a Non-Administrator Member of a Corporate Account, your use of TeamShield may also be subject to your organization’s privacy policy or practices, if any. In such a case, you should direct your privacy inquiries, including any requests to exercise your data protection rights, to your organization’s Administrator. We are not responsible for the privacy or security practices of your organization or employer, which may differ from those set out in this privacy policy.

If you lose access to the Organization that you are affiliated with (for example, if you change your employment), you may lose access to TeamShield Services, account and the associated content or data. Obviously, if you have other TeamShield account(s) that are not related to your organization, such as a Family Account or a single, self-registered account, for which you registered using a different email address than a corporate email address provided by your Organization, then these other accounts won’t be affected by any change to your Organizational account, as they are completely segregated.

Non-administrator members of an account transfer some of the rights described in our Terms and Privacy Policy to the Organization they belong to and/or to the Account Administrator(s) of their Organization - as indicated in various sections of our Terms of Service and Privacy Policy, as well as to some extent in the Organizational Accounts section.

If you are a Corporate Account Administrator or a Non-Administrator Member, and if your Organization has contracted our Services in the Managed Private Cloud modality, an adapted version of our Terms of Service and Privacy Policy would be provided to you for your review on the last step of the sign up process, and might offer terms that differ from the ones presented in this document and based on what your Organization contracted with us.

 

C) Information you provide and content you upload, send or share via TeamShield; information collected through the TeamShield Services and Public Website

 

C.1 TeamShield Services vs. TeamShield Public Website.

As stated in our Terms of Service, you are considered to be using our Services (and are therefore bound by this Privacy Policy) by accessing or using our web app (website application) at teamshield.ai/app (and teamshield.ai/temporary) or any of its subfolders, or by downloading, installing, signing up, copying or otherwise using any of our apps, services, or web apps that run either on our main infrastructure or on a Private Cloud in case you our your Organization contracted a Managed Private Cloud version of TeamShield (altogether, “Services”).

In addition to our main web app (currently available on a subfolder of the root domain at teamshield.ai/app and region-specific similar paths) and our OS-specific apps, all of which are aimed at providing the maximum privacy to our users and full encryption of their messages and files, we also operate a website on the www subdomain at www.teamshield.ai which is an informative, educational, commercial and marketing website aimed at informing and educating visitors about privacy, and detailing our Services. This site contains and/or is complemented by a blog (which may be on the same subdomain or a different subdomain), newsletter sign-up, industry-specific landing pages and a number of characteristics common to most similarly-purposed marketing and commercial websites. As such, and considering that you can use our privacy Services (on teamshield.ai/app and/or via OS-specific apps) completely independently of visiting or not our marketing website (on www.teamshield.ai), for commercial and marketing purposes we do reserve the rights to use marketing-purposed tracking (but only after the visitor has given consent via our Cookies manager) for commercial purposes and other commercial techniques on www.teamshield.ai and other subdomains (but, again, not on teamshield.ai/app). For example, if you sign up for a newsletter on www.teamshield.ai or via any other advertising that we might publish online, you agree to receive said newsletter or other commercial information (an opt-in mechanism is provided during the newsletter signup process), and you acknowledge that the profile information you shared with us in the context of a marketing campaign or commercial information is not covered by the same encryption or privacy mechanism implemented in our Services - albeit we also take your privacy very seriously in any marketing endeavor, hence for example the systematic opt-in mechanism.

Independently of whether or not you are a user of our Services, you may separately and at any point access our Public Website, which is accessible at www.teamshield.ai/ and whose purpose is informational and commercial. More specifically, the Public Website includes www.teamshield.ai/ and any other subdomains or subfolders on these subdomains (except for the subfolder app on the root domain teamshield.ai/app and any of its subfolders, and teamshield.ai/temporary and any of its subfolders), for example www.teamshield.ai/blog, blog.teamshield.ai and www.teamshield.ai/landing (throughout this document: “Public Website”). The clauses of this privacy policy that relate to the data acquired via our Public Website also apply to data acquired via any public campaign (i.e. any marketing campaign on social media platforms or equivalent).

 

C.2 Secured Content vs Services-related Data.

“Secured Content” is the content that you choose to send, share or upload on our Services, and that we are not capable of decrypting under any circumstances. Your Secure Content includes all the messages and files you send through our messaging feature, all the files, documents, photos, folders that you upload to your TeamShield drive, and any of these same items that you share from your TeamShield drive.

“Services-related Data” are data acquired by us (either collected programmatically and transparently to you, or that you consciously share with us) via your use of our Services and/or that are inherent to operating our Services. Services-related Data include certain aspects of your usage of our Services, your account, and your payments. We strive to retain only enough Services-related Data to operate and maintain the Services. These data are never used for any other purpose. Services-related Data are kept confidential. It is visible to our staff on a strict need-only basis, and includes, but is not limited to, server logs, and some personally identifiable information such as company or family name, email address and billing information. See more in section C.7.  As long as you are using our Services, we retain the right to hold and use Services-related Data to provide our Services, to troubleshoot problems, to analyze the performance and demands on our services, and to provide our payment processors with the information they need to process payments. As always, we do so with the utmost care for your privacy.

The next sections go into more details about the information collected in each case and their uses.

 

C.3 Handling of Secured Content. TeamShield cannot decrypt or otherwise access the content of your messages or files.

This will also apply to any other form of user-generated confidential content for which TeamShield might provide privacy and security features in the future, such as calls or video calls. TeamShield end-to-end encrypted messages* (that have all been encrypted locally on the sender’s device) are stored securely on remote cloud-based servers, so that they can be delivered safely to your recipients and so that for your convenience your message history is synced and accessible to you on all of your own devices. None of our cloud providers is able (and they will never be able) to view your files nor messages, since they have been encrypted locally prior to storage (and no cloud provider has access to the passphrase that is indispensable for decrypting them). We will NEVER ask for your passphrase by any channel, so never share your passphrase with anyone pretending to be from TeamShield (you should never share your passphrase with anyone anyway), and do report to us any request to do so by contacting us on our Security contact.

*Please note that currently messages that can be exchanged between users on TeamShield include both text messages and recorded voice messages (but not live calls).

TeamShield limits the additional technical information and metadata we gather to the bare minimum required to operate the Services and most metadata is itself encrypted.

Since one of the main features of TeamShield is to allow users to securely send messages and files among themselves, by using our Services you agree and acknowledge that content that you send to and share with other users (or recipients that are non-users) via our Services can be decrypted by them (albeit by no one else).

In particular, unlike some other email services and instant messaging (including some of those who encrypt some of your communications), in TeamShield ALL of the files and messages you send to anyone, whether or not the recipient is a registered user or not, are by default, systematically encrypted. It is not possible to willingly or unwillingly send an unencrypted message or file via our instant messaging or drive sharing features. Only Secured Content can be exchanged between users.  

 

C.4 Account Information. 

When you create a TeamShield user account, you typically register with a profile name of your choice and an email (and optionally a phone number for 2FA). Email and  (optionally) phone numbers are used to provide our Services to you and other TeamShield users. You may optionally add other information to your account, such as a profile picture (also known as avatar).

There are different ways of signing up for TeamShield and/or of getting invited to TeamShield (see Invitations section for more details). Depending on the case, some of your account information might be provided to us by the inviter and/or by your Organizational Account Admin, and pre-filled in the invitation you receive, so as to make it easier and faster for you to complete your signup. For example, your Organization might provide us with your name and email address, in which case the only step left for you to finish signing up is to choose a passphrase to protect your account, and to accept our Terms of Services and Privacy Policy (via the checkbox on the page where you input your passphrase for the first time).

We may also use the email you provided during account creation in order to inform you about new TeamShield products and services in which you might have an interest. The legal basis for processing is consent, and you are free to opt out at any time.

Organizational accounts (and in some case other types of accounts) who have some of the customization options enabled, might have the option to provide a logo that will be used for all the members of their Organization, for their own account, and when communicating with other users or external recipients (the logo is used both on our Services such as in the login page of the web app and inside the app, and in the email notifications). The purpose of this is to enhance the branding of said customer and the experience of their users and recipients. This is optional (and might require a fee) and only at your discretion as our customer (as you need to provide us with the logo file or at least give us instructions to use your logo obtained on public source e.g. from the internet). By ordering such customization and/or instructing us to use your logo, and by accepting our Terms of Service and Privacy Policy, you acknowledge and authorize us to use your logo for the customization and branding purposes described above.

C.5 User’s content and personal information Ownership. 

You (or your Organization in applicable cases) retain full ownership of your messages, files, folders, and any information you upload to TeamShield (together, your Secured Content). Files that you store on TeamShield online drive are yours and only yours. However, if you decide to send a message or file via TeamShield messaging features, or to share a file from your TeamShield drive with any recipient, you acknowledge and agree that said recipient(s) (which you choose yourself and to/with whom you took the action yourself to send/share) will have access to said message(s) and/or file(s), and might retain access even after you stop using TeamShield (or after you archive, delete, remove the file or message from your TeamShield drive or from your TeamShield messaging conversation history). This is quite similar to what happens when you send a message or file via email: even if you delete the email on your end, the recipient(s) will retain a copy both of the message content but also of its metadata such as the email address you used and the name that was associated with your email account. That said, TeamShield provides advanced security measures for you to better protect and control your information. The most important one is that, unlike traditional email providers who can read the content of your emails and read the content of your files and other attachments, we can not. In addition, when you use the messaging feature, there is an expiration date for files. Past this expiration date, the recipient will no longer be able to download the file from the messaging section. Please note that if they have previously downloaded the file, they would still have access to their downloaded copy, independently and outside of the TeamShield ecosystem. When you share a file from TeamShield Drive, you have the option, at any moment, to stop sharing said file with some or all of the recipients with whom you had previously shared it. If you unshare it, the recipients will no longer have access to said file in the TeamShield ecosystem, however they will still potentially have access to a downloaded copy outside of TeamShield if they had downloaded it before you revoked sharing it with them. Future versions of TeamShield will add more controls, for example you will be able to choose that a recipient can only preview within our app a file you shared with them from the TeamShield drive, and restrict the option for them to download it. We provide a secure and private way for you to exchange information with people and/or companies of your choice, in order to protect you from third parties (or providers) wanting to intercept it, however it is your responsibility to only exchange information with recipients that you trust and who will not misappropriate or misuse your information.

 

C.6 Personal Information shared with your consent with other TeamShield users and external recipients.

You acknowledge and agree that other users of our Services, especially those with whom you choose to communicate with, will have access to certain information, and that they may be located in a different jurisdiction than you, for example outside the EEA or outside California. Note that by entering into the Terms of Service and choosing to communicate with such other users of TeamShield, you are instructing us to transfer your personal data, on your behalf, to those users in accordance with this Privacy Policy. We employ all appropriate technical and organizational measures (including encryption of your personal data) to ensure a level of security for your personal data that is appropriate to the risk. To give specific example, if you choose to add someone as a contact in TeamShield, and/or if you choose to send them a message or share a file with them via TeamShield, you acknowledge and agree that the recipient will have access to the following information about you: the email address you registered with and/or that is currently associated with your account if you changed it subsequently, the name you chose to associate with your account (or that was pre-filled out, or given to us by your Organization in the case of an Organizational Account), your avatar if you have decided to upload one (otherwise they will just see a default anonymous avatar with the initials of your chosen name in the application, which does not have to be your real name). You acknowledge and agree that they will also have access to the specific file(s) or message(s) (Secured Content) that you chose to send or share with them (as described in C.5)  - and obviously, access is strictly limited to the Secure Content you specifically sent or shared with them, not the rest of your Secured Content. If you decide to use the messaging feature to send a message or file to someone who is not a user, a one-time password will be added for extra protection; you acknowledge and agree that the recipient will have access to your TeamShield name and email (which they will see in the notification email and/or on the web page linked to in the notification email), and that, after entering said password, they will have access to the file(s) and/or message(s) you sent to them.

 

C.7 Services-related Data: information needed to run our Services and collected through our Services. 

TeamShield reserves the right to collect and store some personal information which is needed to run our Services, such as your contact and billing information, email address, phone number (optional), and messages sent to our support team. Service data includes the name on your TeamShield profile and any avatar that you may upload, at your option and discretion, as part of your profile. IPs might be collected for security purposes, technical monitoring, to provide you with some of the features of our Services and/or in order to route requests to the correct region for GDPR compliance. Our general philosophy is to collect as little information about our users and as little metadata as possible in order to find the right balance between affording them the maximal privacy while ensuring the security and smooth operation of our systems and applications. As previously mentioned, whenever possible, even metadata is encrypted.

Optional: Help us Improve TeamShield and provide you with better support

You may choose to help us improve your user experience by allowing TeamShield to automatically log app-related errors when they occur. This process is easy and transparent, and you just have to click ”accept” once. You may also retract your consent at any time from your settings page.

After signing up and shortly after you sign in for the first time, you will be presented with a pop up offering you to participate in our product improvement program, which purpose is twofold:

• first and foremost, to have automated error reporting (in the background without need for your intervention) which logs technical details that are account-specific so that we can better assist you in case you reach out to us with a technical issue or so that we can also proactively reach out to you in case an important anomaly is detected), and
• Second, detect potentially recurring errors that affect more users, and therefore fix any bug and improve our Services accordingly, for the benefit of all users.

 

We also have access to the following records of Account activity: number of messages sent, amount of storage space used, total number of messages, last login time, total number of contacts within your TeamShield-specific in-app address book. However, we have strict access controls and this information is not accessed by any employee of TeamShield, unless in special circumstances and by authorized personnel only and for a very specific purpose, such as troubleshooting or security concerns.

 

C.8 Information collected from your use of our Public Website.

In the case of merely informational use of our Public Website, i.e., if you do not register (you do not use our Services) or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. Please note that this is true of any visit you make from any browser to any website, because, due to how the http protocol was designed, the browser transmits the following information with each request, and there is nothing we can do on our end to prevent this. So, if you visit our website, we receive and collect the following data: IP address, date and time, URL, amount of data transferred, browser type and version, operating system used, http code to indicate whether the request was successful.

Please note however that we purge these logs from our live servers within a maximum of three months. The storage is based on our legitimate interests, as well as those of users in protection against misuse and other unauthorized use. The collection of log data for the provision of the website including their storage in log files is mandatory for the operation of the website. Therefore, as a rule, there is no possibility of objection on the part of the user. This does not apply to log data that is processed in the context of our Services offered on our website beyond purely informational use. You can find more information in this respect in the notes relating to the individual services in this privacy policy.

 

In certain sections of our public Website, you have the option to provide personal information that will enable us to enhance your site visit, provide support, answer your questions, or to follow up with you after your visit. It is completely optional for you to participate. For example, we may request information from you when you:

 

• Subscribe to a newsletter
• Participate in promotional offers
• Subscribe to our blog

 

In each case, we use your information for the specific and exclusively purpose for which you provided it. For example, the information you provided or that we collected may be used to:

• Send you relevant information and information you requested about TeamShield or privacy-related and security-related topics
• Provide support with the signup process (any other support once you signed up and related to the use of our Services is treated separately)
• Market our Services to you or to your organization

Personal information you provide will be kept confidential and used to support your customer relationship with us.

Any follow-up email related to the above is considered a commercial email (as opposed to the transactional emails referenced in section 1.3 of our Terms of Service). As such, all these email communications with you will be on an opt-In basis, with the ability for you to remove your consent at any time. This is solely at your discretion. Occasionally, We will send you email communications with information, which may be useful to you, including information about Our Services. We do not send you any information from any affiliates nor business partners, and do not share any information with any such entities. In fact, we do not work with any affiliate or business partner. When you first provide us with your email address on our Public Website, you will be given the option of not receiving any such email communications. Each of our email messages includes instructions on how to unsubscribe (or a link to directly do so), just in case you later decide you do not want to receive any future email communications. At any time, you can also easily opt-out of receiving further marketing from us by contacting us at the marketing address below and requesting to have your name removed from our lists.

When interacting with us via our Public Website/public campaigns, vs. when using our Services, you may choose to use a different email address or the same one. In case you decide to use the same one, which is totally fine, please note that we will treat your email address depending on the context in which it was collected. For example, you may very well at any time decide to opt-out of receiving marketing or promotional emails, but yet you will still be able to receive any security email related to the use of our Services and your user account.

 

C.9 Cookies.

Upon visiting any of our websites (whether Public Website or our Services), you are presented with a cookie banner to provide you with information about every cookie, both necessary and optional, and to let you choose which cookies you want to accept or reject. No optional cookies are ever installed without getting your prior consent. 

Cookies are stored on your computer when you use our Public website and/our using our Services. Cookies are small text files that are stored on your hard drive, assigned to the browser you are using, and through which the party that sets the cookie (in this case: us), obtains certain information. Some functions of our website cannot be provided without the use of cookies. Cookies cannot execute programs or transfer viruses to your computer.

Regardless of whether you choose to agree or disagree at that point when presented with the cookies banner, you can at any moment change your mind and make a different choice by toggling the corresponding settings in your Teamshield settings section.

In addition to the choices about optional cookies that we provide you with (both the initial banner and the option to change your preferences later on from the settings section of your TeamShield account), if you do not want any cookies at all (even the strictly necessary ones) to be stored on your computer, you can deactivate the corresponding option in the system settings of your browser, and previously stored cookies can be deleted in the system settings of the browser. Please note that in this case not all the features of our Services could be used and the app and website might not function properly.

A Comprehensive list and description of each cookie, both strictly necessary and optional, is presented to the user on our Public Website and on our web app, with the option to completely deactivate the optional ones.

Cookies that are technically necessary to carry out the electronic communication process or to provide certain functions you have requested are stored as provided by Article 6.1.f of the GDPR. As a website and SaaS operator, we have a legitimate interest in storing cookies to operate and optimize our services.

The purpose of optional cookies is typically to help us understand behavior on our Public Website and/or in app of our users anonymously (so that we can understand how users use our features on an individual and aggregate level and both make improvements to existing features and offer new complementary features). The information collected for this purpose is anonymized and sanitized on your device before being sent to us, so that we have no way of linking it back to you. These cookies are used to understand broad and anonymous user behavior when you use our Services. Such anonymized user behavior includes time spent by a visitor on the website, most visited webpage, aggregated clicks on signups etc.

"Third-party cookies" are cookies offered by providers other than us (as opposed to  "first-party cookies" which are offered by us, the provider of the Services and Public Website). Unlike many websites, even security-focused products, we never use third-party cookies to serve any third-party advertisement to visitors once they have left our Public Website as we do not work with any partner sites across the web. Your visits of our Public Website is nobody else’s business and we keep this information private too. We do use third party cookies for legitimate and necessary purposes such as for processing payments with our payment provider. Optional third party cookies could be related to tracking the effectiveness of our advertising and social media campaigns.

Client applications, including web browsers, will store information about your account to assist with future sign-ins and keep some information available to you when you are not signed in. Users may remove all such information from their devices, but doing so will require that they provide complete information (account details, account passphrase) on subsequent sign-ins. For more information on each specific cookie, and to change your consent, please visit our Cookie Settings Manager: a) for our Services: in the settings section of your TeamShield account, b) for our Public Website: using the link in the footer.

Here are the categories and brief explanation of cookies on our Public Website:

Necessary:

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in, or filling in forms. Learn more about necessary cookies.

These cookies are the only ones that are always active and that the user has no option to disable. 

All the other categories below are purely on an opt-in basis and are by default disabled. 

Analytics:

These cookies help us to understand how visitors engage with the website. We may use a set of cookies to collect information and report site usage statistics. In addition to reporting site usage statistics, data collected may also be used, together with some of the advertising cookies described, to help show more relevant ads across the web and to measure interactions with the ads we show. Learn more about analytics cookies.

Functionality:

We use a set of cookies that are optional for the website to function. They are usually only set in response to information provided to the website to personalize and optimize your experience as well as remember your chat history. Learn more about functionality cookies.

Advertisement:

We use cookies to make our ads more engaging and valuable to site visitors. Some common applications of cookies are to select advertising based on what’s relevant to a user; to improve reporting on ad campaign performance; and to avoid showing ads the user has already seen. Learn more about advertisement cookies..

 

C.10 Informational, educative Videos and other video tutorials.

We may use Video Platforms such as YouTube service in order to embed videos on our Public Website. The legal basis is your consent pursuant to Article 6.I.a of the GDPR.

Video Platforms use cookies to collect information about visitors to their website. These platforms use these to collect video statistics, to prevent fraud and to improve user-friendliness, among other purposes. The cookies remain on your terminal device until you delete them or until they expire.

As soon as you start a YouTube video on our website, a connection to YouTube's servers is established. The YouTube server receives the information which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. In doing so, data may be transferred to the USA and linked to further data from other Google services, especially if you are logged into your Google account. If such a transfer of this information to YouTube and Google is not desired, you can prevent this transfer by logging out of your YouTube account before accessing our website.

The processed data typically includes:

• Information about the devices and browsers used (e.g., unique identifiers, IP address, type and settings, operating system, mobile network)
• your activities (videos viewed, date and time of the visit to the page in question, website visited, interactions)
• location data.

We have no influence on the storage period of the data and further data processing by YouTube and Google, or any other similar Video Platforms.

In order to reduce data transfer before the actual start of a video, we use the extended privacy mode. According to YouTube, this mode has the effect that YouTube does not store any information about visitors to this website before they watch the video. We also embed the videos on our website in such a way that a transfer of your data to Google or YouTube partners (the Google DoubleClick network) only begins with your active click on the video.

For more information about data protection at YouTube and Google, please see their terms of service / privacy policy respectively here and here. 

 

C.11 Respecting your privacy for your contacts in other address books. 

True to our mission of respecting and strengthening your privacy, TeamShield does not need to access the address book of any of your devices nor any of your other online accounts (such as, respectively the native contact app of your mobile phone or the contacts section of your Google or Microsoft account) . 

However, you can optionally, and at your entire discretion, allow TeamShield to import your contacts from an address book managed by another service such as Microsoft or Google. This process requires your express and manual consent, it includes several steps and can be interrupted at any point along the way. It allows you, if you so choose:

- to import into your TeamShield Contacts section, those of your other address book’s contacts who happen to already be users of TeamShield, and

- to send invitations to TeamShield those that are not yet users.

Within the contacts section of TeamShield, you may also search for other TeamShield users - in your settings you have the option to not appear in such search results, however the default behavior is to appear in search results in order to facilitate communication between users. Nonetheless, in order to avoid spamming, the search feature requires that a user enters the full email address of another user in order to see that user in the search results. When doing so, and unless the searched user has chosen the option not to appear in search results, the searching user will be able to see the name that is associated with that email address in TeamShield, the avatar, and the Company the user is associated with, if any.  

Please note that to facilitate communications between users, even if you decide not to appear in search results, a user who knows the complete email address associated with your account will be able to send a message to you by adding your email address to the recipient list in the Compose section of the messaging feature. This is similar to the behavior expected when emailing someone or messaging them in a number of email and instant messaging apps. But we might change this in the future based on users’ feedback.

C.12 Invitations.

There are several ways of inviting others to become users.

• If you have a paid license and/or are an Administrator or member of a Corporate account, or the Administrator of a Family Account, you may ask our support team to send invitations to others on your behalf (for example, to some of your clients or suppliers).
• Any user, including any user referenced in the previous bullet point, but also any single, self-registered user, whether on a paid plan or not, has the ability, directly from the Contact section of TeamShield app, to send by themselves from within TeamShield, an invitation to anyone else, simply by entering their email address in the proper field of the app.

In all the above cases, by requesting or sending each and any invitation, you are authorizing us to create new accounts for your invitee, and you confirm that you have the authorisation from the invitee to share with us the information you might provide us during the account creation/invitation process (typically, for the first bullet point: email address, name of company, name of invitee; for the second bullet point: only the email address). You take full responsibility for sharing this information with us, and, should the invitee reach out to us to complain (for example if the invitee did not wish to receive the invitation and did not wish for us to contact them), you agree to take full responsibility for all legal actions and legal costs associated with the invitee’s complaint. We will of course, as stated in section D.1, delete any invitation and invitee’s personal data if the invitee so desires. If this occurs, we might restrain your ability to send or request additional invitations in the future, or block your account.

If you invite someone, you represent that you have a legitimate reason to do so and that you have the implicit or explicit authorization from the invitee to do so and to provide us with their email, name and/or company name.

 

C.13 Customer Support. 

If you contact TeamShield Support, any personal data you may share with us is kept only for the purposes of researching the issue and contacting you about your case. Please bear in mind that, depending on the channel you used to contact support (for example: traditional email or chat), the information shared with support in this way will not be encrypted. Please do not share through these channels any information that you wish to remain encrypted.

In some paid plans (and at our discretion for other accounts, including free accounts), we might offer the option to set up a screen sharing session via a third party product (for example via Anydesk). This session is entirely optional and for the sole purpose of troubleshooting a problem that can not be resolved otherwise, and to provide further assistance to the user who needs it. In such a case, we will require your written consent by email or via a message in TeamShield prior to conducting such a session. Giving us your consent means that you authorize us to connect to your computer for the time needed for the troubleshooting session, and that you authorize us to view your computer’s screen. You agree and acknowledge that we will be able to see the content of your screen, therefore we ask that, prior to starting the session, you close any windows (of any program or browser) that may contain confidential information and that you do not want us to see - we too do not want to view any information that we do not need to see for the purpose of troubleshooting. In the process of troubleshooting, we will never ask you for your passphrase, and we will not be able to view or access the content of your files (Secured Content).

 

If you actively contact us by e-mail, by using the contact form or through a phone call, the personal data you provide will be collected and processed in order to deal with your request. This includes, in particular, your name and contact details (e-mail address, mobile phone number) as well as other information provided by you. When using our contact form, the data transmitted through it will be processed (e.g., name, company, e-mail address and the time of transmission) similarly.

The legal basis for this is Article 6.1.f of the GDPR. Our legitimate interest is in the processing of the request. If your contact is aimed at the conclusion or execution of a contract, this is based on the provision in Article 6.1.b of the GDPR.

We delete the data accruing in the context of customer support once the storage is no longer necessary, or we restrict the processing in case of statutory retention obligations.

Please be aware that the online support chat is not encrypted and not appropriate for certain things like security related topics or concerns.

 

 

C.14 Information you might publish on our blog or any comment on our social media posts.

Any information you include in a comment on our blog may be read, collected, and used by anyone. If your personal information appears on our blog and you want it removed, contact our marketing team.

Any information you include in a comment on any of our social media accounts and posts may be read, collected, and used by anyone. If your personal information appears and you want it removed, contact that specific social media platform, as we have no power or control over it.

We may initiate and/or maintain social media presences on LinkedIn, Twitter, Instagram, and other social networks, which you can access via the corresponding buttons on our Public Website and from some of our Services. If you visit any of these social networks websites or applications by clicking on any of the links that we provide, personal data may be transmitted to the provider of the social network. We urge you to be careful and to be aware that there is no expectation of privacy from these platforms. We can not guarantee that any action you take on these platforms will be private - we have no control nor responsibility over it.

We would like to point out that in this case user data is transmitted to a server in a third country and might therefore be processed outside the European Union. An appropriate level of protection for the transfer of data is ensured by the conclusion of the EU standard data protection clauses.

In addition to the storage of the data specifically entered by you in this social medium, the provider of the social network may also process further information. If you are logged in to the network with your personal user account while visiting the corresponding website, this network can assign the visit to this account. The purpose and scope of the data collection by the respective medium and the further processing of your data there, as well as your rights in this regard, can be found in the respective provisions of the respectively responsible party, e.g.:

• LinkedIn (https://www.linkedin.com/legal/privacy-policy)

• Twitter (https://twitter.com/en/privacy)
• Youtube/Google (https://policies.google.com/privacy)

• Facebook and Instagram (https://www.facebook.com/policies_center/ and https://privacycenter.instagram.com/)

• Xing (https://privacy.xing.com/en/privacy-policy)

Please note that the above links are provided for convenience only and we are not responsible neither for the corresponding privacy policy nor for updating the links should these providers change the urls of their respective policies. Please contact them directly for any inquiry.

C.15 EU GDPR (European Data Protection Law), UK GDPR, Swiss FDPA: transfer of personal data and use of service providers.

The EU GDPR protects the personal data of individuals in their “home territory” of the European Economic Area (from now on, the “EEA”). The EU GDPR governs any processing of their data “in the context of the activities of an establishment of a controller or a processor” in that home territory, as well as any processing by a controller or processor located outside the home territory. Personal data relating to EEA subjects can only be transferred to a foreign country (aka a “third country”) if an appropriate level of data protection can be ensured there, and only if appropriate protection in that third country is ensured via specifically prescribed transfer solutions.

The UK GDPR and Swiss FDPA each impose similar restrictions related to their respective home territories. From now on, we will refer to the EU GDPR, UK GDPR and Swiss FDPA as “European Data Protection Laws”.

Transfers to third countries are generally restricted, however transfers to adequate countries are permitted if there is a formal decision by the relevant regulatory authority that an adequate level of protection is ensured by a third country, for example, in the case of EU GDPR:   Switzerland, UK, Canada (commercial organizations only) New Zealand, etc;

If personal data is transferred to a country (or entity) deemed adequate under applicable European Data Protection Law, no additional transfer solution is needed, as the transfer will already comply with applicable transfer rules under European Data Protection Law.

For example, transferring data (of a commercial organization) between Germany and Canada is adequate under EU GDPR because Canada has received an Adequacy decision (https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en). However, in order to transfer personal data from EEA to the United States, a transfer solution is required because the United States has not yet received an adequacy decision from the EU.

An alternative, in the absence of an adequacy decision, the European privacy laws permit the use of Standard Contractual Clauses for EEA/UK/Swiss personal data transferred to third countries.

In the case of our use of Google Cloud Services, we have certified that our use of Google Cloud services is subject to European Data Protection Laws (because we offer services to EEA, UK and Swiss residents. As a controller of Customer Personal Data under the EU GDPR, the EU C2P SCCs applies to our relationship with Google as a service provider when transferring Customer Personal Data to the legal Google entity with whom our Google service provider relationship is established, in our case Google LLC. As a processor of data, the EU P2P SCCs apply. Regarding Personal Data under the UK GDPR, the SCCS as amended via the UK Addendum, apply. By certifying to Google that our use of Google Cloud services is subject to European Data Protection Laws, we have automatically entered all the appropriate SCCs with our Google service provider.

We have also voluntarily taken additional supplementary measures to protect data, such as end-to-end encryption of Secure Content, and whenever possible, encryption of metadata. 

It’s also important that when users sign up, we use a combination of techniques to determine whether they are EU subjects or not (and in some cases we ask them to confirm). Based on this determination, it is important to note that all data belonging to EU subjects is stored in data centers located in Europe and it’s the case of all their data as long as they only interact with other users who are also EU subjects.

TeamShield is the Data Controller in reference to the GDPR. TeamShield, and the processors or sub processors we may appoint in specific cases (such as hosting services, payment processors), are the Data Processors in reference to the GDPR.

During the signup process, we employ various means in order to determine on a best effort basis whether you are a EU subject according to the GDPR, but you agree and acknowledge that you waive your rights under the EU GDPR if you try to conceal the fact that you are a EU subject, by any means such as for example (not an exhaustive list):

• by using a VPN to signup for TeamShield from an IP outside the EU, and/or
• by choosing another region of TeamShield (NOT the EU region) if prompted during the sign up process, and/or
• By any other means that might induce us in error (such as changing the time zone and language of your device and/or browser, etc).

EU subjects must use our Services on teamshield.ai/app/eu in order to benefit from the protection of the EU GDPR. Data of users using our EU-focused Services (teamshield.ai/app/eu) is stored in Europe, most of it in Belgium, home of some of the main European institutions, and with storage redundancy in other parts of the Europe Union.

C.16 Managing your information and settings. 

You can manage your personal information in TeamShield’s application Settings. For example, you can update your profile information such as your profile picture, and change your passphrase. There are a number of security and privacy features that you can choose to enable or disable in the settings section. If you need other changes to your personal information, you may contact our support team.

 

C.17 Succession event. 

In case TeamShield is ever involved in a merger, acquisition, or sale of all or a portion of our assets, you will be notified via email and/or a prominent notice on our Public Website and inside our app of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.

 

D) Information other users might have provided about you either before you become a user and/or as a recipient who is not a user

 

D.1 Invitations to become a user.

 

As indicated in the Invitations section, if you have been invited and received an email invitation from us on behalf of one of our users, and in case you disagree with it, we encourage you to let us know immediately as we strongly condemn any abuse of our system and wish to respect your privacy.

 

If you received an invitation from another company or individual via TeamShield, and you do not wish to accept the invitation, you have the right to request that we delete the invitation and the associated metadata (especially: your email address, and if also provided to us: your name and the name of your company). Upon receiving your instructions via email (to our support team) we may if you so desire delete all data related to you that has been provided to us (email in all cases; name and/or company name in some other cases) and we may also take action against the offending user.

 

D.2 Secured Content sent to you as an external recipient (not registered).

 

If you are an external recipient you agree that we will keep some data after your first visit / first reception of a message /file in order to facilitate your access to the information shared with you at a later date and /or in case you later receive more files /messages from the same sender or from other senders, and that we might contact you to offer you a fully fledged account - giving you the possibility to opt out at any point and to delete you data.

 

 

E) Information we may share (as little as possible!)

 

We work with third parties to provide some of our Services. For example, our Third-Party Providers send a verification code to your phone number when you register for our Services (and subsequently at sign-in) when the 2FA (two-factor authentication) is enabled. Each provider is a data subprocessor that processes a different category of data - we never share, and thus they never store data outside of the scope of their specific purpose. Notably, our providers do not store identifiable data in relation with the general day-to-day use of your account and our Services, which is exclusively processed by TeamShield. These third parties cannot see your actual Secure Content, which remains encrypted. These providers are bound by their Privacy Policies to safeguard that information, and we take special care in providing only the minimum information possible needed to provide you with the relevant service, such as sending the 2FA code, adhering to strict need-to-know only rules. We do not in any circumstances and for any purpose share any of your personal information with any social media or marketing company, in particular we have no association with Facebook, YouTube, and similar companies, and we do not use Google Analytics. 

Other instances where TeamShield may need to share your data:

• To meet any applicable law, regulation, legal process or enforceable governmental request.
• To enforce applicable Terms, including investigation of potential violations.
• To detect, prevent, or otherwise address fraud, security, or technical issues.
• To protect against harm to the rights, property, or safety of TeamShield, our users, or the public as required or permitted by law.

However, as stated above, TeamShield would have no possibility of sharing any of the messages or files exchanged using TeamShield in an exploitable manner, since we do not have any access at any point to the passphrase that protects the user’s account. Without that passphrase it is impossible to decrypt any message or file.

Currently, our Service Providers include:

• Authy (Twilio) for 2FA authentication code
• Firebase for Oauth and database purposes
• Google Cloud Platform and/or AWS for firewall (WAF), backend infrastructure and for encrypted-only Secured Content storage
• Zepto for transactional emails
• CloudFlare for security (WAF, DDoS prevention, etc), caching, DNS
• Stripe for payment processing (“Provide services in relation with the processing of payment data” (section 2.6))
• Hubspot for hosting parts of our Public Website, CRM and other customer and prospect-focused tools, pages, communications and activities.
• GeoPlugin for security purposes
• Matomo for some anonymized analytics.

We take extra precautions in providing only the strictly necessary data to each of these providers and in the specific context of the action/event relevant to the use of our Services and to fulfill our obligations to you and provide our Services, and all of these providers are GDPR compliant.

GCP and AWS never have access to any Secured Content in any exploitable form, it has always been encrypted in a way that they can not decrypt it.

We take extra security measures (some of which are detailed on the security page of our Public Website), such as using completely segregated infrastructures and splitting some encryption materials between several completely separate, segregated infrastructure, so that even a compromise of our provider’s data center/infrastructure, a compromise of one of our account at that provider, will not provide any useful encryption material to an attacker.

Moreover, even if a hacker had been able to hack all our accounts at all providers, the encryption material stored remotely that they would have been potentially able to reassemble, would still not be enough to decrypt any Secured Content.

In addition to Matomo being a much more privacy-oriented alternative to google analytics, we do some additional custom anonymization on the client side beyond what they already offer before sending out any data.

Cloudflare: http requests are directed through Cloudflare that provides dns services and we don't control the routing of the encrypted (https) traffic. We make sure we encrypt payload and obfuscate as much as possible any metadata prior to leaving the user’s device. Please note that there are 2 separate encryption processes: the transport channel https (TLS) encryption, and ours (which is itself composed of multi-layered encryption processes) and that Cloudflare has no control over nor access to.

Zetpo: We use Zepto as a 3rd party email service provider to which, for the sole purpose of sending email notifications, we pass a) in the case of a user: the user email, name (and avatar or at least avatar url), and b) in the casse of an external recipient: their email address only.

In the future, we might use a customer support platform, in which case we will update this Privacy Policy accordingly.

In the future, we might use a CRM platform, in which case we will update this Privacy Policy accordingly.

In the future, we might use a service provider to send commercial/marketing email, in which case we will update this Privacy Policy accordingly.

 

F) How we may contact you and in what circumstances

 

As noted in section 1.3 of our Terms of Service, in order to create an account you must register for our Services using your email address (and optionally for 2FA, your phone number). You agree to receive email and text messages (from us or our third-party providers) with confirmation links or verification codes to register for our Services. These are known as transactional emails and are essential in order to use our Services. They can not be disabled. Similarly, other transactional emails such as for the purposes of resetting your passphrase or other security notifications can not be disabled for your own security, and to make sure that we can provide you with our Services - you can read more about transactional emails in the above mentioned section of our Terms of Service.

By accepting our Terms of Service and Privacy Policy, you also agree to receiving the following communications from us:

• Information about how to use certain features, tips and tutorials to improve your user experience
• Information about promotional offers and new services (you can disable these at any time in your TeamShield settings)
• If you are a non-registered recipient (i.e. at least one of our users sent you a message or file which you can access on teamshield.ai/temporary), we may offer you or invite you to register so that you can enjoy the benefits of a full-fledged account.

We may also contact you in order to provide you with support, either in response to an inquiry or request from you, or, in case you opted in for our “help us improve program”, in case we detected a technical issue that may be impacting your account.

We may also contact you proactively or reactively for any security-related issue.

Any other non-transactional and non-support/security related communication originating from us will require you to first opt-in (for example, if you sign-up for a newsletter).

All of the above-mentioned communications shall be conducted either via email, in-app message from one of our official accounts, or via in-app chat widget.

In case 2FA by phone number is activated on your account, we will not use the phone number associated with your account to contact you, except if you allow us to do so, or if there is a security concern with your account.

For the accounts on which phone support is enabled, we may contact you, at your request, on the phone number you (and/or an Organizational Admin if you belong to an Organization) would provide to us.

 

G) Your Rights Regarding the Personal Data You Provide to Us

 

Under applicable data protection legislation, in certain circumstances, you have rights concerning your personal data. You have a right to: (1) request a copy of all your personal data that we store and to transmit that copy to another data controller; (2) delete (see section 10 below) or amend your personal data; (3) restrict, or object to, the processing of your personal data; (4) correct any inaccurate or incomplete personal data we hold on you; and (5) lodge a complaint with national data protection authorities regarding our processing of your personal data.

If you wish to exercise any of these rights, kindly contact us at using the contacts provided in section 7.3 Privacy-related contact of our Terms of Service.

 

H) Deleting your account, your personal data and your content

If you would like to delete your account, you can do this by contacting our support team (see section 7.2 of our Terms of Service) and writing to us using the same email address that your account is connected to. This action must be confirmed via your TeamShield account and cannot be undone. Deleting your account removes from our live systems all documents, media, contacts and every other piece of data that you stored in TeamShield online drive, to the exception that those documents which you previously shared with others and have not decided to unshare prior to requesting the deletion of your account. Some metadata and personal data about your account will also be kept as it has been shared with others with whom you previously interacted or were a mutual contact of, as detailed in section 1.3 above. For example, a copy of your encrypted message history with a specific recipient will stay on the server as part of your recipient's message history. As soon as your recipient deletes their account too, it's gone forever. Until then, the conversation history view of any thread you participated in might display an indication next to your TeamShield name and/or email address such as “deactivated” or “deleted”.

As a remainder, all messages and files are encrypted in ways that even when stored on our servers to ensure synchronization with your devices and that of your recipients, TeamShield has no way to read them.

If all participants in a conversation you participated in, request to delete their account, then all information related to said conversations will be completely deleted from our live systems. Similarly, any document that you shared via the drive and didn’t unshare prior to deleting your account, will be deleted if all the people you shared it with also request to delete their account.

When closing your account a few pieces of metadata (as listed above) are not deleted but they are encrypted in a way that we don't have access to them: only your recipients and contacts can see them so that they can continue using the app (ex: someone whom you wrote to previously would still see the name and email you used previously in the application - same as what happens with old emails you sent to someone, but with a mention specifying that your account has been deleted, and they will no longer be able to contact you as a user. They would only be able to send to you as an external recipient.

For security purposes and to prevent any impersonator from attempting to illegitimately delete your account, we will validate that your deletion request was really originated by you. Once validation is done and before we proceed with the deletion, we will remind you that you can unshare all documents before deleting your account, so that you can rest assured that, once your account is deleted, no document will remain available to others via TeamShield drive if you choose so.

If your account was created at the request of a company, the company retains ownership of the account and might be required to approve the deletion request. It might also choose to simply request us to cut your access and deactivate the account, while it may choose to retain access to the information your account contained for business continuity purposes or other data retention requirements. This is similar to corporate email addresses and corporate online drives, whose content and data remains the corporation’s property even after the employee’s departure. Even if you don’t request your account to be deleted, the company that provided you with this account might at any time decide to request us to cut your access, deactivate or delete your account.

If you stop using TeamShield for an extended period, your account will be deleted automatically without the need for you to request it. We reserve the right to close accounts for inactivity after three months (we typically will send a reminder in-app or by email prior to deletion. You just need to login again to keep your account active).

For the purposes of disaster recovery and data availability requirements, TeamShield has a legitimate interest in maintaining secure and immutable backups. Backups are kept for a maximum of 1 year. Deletion requests and automatic deletions do not alter those backups.

Unless expressly stated otherwise within the scope of this privacy policy, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations, e.g., in the case of data that must be retained for reasons of commercial or tax law.

 

I) Disclosure

We will comply with applicable laws and regulations to provide Secured Content or Services-Related Data to law enforcement agencies. In such a case, please note that your Secured Content will remain encrypted in a way that we have no way to decrypt it, and so we will only hand over Secured Content in encrypted form. If permitted, we will notify you of such a request and whether or not we have complied.

Some Services-Related Data of any members of an Organizational Account could be made available to the Administrator(s) of that specific Organizational Account.

 

J) Organizational Accounts

J.1 Organizational Accounts are Corporate Accounts and Family Accounts.

When self signing and purchasing a paid plan for more than one user directly from within our web app, by default the user who makes the purchase will be automatically assigned the role of Administrator for that group of users he/she purchases licenses for, whether a Corporate Account or a Family Account. The Admin may at any point contact support in order to add an Administrator or to pass on the role of Administrator to another user in their Organization, in which case the new Administrator needs to confirm that they accept the role before the transfer of role becomes effective. Until then the original Administrator remains as Administrator.

When purchasing licenses via an interaction with our sales team, our invoice will typically mention the name of the Administrator whom your Organization has indicated to us, or the Organization might inform us of their choice of Administrator(s) in writing at a later date, either via email or via an in-app message. This Administrator will need to agree to our Terms of Service and Privacy Policy upon signing up (whether this person signs up before or after the invoice issuance). By accepting the terms or by signing-in after having been designated as an Administrator for their Organization, the person represents and certifies that they have the necessary authority within their Organization or got the relevant approval by their hierarchy in order to act as or be designated as the Administrator as described in these Terms of Service / Privacy Policy.

 

J.2 Corporate Guest Accounts.

Our Corporate Accounts clients can enjoy the extra benefit of being provided Guest accounts for their own clients, providers, partners, etc. Depending on the Corporate Account subscription, these plans might have different characteristics than a typical account. Depending on the number of TeamShield licenses provided to the specific client of a TeamShield Corporate client (from now on, “client of client”), there will be either an Administrator designated at the client of client, or an Administrator or Non-Admin member of the client might fill this role. In the former case, the Administrator for the client of client company might be initially designated by our client, but can later be updated both by our client and by the client of client.

Requests to delete an account can come both from our client or from the client of client.

If you are the Administrator of a client of client (and your Organization has guest accounts that were provided at no cost, you agree to being contacted by us, either automatically or by a human, in order to offer you to expand your usage of TeamShield to the other employees or collaborators of your Organization that have not been invited by our client - and if you are an Administrator of our client you also aknowledge and agree to the above.

 

K) Managed Private Cloud

 

If your Organization contracts our Managed Private Cloud modality, you will have more controls, and some tailored Terms of Service and Privacy Policy can apply to your Organization and your users.

Please contact sales in order to get a Managed Private Cloud set up and configured for your organization, and to get more information about the specific Terms and Privacy policy that would apply.

 

L) Terms

Please also read our Terms which also governs the terms of this Privacy Policy.

 

M) Contact Us

If you have questions specifically about our Privacy Policy please contact us at dpo@teamshield.ai.

For all other contact requests or topics, please see the section 7 (Contacts) of our Terms of Service, which list a number of contacts and channels depending on the topic of your request.

N) Updates to Privacy Policy

We will update this privacy policy as needed so that it is current, accurate, and as clear as possible. Your continued use of our Services confirms your acceptance of our updated Privacy Policy.

A reference to each update, including the date of such update and which section was modified or a brief summary of the main modifications, will be listed here.

Updates list: 

- 2025-09-09: in order to reflect the launch of our new Public Website (www.teamshield.ai) now hosted on a third party, this policy was updated with new information on the associated necessary and optional cookies and consent banner. Sections updated are mainly the introduction, C.9, E, N. 

Privacy Policy - Effective as of July 5th, 2023

Privacy Policy - Last Modified date: September 9th, 2025