Vibe Shield
AI / IS Governance
 Back to site
Legal

Privacy Policy

Last updated · May 27, 2026

Vibe Shield ("we", "us") provides a continuous operational control plane for AI and information security governance. This policy explains what personal data we process, why, and the rights you have over it. It applies to vibeshield.aitwcloud.com and the Vibe Shield application.

1. Data we process

  • Account data — name, work email, role, and authentication identifiers.
  • Organization data — workspace metadata, members, RBAC assignments.
  • Operational data — telemetry submitted by sidecars and connectors: posture signals, evidence records, incidents, fairness/drift metrics, and cloud configuration findings.
  • Usage data — pages viewed, actions performed, IP, user-agent, and timing — used to operate, secure, and improve the service.
  • Support data — content of messages you send us.

2. Legal bases (GDPR)

We rely on contract necessity (Art. 6(1)(b)) to deliver the service, legitimate interests (Art. 6(1)(f)) to secure and improve the service, and consent (Art. 6(1)(a)) where required (e.g. optional analytics).

3. How we use data

  • Provide live posture, evidence, and incident features.
  • Authenticate users and enforce RBAC.
  • Detect abuse, fraud, and security incidents.
  • Communicate about the service (transactional emails).

4. Subprocessors

We use a small set of vetted subprocessors for hosting, database, authentication, email, and observability. A current list is available on request via dpo@vibeshield.aitwcloud.com.

5. Retention

Operational telemetry is retained per your workspace's configured policy (default 13 months). Account data is retained while your account is active and deleted within 30 days of termination, subject to legal hold.

6. International transfers

Where data leaves the EEA / UK we rely on the European Commission's Standard Contractual Clauses and the UK IDTA, with supplementary technical measures (encryption in transit and at rest).

7. Your rights

You may access, rectify, erase, restrict, port, or object to processing of your personal data. Contact dpo@vibeshield.aitwcloud.com. You may lodge a complaint with your local supervisory authority.

8. Security

We operate under SOC 2 and ISO 27001 aligned controls — encryption, least-privilege access, audit logging, tamper-evident evidence, and 24/7 monitoring. Report vulnerabilities to security@vibeshield.aitwcloud.com.

9. Changes

Material changes will be notified via in-app banner and email at least 30 days before they take effect.