← SHIELDBRIEF

Privacy Policy

Last Updated: April 15, 2026

HexWarden Labs LLC (“Company,” “we,” “us,” or “our”), a Colorado limited liability company, operates ShieldBrief at shield-brief.io (the “Service”). This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our Service.

1. Information We Collect

1.1 Information You Provide

  • Scan Submissions: When you request a free or subscribed scan, we collect the website URL you submit and the email address associated with the request.
  • Account Information: When you create a subscriber account, we collect your name, email address, billing address, and authentication credentials.
  • Billing Information: Payment information is collected and processed by Stripe. We do not store full credit card numbers on our servers.
  • Communications: If you contact us, we collect the contents of your messages.

1.2 Information We Generate

  • Scan Results: Accessibility scan output for URLs you submit, including rule violations, WCAG mappings, affected HTML selectors, and AI-generated remediation notes. Scan output for publicly accessible pages is retained per Section 4.
  • Usage Data: Pages viewed, features used, timestamps.
  • Device and Log Data: IP address, user agent, access times, referring URLs.

2. How We Use Your Information

  • Provide, maintain, and improve the Service.
  • Run accessibility scans against URLs you submit and deliver the resulting reports.
  • Process subscriptions and payments.
  • Send transactional communications (scan reports, account confirmations, billing receipts, service updates).
  • Send marketing communications where you have opted in. You may unsubscribe at any time.
  • Detect, prevent, and address fraud, abuse, or technical issues.
  • Comply with legal obligations.

3. How We Share Your Information

We do not sell your personal information. We may share it with:

  • Service Providers: Stripe (payments), Resend (email), Vercel (hosting), Supabase (database), and Anthropic (AI remediation generation). These providers are contractually obligated to use your information only as necessary to provide their services.
  • Legal Requirements: When required by law, regulation, legal process, or governmental request.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets.

4. Data Retention

We retain scan results and account data for as long as your account is active or as needed to provide the Service. If you close your account, we will delete or anonymize your personal information within 90 days, except where retention is required by law or for legitimate business purposes. Historical scan records may be retained longer to support your legal defense documentation.

5. Data Security

We implement reasonable technical and organizational measures to protect your information, including TLS in transit, encryption at rest for sensitive data, and role-based access controls. No method of transmission or storage is completely secure.

6. Your Rights

Depending on your jurisdiction, you may have the right to access, correct, delete, or export your personal information, and to opt out of marketing communications. To exercise these rights, email privacy@shield-brief.io. We will respond within 30 days.

7. State Privacy Rights

Residents of California (CCPA/CPRA), Colorado (CPA), Virginia, Connecticut, Utah, and other states with applicable privacy legislation may have additional rights. We do not sell personal information or engage in targeted advertising.

8. Scans of Third-Party Websites

When you submit a URL to ShieldBrief for scanning, we issue automated HTTP requests to that website as a publicly accessible visitor would. We do not bypass authentication, access non-public areas, or perform intrusive testing. You represent that you have the right to request scanning of any URL you submit. We are not responsible for scans you request against domains you do not own or control.

9. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via the Service or email. The “Last Updated” date at the top reflects the most recent revision.

11. Contact

HexWarden Labs LLC
Email: privacy@shield-brief.io