Privacy Policy

Velocity Ridge Holdings LLC (“ShieldPulse,” “we,” “us,” or “our”) operates the Sentinel by ShieldPulse platform at shieldpulse.io. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

1. Information We Collect

Account Information

When you create an account, we collect your name, email address, company name, and billing information. If you sign up for a paid plan, payment details are processed directly by Stripe and are never stored on our servers.

Backup Job Metadata

Sentinel connects to your backup vendor APIs using read-only credentials you provide. We collect backup job metadata only — job names, statuses, timestamps, device names, and error codes. We never access, download, or store your actual backup data. Our integration is strictly read-only; we cannot modify, delete, or create backup jobs in your environment.

Usage Analytics

We collect anonymized usage data such as pages visited, features used, and performance metrics to improve our product. We do not use third-party tracking pixels or advertising trackers.

2. How We Use Your Information

• To provide, maintain, and operate the Sentinel platform
• To process transactions and manage your subscription
• To send service-related notifications (alerts, status updates, billing receipts)
• To respond to support requests and communicate with you
• To improve our product, fix bugs, and develop new features
• To detect and prevent fraud, abuse, or security incidents

3. Data Storage & Security

Your data is stored in a Supabase-managed PostgreSQL database hosted on Amazon Web Services (AWS) infrastructure. All data is:

• Encrypted at rest using AES-256 encryption
• Encrypted in transit using TLS 1.3
• Access-controlled using Row-Level Security (RLS) policies ensuring tenants can only access their own data

We implement industry-standard security practices including secure credential storage, regular security reviews, and principle of least privilege for all system access.

4. Third-Party Services

We use the following third-party services to operate Sentinel. Each has its own privacy policy governing how they handle data:

• Stripe — Payment processing and subscription billing
• Resend — Transactional emails (alerts, notifications, receipts)
• Vercel — Application hosting and deployment
• Cloudflare — CDN, DNS, and DDoS protection
• Supabase — Database hosting and authentication

5. Read-Only API Credentials

When you connect a backup vendor (e.g., Acronis, Veeam, Datto), you provide API credentials with read-only access. These credentials are encrypted at rest and are used solely to retrieve backup job metadata. We never use these credentials to access, modify, or delete your actual backup data. You can revoke access at any time by removing the integration from your Sentinel dashboard.

6. Data Retention

• Active accounts: Your data is retained for as long as your account is active and as needed to provide you with the service.
• Account closure: Upon account deletion, all your data — including backup job metadata, account information, and API credentials — will be permanently deleted from our systems within 30 days.
• Billing records: We may retain minimal billing records as required by applicable tax and accounting laws.

7. Cookies

Sentinel uses minimal cookies strictly necessary for the service to function. We use a single authentication session cookie to keep you logged in. We do not use advertising cookies, tracking cookies, or third-party analytics cookies. No cookie banner is required because we do not perform any non-essential tracking.

8. Your Rights (GDPR & CCPA)

Depending on your location, you may have the following rights regarding your personal data:

• Right of access: Request a copy of the personal data we hold about you.
• Right to rectification: Request correction of inaccurate or incomplete data.
• Right to deletion: Request deletion of your personal data (“right to be forgotten”).
• Right to portability: Request your data in a structured, machine-readable format.
• Right to object: Object to processing of your data for certain purposes.
• Right to restrict processing: Request limitation of how we process your data.

California residents (CCPA): We do not sell your personal information. You have the right to know what data we collect, request deletion, and opt out of any future sale of personal information.

To exercise any of these rights, contact us at contact@shieldpulse.io. We will respond within 30 days.

9. Children's Privacy

Sentinel is a business-to-business service and is not directed at individuals under the age of 18. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on our website at least 30 days before changes take effect. Your continued use of Sentinel after changes become effective constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at: