Privacy Policy

Shield (referred to here as "Shield", "we", or "the service") is a communications and notifications service that connects people who need help to their personal contacts and to other Shield users nearby who have opted in to receive alerts. The service is operated from Israel and is directed primarily at Israeli residents and visitors.

Important: Shield is not an emergency service, is not a substitute for calling the official emergency numbers (100, 101, or 102 in Israel), and is not a police, ambulance, or any other official agency. In a real emergency, always call the official emergency services directly first.

This Privacy Policy explains what personal information we collect, why we collect it, with whom it is shared, and how to exercise the rights available to you under the Israeli Privacy Protection Law, 5741-1981, including Amendment 13 which entered into force in August 2025 (the "Privacy Law").

The service is operated and controlled by Shield (the "controller"). [OPERATOR_BLOCK: the controller's full registered name, registration number, registered address and phone will be filled in here before public launch.]

For any privacy-related inquiry — including exercising your rights under the Privacy Law, contacting the controller and the privacy contact person, or reporting issues and suspected security incidents — use our contact page.

You can reach our privacy contact through our contact page (select topic: "Privacy"). Inquiries are answered within a reasonable time and no later than 30 days from receipt.

• Controller — the entity that determines the purposes and means of data processing (Shield).
• Holder / processor — an external service provider that processes data on behalf of the controller under its instructions (e.g., a database infrastructure provider).
• Personal information — any data that identifies a person, or by which a person can be identified, including online identifiers and location data.
• Information of heightened sensitivity — data the law or the regulator marks as requiring elevated protection. We treat continuous and precise location data as elevated-sensitivity, even though it is not within the narrow statutory definition.

Shield, by its nature, collects precise location data continuously. Although location is not classified as "information of special sensitivity" in the narrow statutory definition, we treat it as information of heightened sensitivity and apply our highest controls around it: row-level access control in the database, encryption at rest and in transit, recipient minimization, and limited retention periods.

The app samples your location even while running in the background and even when the screen is locked. Technically this is the "Always Allow Location" permission on iOS or "Allow all the time" on Android. The permission is required so you can request help even when the device is locked in your pocket or bag, and so responders can see your location during an incident.

You may revoke or narrow the location permission at any time via your operating system settings — but doing so will disable substantial parts of the service, and SOS incidents you trigger may not transmit your correct location to your contacts or to nearby users.

We collect information for the following purposes:

• Service provision — to enable you to trigger SOS incidents, summon help, communicate with circle members and responders, and receive alerts about nearby incidents. Legal basis: performance of the service you requested, and your express consent.
• Service security — preventing abuse, detecting issues, and investigating security incidents. Legal basis: legitimate interest of the controller.
• Service improvement — basic usage measurement, bug detection, and quality review. Legal basis: legitimate interest, and where required — your consent.
• Communication with waitlist registrants — only to notify you of the service launch, and for no other purpose. Legal basis: your express consent at registration.
• Compliance with legal obligations — response to demands from competent authorities and court orders. Legal basis: legal obligation.

In accordance with §11 of the Privacy Law, we inform you:

• Mandatory or voluntary? — Provision of information is voluntary. You are not legally required to provide it.
• Consequences of non-provision — Without essential information (account identifiers, location, contacts), we will not be able to provide you with the service, in whole or in part.
• Purposes of use — As described in "Purposes of processing" above.
• To whom information will be transferred — As described in "With whom information is shared" below.
• Your rights — As detailed in "Your rights" below.

Your consent to the processing of information is given when you create an account, when you accept the Terms of Service, and when you grant operating-system permissions (location, notifications, camera, photos). We record the version of the documents you accepted and the time of acceptance.

You may withdraw consent at any time by: revoking operating-system permissions, deleting specific content in the app, or deleting your account (see "Account deletion" below). Withdrawal of consent does not affect the legality of processing carried out before it.

Some of our service providers store data on servers in Europe (Germany). This transfer is performed in accordance with the Privacy Protection (Transfer of Data Abroad) Regulations, 5761-2001, and in light of the mutual adequacy decision between the European Commission and Israel. Each such provider is contractually obligated to maintain data security, process data only on our instructions, and maintain a level of protection commensurate with the Privacy Law.

We operate at a high level of security as required by the Privacy Protection (Information Security) Regulations, 5777-2017, including: transport-layer encryption (HTTPS/TLS), encryption at rest in the database, row-level isolation (Row-Level Security), least-privilege access, anomaly monitoring, encrypted backups, and periodic security audits.

However, no system is 100% secure. We cannot guarantee absolute immunity against every possible security threat.

In the event of a severe information-security incident that impairs or could impair users' rights, we commit to report it without delay to the Privacy Protection Authority and act in accordance with its guidance. When the Privacy Protection Authority directs, or when we otherwise consider it appropriate, we will also notify users who may be affected by the incident directly.

We retain data for the following periods:

• Waitlist — until you migrate to an active account, or for up to 12 months if you do not join the app, after which the data is automatically deleted.
• Active user account — for as long as the account is active and you have not requested deletion.
• Direct chat messages and attached photos — automatically deleted 24 hours after sending. Not retained on our servers beyond that window.
• Stories — automatically deleted 24 hours after publication.
• SOS incident records and incident chat — up to 90 days after incident resolution. Recipient logs retained for the same period.
• Automated backups — up to 90 days, then permanently deleted.
• Technical logs — up to 30 days, after which only aggregated, non-identifying data is retained.

Retention periods may be extended if required to comply with a legal obligation or for legal defense in pending disputes.

Under the Privacy Law you have the following rights:

• Right of access (§13) — to know what information is held about you.
• Right of correction (§14) — to request correction of inaccurate or outdated information.
• Right of deletion — to request deletion of your account and the data associated with it (see "Account deletion" below).
• Right to withdraw consent — at any time, without need for justification. Withdrawal does not affect the legality of processing performed before it.
• Right to opt out of marketing — under §30A of the Communications Law (the Spam Law), we are required to remove you from our mailing list within 30 days of your request. Removal is available via the link in any of our messages, via myshield.live/unsubscribe, or via our contact page.
• Right to complain — a privacy complaint may be filed with the Privacy Protection Authority, Ministry of Justice, P.O.B. 1087, Jerusalem 9101001, or via the Authority's website at gov.il.

To exercise rights, use our contact page and include a description of the request and basic identifying details. We will endeavor to respond within 30 days. Requests under the Privacy Law should be marked explicitly in the subject of the inquiry.

The service is intended for users 13 years of age and older. A parent or legal guardian who opens a Shield account for a minor, or who allows a minor to open an account, accepts full and unconditional responsibility for the minor's use of the service, for the processing of the minor's personal information, and for consenting to these terms and to this Privacy Policy — on their own behalf and on behalf of the minor.

Our marketing site (myshield.live) does not set tracking cookies and does not run third-party advertising or marketing-analytics tools. We do not use Google Analytics, advertising pixels, or tracking networks.

We do use a minimal first-party measurement tool from our hosting provider (Vercel Analytics) to count waitlist signups in aggregate. The tool sets no cookies, does not identify individual users, and collects no personal identifiers — it only records a "waitlist_join" event with the city name.

The app stores operational data on the device locally (the session token, language preference, and settings) — not for tracking purposes.

You may request account deletion from within the app: Settings → Account → Delete Account. After your request is confirmed:

• The account is soft-deleted and substantially removed from the service immediately.
• You may cancel the request within 7 days by signing back into the account.
• After 30 days, the account, contacts, incident history, and profile settings are permanently deleted.
• Some information may remain in automated backups for up to 90 additional days, after which it is also permanently deleted.
• Technical records related to incidents that involved other users (such as recipient logs) may be retained in anonymized form for system audit and security purposes.

We do not perform automated decision-making that produces legal or similarly significant effects on you, and we do not engage in profiling for marketing or scoring purposes. The geographic matching of alerts ("who is nearby") is a purely technical distance computation, with no creation of a personality or behavioral profile.

We may update the Privacy Policy from time to time. Material changes will be notified to users at least 30 days in advance via email, in-app notice, or a prominent notice on the site. Continued use of the service after the change takes effect constitutes acceptance of the update.

The last-updated date appears at the top of this document.

This Privacy Policy is governed solely by Israeli law. Exclusive jurisdiction over any dispute relating to it is vested in the competent court of Tel Aviv-Yafo.

This document is signed in Hebrew. Any translation into English or any other language is provided for your convenience only. In case of any inconsistency between versions, the Hebrew version controls.

For any privacy-related inquiry, exercise of rights, or other questions, use our contact page.