Legal
Privacy Policy
Effective date: January 1, 2026 · Last updated: March 24, 2026
GitShield Advisory Group ("GitShield," "we," "us," or "our") is committed to protecting the privacy and security of the individuals and organizations that interact with our services. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you visit our website, use our platform, or engage with our services.
1. Information We Collect
1.1 Information You Provide
When you interact with GitShield, we may collect information that you voluntarily provide, including:
- Contact information (name, email address, phone number, job title)
- Organizational information (company name, industry, size)
- Communication content (emails, form submissions, support inquiries)
- Engagement preferences and access credentials for our client portal
1.2 Information Collected Automatically
When you access our website or services, we may automatically collect:
- Device and browser information (IP address, browser type, operating system)
- Usage data (pages visited, time spent, referral sources)
- Cookies and similar tracking technologies
1.3 Open Source Intelligence (OSINT) Data
GitShield's core services involve the collection and analysis of publicly accessible information from the global internet. This data is sourced exclusively from the public domain and includes publicly committed code repositories, exposed configuration files, and other openly available digital assets. We do not access private systems, networks, or data stores. All intelligence gathered through our platform is limited to information that is already publicly accessible.
2. How We Use Your Information
We use the information we collect to:
- Provide, operate, and improve our services
- Communicate with you about assessments, findings, and engagement opportunities
- Generate threat intelligence reports and security assessments
- Process transactions and manage client relationships
- Comply with legal obligations and enforce our agreements
- Analyze usage patterns to improve our website and platform
3. Legal Basis for Processing
We process personal data based on the following legal grounds:
- Legitimate interest: To provide security intelligence services that protect organizations from publicly exposed vulnerabilities
- Contractual necessity: To fulfill our obligations under client engagement agreements
- Consent: Where you have explicitly consented to specific data processing activities
- Legal obligation: To comply with applicable laws and regulations
4. Data Sharing and Disclosure
We do not sell your personal information. We may share information in the following circumstances:
- With your organization: Assessment findings are shared with authorized representatives of the assessed organization
- Service providers: We may engage trusted third-party vendors who assist in operating our services, subject to strict confidentiality agreements
- Legal requirements: When required by law, subpoena, court order, or government request
- Business transfers: In connection with a merger, acquisition, or sale of assets
5. Data Security
We implement industry-standard technical and organizational measures to protect the information we process. These include encryption in transit and at rest, access controls, regular security assessments, and employee training. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.
6. Data Retention
We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements. Client engagement data is retained for the duration of the engagement plus any period required by applicable law. You may request deletion of your personal data at any time by contacting us.
7. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Right to access your personal data
- Right to rectification of inaccurate data
- Right to erasure ("right to be forgotten")
- Right to restrict processing
- Right to data portability
- Right to object to processing
- Right to withdraw consent at any time
To exercise any of these rights, please contact us at sales@gitshield.io.
8. International Data Transfers
GitShield operates globally. If you are located outside of the United States, please be aware that information we collect may be transferred to, stored, and processed in the United States or other jurisdictions where our service providers operate. We take appropriate safeguards to ensure that your personal data is treated securely and in accordance with this Privacy Policy.
9. Cookies
Our website uses minimal cookies to ensure basic functionality. We do not use third-party advertising cookies. You may disable cookies in your browser settings, though this may affect certain website features.
10. Children's Privacy
Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child, we will take steps to delete that information promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will notify you of any material changes by posting the updated policy on our website with a revised effective date. Your continued use of our services after such changes constitutes acceptance of the updated policy.
12. Contact Us
If you have questions or concerns about this Privacy Policy or our data practices, please contact us:
GitShield Advisory Group
Email: sales@gitshield.io