AccessShieldAccessShield

Privacy Policy

Last updated: January 1, 2025

What we collect

Account data (name, email), payment data (via Stripe — we never store card numbers), stream metadata, viewer session fingerprint data (IP, browser fingerprint, device signals), biometric models for identity recognition (only when you use this feature and with your explicit consent attestation), usage analytics via PostHog, and error logs via Sentry.

How we use it

To provide the Service (stream protection, leak detection, DMCA filing), to calculate viewer risk scores, to detect leaks using fingerprint matching, to power the AI Security Agent with your account context, to send alerts and notifications you've configured, and to improve the platform.

Biometric data

AccessShield only collects biometric data (facial geometry) when you use the AI Identity Recognition feature and explicitly upload photos. This data is AES-256 encrypted, stored in isolated per-account storage on AWS S3, and is never sold, shared, or used for any purpose other than your account's leak detection. You may delete any identity model at any time from account settings, with permanent deletion within 24 hours.

Viewer fingerprint data

When you protect a stream with AccessShield, viewer fingerprint data (browser signals, canvas hash, IP, device type) is collected from your viewers to support leak attribution. You are responsible for informing your viewers about this collection in your stream's terms of service or privacy notice. AccessShield provides standard disclosure language in your account settings.

Data retention

Account data: retained for 30 days after account deletion. Stream fingerprints: retained per your plan's retention period (7–365 days). Viewer session data: retained per your plan's retention period. Biometric models: deleted on request within 24 hours, automatically deleted 30 days after account closure. AI conversation history: retained for 90 days.

Third-party services

We use Stripe for payments, Clerk for authentication, AWS S3 for storage, PostHog for analytics, Sentry for error monitoring, OpenAI for AI features, and Resend for email. Each has its own privacy policy governing their use of data.

Your rights

Depending on your location, you may have rights to access, correct, delete, or export your personal data. Contact privacy@accessshield.io to exercise these rights. We respond within 30 days.

Contact

Privacy questions: privacy@accessshield.io. Data protection officer: dpo@accessshield.io.

Privacy Policy — AccessShield | AccessShield