Skip to main content
ShieldStack
Book Risk Check

Privacy Policy

Effective May 2, 2026

ShieldStack ("we", "us") provides accessibility audit and remediation services for Shopify stores. This policy explains what data we collect, why, and what your rights are.

1. Data we collect

  • Contact info you provide: name, email, company name, store URL
  • Booking data via Cal.com when you book a Risk Check (name, email, time)
  • Payment data via Stripe when you purchase (we do not store credit card numbers; Stripe handles all payment data)
  • Audit data: we crawl your storefront's public pages and run accessibility scans
  • Communication: emails and chat messages between us, plus any notes from optional Risk Check sales calls

2. Why we collect it

  • To deliver the audit service you purchased
  • To communicate about your project
  • To bill and account for purchases
  • For legal and tax compliance

3. Third parties

  • Stripe (payment processing) β€” stripe.com/privacy
  • Google Workspace (email and calendar) β€” policies.google.com/privacy
  • Cal.com (booking) β€” cal.com/privacy
  • Vercel (website hosting) β€” vercel.com/legal/privacy-policy

We do not sell or share your data with marketing companies.

4. How long we keep data

  • Active client data: while the engagement is ongoing
  • Past clients: 7 years (Portuguese tax record retention)
  • Marketing leads who didn't convert: deleted after 12 months of no contact
  • Stripe transaction records: per Stripe's retention (7 years US tax law)

5. Your rights (GDPR and CCPA)

  • Access: request a copy of data we hold about you
  • Correction: ask us to correct inaccurate data
  • Deletion: ask us to delete your data (we will, unless legally required to retain it)
  • Portability: get your data in a machine-readable format
  • Opt-out of marketing: reply "unsubscribe" to any of our emails

Email hello@shieldstack.pro to exercise any of these rights.

6. Cookies

We do not use tracking or advertising cookies. Our website uses functional cookies only (none currently). No cookie banner is displayed because none is required for our use.

7. Cold outreach

We send cold emails to businesses that fit our target customer profile (Shopify stores, US, $1M-$25M revenue). All emails include an unsubscribe option per CAN-SPAM. We do not buy email lists.

8. Security

We use industry-standard security: HTTPS everywhere, password manager, 2FA on all admin accounts, encrypted backups.

9. Children

Our service is for businesses. We do not knowingly collect data from anyone under 18.

10. Changes

We may update this policy. Material changes will be notified via email to active clients. The effective date above will be updated.

11. Contact

ShieldStack
hello@shieldstack.pro
Operated from Portugal. Data controller: Bruno Ponce de LeΓ£o.