Privacy Policy
1. Data Collection
Shadow AI collects minimal data necessary to protect your enterprise. This includes network telemetry (domains visited) and specific snippets of text identified as sensitive by your administrator's DLP rules. We do not store full conversation histories unless explicitly configured by your IT department.
2. Real-time Processing
Our agent performs the majority of scanning locally on the device (Edge Processing). Only metadata and violation alerts are transmitted to our secure cloud backend to minimize data exposure.
3. Regulatory Compliance
We are fully compliant with GDPR, CCPA, and the 2026 EU AI Act. Users have the right to request access to any logs containing their PII (Personally Identifiable Information) through their corporate administrator.
4. Data Security
All data in transit is encrypted using TLS 1.3, and all data at rest in our databases is protected with AES-256 encryption. We utilize hardware-level security modules to manage encryption keys.