Privacy Policy

Last Updated: January 18, 2026

Effective Date: January 18, 2026

1. Introduction
Sankofa Shield ("we," "us," or "our") is committed to protecting your privacy and ensuring the security of your personal information.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our data privacy automation platform. We comply with the California Consumer Privacy Act (CCPA), the General Data Protection Regulation (GDPR), and other applicable privacy laws.

By using Sankofa Shield, you consent to the data practices described in this policy.

2. Information We Collect

2.1 Personal Information You Provide

  • Account Information: Name, email address, phone number, and authentication credentials
  • Golden Record Data: Full name, email, phone, physical address, date of birth, and other personal identifiers you choose to store
  • Payment Information: Billing details processed securely through Stripe (we do not store full credit card numbers)
  • Communications: Messages you send through our contact forms or support channels

2.2 Automatically Collected Information

  • Usage Data: Pages visited, features used, time spent on platform, and interaction patterns
  • Device Information: IP address, browser type, operating system, and device identifiers
  • Cookies and Tracking: Session cookies for authentication and analytics cookies for platform improvement
  • Audit Logs: Security-related events including login attempts, data exports, and deletion requests

2.3 Third-Party Information

  • OAuth Providers: Basic profile information from Google, GitHub, or other authentication providers you choose
  • Data Broker Responses: Confirmation receipts and status updates from data brokers regarding deletion requests
3. How We Use Your Information
  • Service Delivery: Process deletion requests, manage your Golden Record, and automate data removal from brokers
  • Account Management: Authenticate users, manage subscriptions, and provide customer support
  • Platform Improvement: Analyze usage patterns to enhance features and user experience
  • Security: Detect fraud, prevent abuse, and protect against security threats
  • Legal Compliance: Fulfill legal obligations and respond to lawful requests from authorities
  • Communications: Send transactional emails (deletion confirmations, status updates) and optional marketing communications
4. Data Security

We implement industry-standard security measures to protect your personal information:

  • Encryption: AES-256-GCM encryption for Golden Record data at rest; TLS 1.3 for data in transit
  • Access Controls: Role-based access control (RBAC) limiting data access to authorized personnel only
  • Audit Logging: Comprehensive logging of all data access and modifications for security monitoring
  • Secure Infrastructure: Cloud-hosted infrastructure with regular security updates and vulnerability scanning
  • Rate Limiting: Protection against brute-force attacks and denial-of-service attempts
  • Security Headers: Implementation of CSP, HSTS, and other browser security features

While we strive to protect your information, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security but continuously work to improve our safeguards.

5. Data Sharing and Disclosure

We do not sell your personal information. We may share your data only in these limited circumstances:

  • Service Providers: Third-party vendors who assist with payment processing (Stripe), email delivery (SendGrid), and infrastructure hosting (AWS)
  • Data Brokers: Your personal information is shared with data brokers solely for the purpose of processing deletion requests on your behalf
  • Legal Requirements: When required by law, court order, or government regulation
  • Business Transfers: In the event of a merger, acquisition, or sale of assets (users will be notified)
  • Consent: With your explicit permission for any other purpose
6. Your Privacy Rights

CCPA Rights (California Residents)

  • Right to Know: Request disclosure of personal information collected, used, and shared
  • Right to Delete: Request deletion of your personal information (subject to legal exceptions)
  • Right to Opt-Out: Opt-out of the sale of personal information (we do not sell data)
  • Right to Non-Discrimination: Equal service regardless of privacy rights exercise

GDPR Rights (EU/EEA Residents)

  • Right to Access: Obtain confirmation and copies of your personal data
  • Right to Rectification: Correct inaccurate or incomplete personal data
  • Right to Erasure: Request deletion of your personal data ("right to be forgotten")
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Restrict Processing: Limit how we process your data in certain circumstances
  • Right to Withdraw Consent: Withdraw consent for data processing at any time

How to Exercise Your Rights

To exercise any of these rights, visit your Settings page or contact us at [email protected]. We will respond within 30 days (45 days for complex requests).

7. Data Retention
  • Active Accounts: Personal data retained while your account is active and for legitimate business purposes
  • Deletion Requests: Audit logs retained for 7 years for legal compliance; personal data deleted after request completion
  • Account Deletion: 30-day grace period before permanent deletion; backup copies removed within 90 days
  • Legal Holds: Data preserved longer if required by law, litigation, or regulatory investigation
8. Cookies and Tracking Technologies

We use cookies and similar technologies for:

  • Essential Cookies: Required for authentication and platform functionality
  • Analytics Cookies: Measure usage and improve user experience
  • Preference Cookies: Remember your settings and preferences

You can control cookies through your browser settings, but disabling essential cookies may affect platform functionality.

9. SMS Notifications and Opt-Out

Sankofa Shield offers optional SMS notifications to keep you informed about your privacy protection activities. By providing your phone number and verifying it, you consent to receive text messages from us.

SMS Notification Types

  • Scan Completion Alerts: Notifications when broker scans complete
  • Manual Intervention Alerts: Notifications when broker deletion requires your action
  • Verification Codes: One-time codes for phone number verification

How to Opt-Out of SMS Notifications

You can opt-out of SMS notifications at any time using any of these methods:

  • Reply STOP: Text "STOP" to any SMS from us to unsubscribe immediately
  • Settings Page: Toggle off "SMS Notifications" in your Settings page
  • Remove Phone Number: Delete your phone number from your account settings

After opting out, you will no longer receive SMS notifications. You may still receive critical account security alerts.

Message Frequency: Message frequency varies based on your activity. You may receive up to 10 messages per month.

Message & Data Rates: Standard message and data rates may apply from your mobile carrier.

SMS Provider: SMS notifications are delivered via Twilio. For Twilio's privacy policy, visit twilio.com/legal/privacy.

Support: For SMS-related questions, contact us at [email protected].

10. Children's Privacy

Sankofa Shield is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we discover that a child has provided personal information, we will delete it immediately. Parents or guardians who believe their child has provided information should contact us at [email protected].

11. International Data Transfers

Your information may be transferred to and processed in the United States or other countries where our service providers operate. We ensure adequate safeguards are in place through Standard Contractual Clauses (SCCs) and other approved transfer mechanisms under GDPR Article 46.

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. Material changes will be communicated via email or prominent notice on our platform. Continued use after changes constitutes acceptance of the updated policy.

13. Contact Us

For privacy-related questions, concerns, or requests, contact us at:

Email: [email protected]

Mail: Sankofa Shield, UBUNTU INTELLIGENCE, Detroit, MI

Data Protection Officer: Andrea Beauford

13. Regulatory Compliance

Sankofa Shield is committed to compliance with:

  • California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
  • General Data Protection Regulation (GDPR)
  • California Delete Act (SB 362)
  • Other applicable state and federal privacy laws

Created by Andrea Beauford | Owned by UBUNTU INTELLIGENCE