Trust & security

ShieldBot is a security product — we hold ourselves to the bar we enforce for you. Here's exactly what we do with your data.

What we store
  • ·Verdicts (allow / warn / block)
  • ·Finding types & categories
  • ·SHA-256 hash of the input
  • ·Truncated, already-redacted excerpt
  • ·Token counts, latency, model name
What we never store
  • ·Raw prompt text (unless you opt in, per key)
  • ·Raw model responses
  • ·Your upstream provider API keys in plaintext
  • ·Anything we'd sell or train on

Encryption

Upstream provider keys are AES-256-GCM encrypted at rest (GCP KMS on the enterprise tier). All traffic is TLS 1.2+. The self-host engine keeps everything on your machine — nothing leaves.

Data residency & self-host

Run the managed gateway, or drop the open-source single-binary engine on an air-gapped VM. No Python, no Docker. Enterprise customers get dedicated, region-pinned runtimes.

Access control

Firebase-backed auth, per-key scoping, role-based access (owner / admin / member / viewer), and SSO (SAML / OIDC) on the enterprise tier. Every key action is recorded.

Deletion

Delete a key to stop all use immediately. Delete your account from Settings to remove your profile. Scan history honors your configured retention window.

Coverage you can audit

Full OWASP LLM Top 10 runtime coverage, with live mappings to NIST AI RMF, MITRE ATLAS, and the EU AI Act — every control backed by queryable trace evidence in your dashboard.

See the coverage matrix →

Security questions or a vendor review? Reach the team from your dashboard. SOC 2 / ISO 27001 in progress.