PersonaShield
Book a demoGet started

Privacy Policy

Last updated: 22 June 2026

Effective Date: 26 June 2026

PersonaShield Technologies Inc. d/b/a PersonaShield (“PersonaShield,” “we,” “us,” “our”) operates the PersonaShield platform and related services (the “Service”). This Privacy Policy describes how we collect, use, share, and protect personal information when you use our Service.

By accessing or using the Service, you agree to this Privacy Policy. If you do not agree, do not use the Service.

Table of Contents

1. Relationship to Other Agreements

This Privacy Policy works alongside two other agreements:

  • Terms of Service — Governs your use of the Service, including acceptable use, intellectual property, and liability.
  • Biometric Consent & Authorization — A separate, standalone agreement that governs the collection and processing of biometric data (facial reference media and derived facial data). You must agree to the Biometric Consent & Authorization before PersonaShield collects or processes any biometric data. This Privacy Policy summarizes our biometric data practices for completeness, but the Biometric Consent & Authorization controls in the event of any conflict.

2. Who This Policy Applies To

PersonaShield serves two types of users:

  • Protected Users: Public figures who register for the Service, verify their identity, upload facial reference media, configure safeguards, and authorize PersonaShield to submit takedown requests on their behalf.
  • Creators: Individuals who use PersonaShield’s AI image generation tools to create images of Protected Users within the safeguards those Protected Users have set. Creators may use the Service with or without an account.

This Privacy Policy applies to both Protected Users and Creators, as well as visitors to our website.

3. Data We Collect

3.1 Information You Provide

  • Account information. When you register, we collect your name, email address, username, and profile information.
  • Identity verification data. Protected Users provide government-issued identification and complete a liveness verification check during onboarding. Liveness verification confirms you are a real person (not a photo or video). We receive verification results from our identity verification provider.
  • Biometric data. Protected Users upload facial reference media (photos or video containing their face) and we generate derived facial data for identity verification and content matching. The collection and processing of biometric data is governed by the separate Biometric Consent & Authorization, which you must agree to before any biometric data is collected.
  • Safeguard preferences. Protected Users configure moderation policies that define what types of AI-generated content depicting their likeness are permitted or prohibited (e.g., no weapons, no nudity).
  • Payment information. If you subscribe to a paid plan, we collect billing information through our payment processor, Stripe. PersonaShield does not receive or store your full credit card number. We receive your Stripe customer identifier, subscription status, and billing contact details.
  • Communications. If you contact us at support@personashield.com, we collect the contents of your messages and any attachments.

3.2 Information We Collect from Third-Party Sources

  • Scraped content. For Protected Users, we collect images from public posts on X (Twitter) that may contain the Protected User’s likeness. For each image, we also collect associated post metadata, including the post identifier, post text, author username, author display name, image URL, and the date the post was published. We collect this content solely for the purpose of detecting potential violations of the Protected User’s safeguards.
  • Platform responses. When we submit takedown requests on behalf of a Protected User, we may receive response information from the platform, including the status of the request and any reasons for denial.

3.3 Information We Generate

  • Facial analysis results. We use AI models to compare scraped images against a Protected User’s facial reference media and generate similarity scores. We also generate content moderation labels (e.g., violence, nudity) and policy violation determinations for each analyzed image.
  • Generated images. When a Creator uses our image generation tools, we create AI-generated images based on the Creator’s text prompt and the target Protected User’s likeness. To improve likeness fidelity, PersonaShield may transmit up to three (3) of the target Protected User’s facial reference photos alongside the text prompt to our AI image generation provider. We store the generated image, the text prompt, the target Protected User’s identifier, and a creation timestamp.
  • Takedown evidence packets. For images that violate a Protected User’s safeguards, we compile evidence packets that may include: the Protected User’s verified identity and rights-registry link, the post URL and screenshot, the applicable safeguard policies, likeness similarity scores, and perceptual hashes.

3.4 Information Collected Automatically

  • Usage data. We collect information about how you interact with the Service, including features used, actions taken, timestamps, and API calls made.
  • Device and technical data. We collect your IP address, browser type and version, operating system, and device identifiers.
  • Cookies. We use essential cookies for session management and authentication. We use analytics cookies as described in Section 12. We do not currently use advertising or cross-site tracking cookies. If we introduce additional non-essential cookies in the future, we will update this Privacy Policy and provide appropriate notice and controls.

4. How We Use Your Data

We use personal information for the following purposes:

Providing the Service

  • Verifying Protected User identity and completing liveness checks
  • Matching scraped images against Protected User facial reference media to detect potential violations
  • Analyzing images for content moderation policy violations
  • Preparing and submitting takedown requests to platforms on behalf of Protected Users
  • Generating AI images based on Creator prompts within Protected User safeguards
  • Processing payments and managing subscriptions
  • Displaying takedown request status and violation history in the Protection Hub

Improving the Service

  • Reducing false positive rates in violation detection
  • Improving the accuracy of facial matching and content moderation
  • Developing new features and functionality

Safety and security

  • Detecting and preventing fraud, abuse, and violations of our Terms of Service
  • Enforcing prompt moderation and safeguard policies
  • Rate-limiting anonymous image generation

Communications

  • Sending service notifications, including takedown request updates and safeguard alerts
  • Responding to support requests
  • Notifying you of changes to our terms or policies

Legal compliance

  • Complying with applicable laws, regulations, and legal processes
  • Establishing, exercising, or defending legal claims

Operational improvement

In the course of providing the Service, PersonaShield generates aggregated and de-identified operational data, including historical takedown outcomes, violation determinations, detection accuracy metrics, and system performance data (collectively, “Operational Data”). Operational Data does not constitute Personal Data and is owned exclusively by PersonaShield. PersonaShield may use Operational Data without restriction to improve the accuracy of its violation detection and enforcement processes, including refining how the Service evaluates potential violations against each Protected User’s configured safeguards. To the extent any Personal Data is used in connection with service improvement, such data is aggregated and de-identified prior to use. PersonaShield does not use Personal Data to train generalized artificial intelligence or machine learning models. Data transmitted to our third-party service providers (including AWS Rekognition, AWS Bedrock, and Google Gemini) is processed solely to provide outputs to PersonaShield and is not used by those providers to train or improve their own models. Facial reference media is used for facial matching and violation detection as described in the Biometric Consent & Authorization — this is a primary service purpose.

5. How We Share Your Data

We do not sell your personal information. We share personal information only in the following circumstances:

5.1 Social Media Platforms

When submitting takedown requests on behalf of a Protected User, we share the following information with the relevant platform (currently X, Meta/Instagram/Facebook, and TikTok, with additional platforms as the Service expands):

  • (a) Your full legal name as verified through our identity verification process;
  • (b) Your professional or public name (if different);
  • (c) Your email address (for platform communication);
  • (d) URL(s) of the content alleged to violate your rights;
  • (e) Evidence of the violation, including: (i) facial similarity scores, (ii) comparison images showing your verified likeness and the allegedly infringing content, (iii) perceptual hashes for re-upload suppression, and (iv) explanation of which configured safeguards were violated;
  • (f) Legal basis for the takedown request (right of publicity, trademark, or other applicable rights); and
  • (g) Your electronic signature authorizing the request.

We do NOT share with platforms: government ID images, date of birth, payment information, or raw biometric templates. We share only the information reasonably required to process the takedown request.

5.2 Service Providers

We use the following categories of service providers to operate the Service. Each processes personal information only on our behalf, under contractual restrictions:

ProviderPurposeData Processed
Amazon Web Services (AWS)Cloud hosting (S3), facial recognition (Rekognition CompareFaces), content moderation (Rekognition DetectModerationLabels), identity and liveness verification (Rekognition Face Liveness), AI analysis (Bedrock)Facial reference media, scraped images, government ID images, liveness check media, moderation results, verification results, analysis outputs
Google CloudAI image generation (Gemini)Text prompts, target Protected User identifier, generated images, facial reference media
StripePayment processingBilling contact details, payment method, subscription data
PostHogProduct analyticsUsage data, IP addresses, device identifiers, feature interactions

All service providers listed above process personal information solely on our behalf under written Data Processing Agreements (“DPAs”) that:

  • (a) Limit processing to our documented instructions;
  • (b) Require confidentiality commitments from personnel with access to personal information;
  • (c) Mandate appropriate technical and organizational security measures;
  • (d) Restrict sub-processor engagement without our prior authorization;
  • (e) Require deletion or return of personal information upon termination of the relationship;
  • (f) For EEA/UK data: incorporate Standard Contractual Clauses approved by the European Commission; and
  • (g) Provide audit rights and require cooperation with supervisory authorities upon request.

Copies of our DPAs (with commercially sensitive terms redacted) are available upon request by contacting privacy@personashield.com.

5.3 Legal and Regulatory

We may disclose personal information if we believe in good faith that disclosure is necessary to:

  • Comply with applicable law, regulation, or legal process (such as a subpoena or court order)
  • Protect the rights, property, or safety of PersonaShield, our users, or others
  • Enforce our Terms of Service or other agreements
  • Detect, prevent, or address fraud, security, or technical issues

5.4 Business Transfers

If PersonaShield is involved in a merger, acquisition, reorganization, or sale of assets, your personal information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your information.

6. Processing of Third-Party Content and Rights of Individuals in Scraped Content

Legal Basis for Scraping Public Content

We collect and analyze publicly posted images from social media platforms (currently X/Twitter) that may contain the likeness of our Protected Users. This processing is based on our legitimate interest in detecting unauthorized use of our clients’ likenesses and providing effective protection services. We have conducted a balancing test demonstrating that this interest is not overridden by the privacy rights of individuals whose public posts are processed, given that:

  • (a) We only process publicly available content that individuals have chosen to make public;
  • (b) Processing is limited to facial detection and matching against Protected User reference media;
  • (c) We implement strict access controls and security measures;
  • (d) We do not use this data for marketing, advertising, or secondary commercial purposes; and
  • (e) Affected individuals can exercise their privacy rights as described below.

For EEA/UK Residents

The legal basis for processing scraped content is legitimate interests pursuant to GDPR Article 6(1)(f). For biometric data contained in scraped images, we rely on the exception under GDPR Article 9(2)(e), which permits processing of special category data that relates to personal data manifestly made public by the data subject.

Rights of Individuals in Scraped Content

If you are not a PersonaShield user but your publicly posted content has been processed by our violation detection system (for example, you posted an image that was analyzed for facial matching against a Protected User), you have the following rights:

  • (a) Right to Access: You may request confirmation of whether we process your personal data and obtain a copy of such data.
  • (b) Right to Deletion: You may request deletion of your personal data, subject to our legitimate interest in protecting our Protected Users from unauthorized use of their likenesses.
  • (c) Right to Object: You may object to processing based on your particular situation. Upon receipt of a valid objection, we will cease processing unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims.
  • (d) Right to Restriction: You may request restriction of processing in certain circumstances, including where you contest the accuracy of the data or have objected to processing pending verification of our legitimate grounds.

To exercise these rights, contact us at privacy@personashield.com with: (a) the URL(s) of the post(s) in question; (b) verification of your identity; and (c) specification of the right(s) you wish to exercise. We will respond within thirty (30) days (forty-five (45) days for EEA/UK residents where permitted by applicable law).

Please note that exercising deletion or objection rights may limit our ability to protect our Protected Users from misuse of their likenesses. We will honor valid requests while balancing our legitimate interests and legal obligations to our Protected Users.

7. Data Retention

We retain personal information only as long as reasonably necessary for the purposes described in this Privacy Policy, unless a longer retention period is required by law.

Data CategoryRetention Period
Account informationRetained while your account is active. Deleted within 30 days of account closure.
Identity verification dataRetained while your account is active. Deleted within 30 days of account closure.
Biometric dataRetained until the earlier of: (a) the purpose for collection has been satisfied, (b) thirty (30) days after account closure or consent withdrawal, or (c) three (3) years after your last interaction with PersonaShield, whichever occurs first. For Illinois residents, biometric data retention complies with BIPA Section 15(a), and our retention schedule and destruction guidelines are published at personashield.com/biometric-retention. See the Biometric Consent & Authorization for full details.
Safeguard preferencesRetained while your account is active. Deleted within 30 days of account closure.
Payment recordsRetained as required by applicable tax and financial regulations (typically 7 years).
Scraped images (non-violating)Pruned after analysis. Not retained long-term.
Scraped images (violating)Retained while relevant to an active or pending takedown request, then deleted within 30 days of resolution.
Generated imagesRetained until deleted by the Creator or until account closure, whichever is earlier.
Takedown evidence packetsRetained for the duration of the takedown process and for a reasonable period thereafter for audit and legal purposes.
Usage and technical dataRetained for up to 12 months.

Backup copies. After deletion, residual copies may persist in encrypted backups for up to 60 days as part of routine backup cycles. Backup copies are not used for active processing and are accessible only under restricted conditions (e.g., disaster recovery).

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Access. You may request a copy of the personal information we hold about you.
  • Deletion. You may request that we delete your personal information. Upon receipt of a verified deletion request, we will delete your data within thirty (30) days, subject to: (a) the backup retention period described in Section 7; (b) any legal obligations to retain certain records (including tax, financial, and litigation hold requirements); and (c) our legitimate interest in retaining certain data necessary to protect our Protected Users, detect fraud, or comply with legal obligations. We will inform you if we cannot fully comply with your deletion request and the reasons therefor.
  • Correction. You may request that we correct inaccurate personal information.
  • Consent withdrawal. You may withdraw your biometric consent at any time, as described in the Biometric Consent & Authorization. Withdrawal triggers deletion of your biometric reference media and derived facial data within 30 days.
  • Objection. You may object to certain processing of your personal information, such as processing for service improvement purposes.
  • Restriction. You may request that we restrict processing of your personal information in certain circumstances.
  • Non-discrimination. We will not discriminate against you for exercising your privacy rights.

How to Exercise Your Rights

You may exercise your rights by:

We will verify your identity before fulfilling any request. We aim to respond to all requests within 30 days. If we need additional time, we will notify you.

9. California Privacy Rights (CCPA/CPRA)

This section applies to California residents and supplements the information in this Privacy Policy pursuant to the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (collectively, “CCPA”).

Categories of Personal Information Collected (Last 12 Months)

Statutory CategoryExamples CollectedSensitive PI
IdentifiersName, email address, username, account ID, IP address, device identifiersNo
Personal information under Cal. Civ. Code § 1798.80(e)Name, payment card information (via Stripe)No
Commercial informationPurchase history, subscription status, transaction recordsNo
Biometric informationFacial geometry, facial templates, facial embeddings derived from reference mediaYes
Internet or network activityUsage data, features accessed, actions taken within the Service, API callsNo
Geolocation dataGeneral location inferred from IP address (not precise geolocation)No
Visual informationProfile photos, uploaded facial reference media, AI-generated imagesNo
Professional or employment informationFor public figures: professional name, career information, public persona detailsNo
InferencesSafeguard preferences, likelihood of rights violations, content moderation determinationsNo

Business and Commercial Purposes for Collection

We collect and use personal information for the following business and commercial purposes:

  • (a) Providing and maintaining the Service, including account creation and management;
  • (b) Identity verification and fraud prevention;
  • (c) Biometric facial matching for violation detection and enforcement of Protected User safeguards;
  • (d) Processing takedown requests on behalf of Protected Users;
  • (e) AI image generation within configured safeguards;
  • (f) Payment processing and subscription management;
  • (g) Customer support and communications;
  • (h) Service improvement, analytics, and development of new features;
  • (i) Safety, security, and enforcement of our Terms of Service; and
  • (j) Legal compliance and protection of legal rights.

Categories of Third Parties to Whom Information Is Disclosed

We disclose personal information to the following categories of third parties for business purposes:

  • (a) Service providers: Cloud hosting providers (AWS), AI service providers (Google Cloud), payment processors (Stripe), and identity verification providers, each processing data solely on our behalf under written agreements;
  • (b) Social media platforms: When submitting takedown requests on behalf of Protected Users, we disclose identity information and violation evidence to the relevant platform (X, Meta, TikTok, and others as the Service expands);
  • (c) Professional advisors: Legal counsel, accountants, and auditors as necessary for business operations and compliance; and
  • (d) Law enforcement and regulators: When required by law, subpoena, court order, or to protect rights and safety.

Sale and Sharing of Personal Information

PersonaShield does not “sell” personal information as that term is defined under the CCPA. We do not exchange personal information for monetary or other valuable consideration. PersonaShield does not “share” personal information as that term is defined under the CCPA. We do not disclose personal information to third parties for cross-context behavioral advertising purposes.

Right to Limit Use of Sensitive Personal Information

Under the CPRA, you have the right to limit our use and disclosure of sensitive personal information, including biometric information. However, our core Service functionality requires processing biometric data for facial matching, violation detection, and AI image generation. If you exercise your right to limit use of sensitive personal information, we will be unable to provide the primary Service features, including the Rights Registry, Violation Detection, and AI Generation of your likeness. You may exercise this right by contacting us at privacy@personashield.com, with the understanding that doing so will effectively terminate Service functionality for your account.

Retention of Personal Information

We retain personal information as described in Section 7 (Data Retention) of this Privacy Policy. Biometric information is retained only as long as necessary to provide Services and fulfill the purposes described in our Biometric Consent & Authorization, and is deleted within thirty (30) days of account closure or consent withdrawal.

Your California Privacy Rights

California residents have the following rights under the CCPA:

  • (a) Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purposes for collection, and the categories of third parties with whom we share personal information.
  • (b) Right to Delete: You may request deletion of personal information we have collected from you, subject to certain exceptions.
  • (c) Right to Correct: You may request correction of inaccurate personal information.
  • (d) Right to Opt-Out of Sale/Sharing: We do not sell or share personal information, so this right is not applicable.
  • (e) Right to Limit Sensitive PI: You may limit our use of sensitive personal information as described above.
  • (f) Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

To exercise these rights, contact us at privacy@personashield.com or submit a request through your account settings. We will verify your identity as described below before fulfilling your request.

California “Shine the Light” Disclosure

Under California Civil Code Section 1798.83 (“Shine the Light”), California residents may request information regarding disclosure of personal information to third parties for their direct marketing purposes. PersonaShield does not disclose personal information to third parties for their direct marketing purposes.

Verification Process

To protect your privacy and prevent unauthorized access to personal information, we must verify your identity before fulfilling access, deletion, or correction requests. Verification requirements include:

  • (a) For account holders: Log in to your account and submit requests via the settings menu, or provide information matching your account records.
  • (b) For non-account holders: Provide at least two (2) pieces of information we can match to our records (e.g., email address associated with a communication and description of your interaction with the Service).
  • (c) For biometric data requests: Enhanced verification may be required consistent with BIPA and CCPA requirements, which may include submission of a government-issued identification document.

Authorized Agents

California residents may designate an authorized agent to submit requests on their behalf. Authorized agents must provide: (a) written authorization signed by the data subject, or (b) a valid power of attorney. We may require the data subject to verify their identity directly and confirm the agent’s authorization.

Response Timing

We will respond to verified requests within thirty (30) days, extendable to forty-five (45) days for complex requests with notice to you.

Appeals

If we deny your request in whole or in part, you have the right to appeal our decision. To appeal, contact us at privacy@personashield.com within thirty (30) days of receiving our response, stating the basis for your appeal. We will respond to appeals within forty-five (45) days. California residents may also file a complaint with the California Privacy Protection Agency at cppa.ca.gov.

10. European Economic Area, United Kingdom, and Switzerland Residents

If you are located in the European Economic Area (“EEA”), United Kingdom (“UK”), or Switzerland, the following additional information applies to our processing of your personal data.

Legal Bases for Processing

We process your personal data based on the following legal bases under the General Data Protection Regulation (“GDPR”) and UK GDPR:

  • (a) Consent (Article 6(1)(a)): For processing of biometric data (via the separate Biometric Consent & Authorization) and any future non-essential cookies or tracking technologies.
  • (b) Performance of Contract (Article 6(1)(b)): For processing necessary to provide the Service you have requested, including account management, identity verification, violation detection, takedown request submission, and AI image generation.
  • (c) Legitimate Interests (Article 6(1)(f)): For service improvement, safety and security, fraud prevention, and enforcement of our Terms of Service, where these interests are not overridden by your fundamental rights and freedoms. Our legitimate interests include protecting our Protected Users from unauthorized use of their likenesses and maintaining the integrity of our Service.
  • (d) Legal Obligation (Article 6(1)(c)): For processing required to comply with applicable laws, regulations, and legal processes.

Your Rights Under GDPR

In addition to the rights described in Section 8, EEA, UK, and Swiss residents have the following rights:

  • (a) Right to Data Portability: You may request a copy of your personal data in a structured, commonly used, machine-readable format and have it transmitted to another controller where technically feasible.
  • (b) Right to Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal.
  • (c) Right to Lodge a Complaint: You may lodge a complaint with a supervisory authority if you believe our processing violates your rights under applicable data protection law.

Complaints to Supervisory Authorities

You have the right to lodge a complaint with a data protection supervisory authority in your country of residence, place of work, or place of the alleged infringement if you believe our processing of your personal data violates applicable law.

Data Protection Officer

PersonaShield has not appointed a Data Protection Officer as we do not meet the thresholds requiring such appointment under GDPR Article 37. For privacy inquiries, please contact privacy@personashield.com.

Authorized Agents

EEA/UK residents may designate an authorized agent to submit requests on their behalf. Authorized agents must provide: (a) written authorization signed by the data subject, or (b) a valid power of attorney. We may require the data subject to verify their identity directly and confirm the agent’s authorization.

Response Timing

We will respond to verified requests within thirty (30) days, extendable to ninety (90) days for complex requests with notice to you. EEA/UK residents may lodge complaints with their supervisory authority as described above.

11. International Data Transfers

PersonaShield Technologies Inc. is incorporated in Delaware and headquartered in the United States. Your personal information is processed and stored in the United States, primarily in the Amazon Web Services US-East-1 (Northern Virginia) region.

If you are located outside the United States, your personal information will be transferred to and processed in the United States. We rely on applicable legal mechanisms for international data transfers, including standard contractual clauses where required.

12. Cookies and Tracking Technologies

We use cookies, local storage, and similar technologies (“Tracking Technologies”) to operate and improve the Service.

Types of Tracking Technologies We Use

  • (a) Essential Cookies: Required for core Service functionality, including session management, authentication, and security. These cookies cannot be disabled without impairing Service functionality.
  • (b) Preference Cookies: Remember your settings and preferences (e.g., language, display options). You may disable these cookies, but certain features may not function as intended.
  • (c) Analytics Cookies: Help us understand how users interact with the Service, including pages visited, features used, and performance metrics. We use PostHog for product analytics; data is transmitted to PostHog’s servers under their privacy policy. You may disable analytics cookies through your browser settings.

We do not currently use advertising or cross-site tracking cookies. If we introduce such cookies in the future, we will update this Privacy Policy and provide appropriate notice and consent mechanisms.

Managing Cookies

You may control cookies through your browser settings. Most browsers allow you to refuse cookies, delete existing cookies, or alert you when cookies are being sent. Please note that disabling essential cookies will impair your ability to use the Service. For users located in the European Economic Area or United Kingdom, PersonaShield will present a cookie consent mechanism prior to setting any non-essential cookies, in accordance with applicable ePrivacy and data protection laws. Non-essential cookies will not be activated until you have provided your consent through this mechanism.

Do Not Track Signals

Our Service recognizes and responds to Global Privacy Control (“GPC”) signals as required by applicable law, including the CCPA. When we detect a valid GPC signal from your browser, we will treat it as a request to opt out of the sale or sharing of personal information associated with that browser. Our Service does not currently respond to other “Do Not Track” browser signals, as there is no industry consensus on the interpretation or implementation of such signals beyond GPC. We will update this policy if additional standards for responding to such signals are established.

13. Security

We implement technical and organizational measures designed to protect personal information against unauthorized access, alteration, disclosure, or destruction. These measures include encryption of data at rest and in transit, access controls, and audit logging. PersonaShield regularly evaluates and enhances its security measures as the Service and team scale.

No method of transmission over the Internet or electronic storage is completely secure. While we strive to protect your personal information using commercially reasonable measures, we cannot guarantee absolute security.

In the event of a data breach affecting your personal information, we will notify you as required by applicable law. For EEA/UK residents, we will notify the relevant supervisory authority within seventy-two (72) hours of becoming aware of a breach, where feasible, and will notify affected individuals without undue delay where the breach is likely to result in a high risk to their rights and freedoms. For California residents, we will provide notice without unreasonable delay consistent with the legitimate needs of law enforcement and any measures necessary to determine the scope of the breach.

14. Children

The Service is restricted to individuals aged eighteen (18) years and older. We do not knowingly collect personal information from anyone under the age of eighteen (18). If you are under eighteen (18), do not use the Service or provide any information to us.

We recognize that minors may be victims of non-consensual synthetic media and may require protection. If you are a parent or guardian of a minor who needs protection from AI-generated content depicting the minor’s likeness, please contact us at privacy@personashield.com to discuss available options. Any services provided to minors will require verifiable parental consent and will be subject to enhanced privacy protections.

If we learn that we have collected personal information from a child under eighteen (18) without appropriate parental consent, we will take steps to delete such information promptly. Parents or guardians who believe we may have collected information from a minor should contact us immediately at privacy@personashield.com.

15. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or for other operational reasons.

Material Changes. If we make material changes to this Privacy Policy, we will notify you by:

  • (a) Email to your registered email address at least thirty (30) days before the changes take effect;
  • (b) Prominent notice on the Service (e.g., banner notification upon login); and
  • (c) For changes affecting biometric data processing: request for explicit consent where required by applicable law (including BIPA and GDPR).

Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated Privacy Policy, except where applicable law requires explicit consent for specific changes. If you do not agree with the changes, you may close your account prior to the effective date of the updated Privacy Policy.

The “Last Updated” date at the top of this Privacy Policy indicates when it was most recently revised. Prior versions of this Privacy Policy are available upon request by contacting privacy@personashield.com.

16. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, contact us at:

PersonaShield Technologies Inc.
7226 Estonian Place, Las Vegas, NV 89113
United States
Email: support@personashield.com
Privacy Inquiries: privacy@personashield.com