ShieldWeb is operated from Switzerland. This policy explains what data we collect, why, and your rights under Swiss nFADP and GDPR.
π¨π Your data is hosted in Switzerland
Our servers are located in Switzerland and governed by Swiss law (nFADP). Switzerland is not subject to the US PATRIOT Act, CLOUD Act, or EU data retention directives. No third party can compel us to hand over your data without a Swiss court order.
If you enable DNS filtering (Kids Guard, Safe Surfing, Anti-Malware), DNS queries are processed by AdGuard running on the same server. Query logs are not retained beyond 24 hours and are used only for blocking statistics.
Support tickets
When you submit a support ticket, we store the message content and your email in order to respond.
3. Why we collect it
We process your data on the following legal bases:
Contract performance β to provide the VPN service you signed up for (Art. 6(1)(b) GDPR)
Legal obligation β to comply with applicable Swiss law if required
Consent β for optional features like DNS filtering
4. Data storage and security
All data is stored on servers physically located in ZΓΌrich, Switzerland
Data is encrypted in transit using TLS 1.3
VPN traffic is encrypted using WireGuard (ChaCha20-Poly1305)
Database is stored in SQLite with file-system permissions restricted to the application user
Passwords are hashed with bcrypt (cost factor 12)
Two-factor authentication (TOTP) is available and recommended
5. Data sharing
We do not sell your data. We share data only with:
Paddle (payment processor) β billing information only, under their privacy policy
Email provider β your email address to send transactional emails (verification, password reset)
Law enforcement β only if required by a valid Swiss court order. We will notify you unless legally prohibited from doing so.
We do not transfer data outside Switzerland except as necessary for payment processing (Paddle is GDPR-compliant).
6. Data retention
Account data β retained while your account is active and for 30 days after deletion
VPN device keys β deleted immediately when you remove a device
Support tickets β retained for 12 months
Billing records β retained for 7 years as required by Swiss accounting law
DNS query logs β max 24 hours, automatically purged
Audit events β retained for 90 days
7. Your rights
Under GDPR (and Swiss nFADP) you have the following rights. To exercise any of them, email privacy@shieldweb.online:
π Right of access
Request a copy of all personal data we hold about you.
βοΈ Right to rectification
Correct inaccurate or incomplete data. You can update most data yourself in Settings.
ποΈ Right to erasure
Request deletion of your account and all associated data.
π¦ Right to portability
Receive your data in a machine-readable format (JSON).
β Right to object
Object to processing based on legitimate interests.
βΈοΈ Right to restriction
Request we limit processing while a dispute is resolved.
We will respond to all requests within 30 days. If you are unsatisfied with our response, you have the right to lodge a complaint with the Swiss Federal Data Protection Commissioner (FDPIC) or your local EU supervisory authority.
8. Cookies
We use only essential cookies:
nmtrial β session cookie. Stores your login session. Expires when you close the browser or log out. Required for the service to function.
We do not use analytics cookies, advertising cookies, or any third-party tracking scripts.
9. Contact & DPO
Data Protection Contact
For privacy questions, data requests, or to exercise your rights: