This Privacy Policy describes how DataShield Inc. ("DataShield", "we", "us", or "our") collects, uses, stores, and protects information when you use the DataShield GTM platform and our website at gtm.myorg.ai (collectively, the "Service").
1. Information We Collect
1.1 Information You Provide
- Account Information: Name, email address, and authentication details provided during SSO registration (via Google, GitHub, Microsoft Entra, or Okta)
- Contact Form Data: Information submitted through our demo request form including name, email, company, job title, phone number, team size, and related business details
- Customer Data: Business data you input into the platform including contacts, companies, opportunities, campaigns, email content, and pipeline information
- Communications: Messages you send to us via email or through the platform
1.2 Information Collected Automatically
- Usage Data: Pages visited, features used, actions taken, session duration, and frequency of use
- Device Information: Browser type, operating system, device type, and screen resolution
- Log Data: IP address, access timestamps, referring URLs, and error logs
- Cookie and Tracking Data: We use cookies and similar technologies for authentication, preferences, and analytics (see Section 5)
1.3 Information from Third Parties
- SSO Providers: Authentication data from your identity provider (name, email, profile picture)
- Analytics: Google Analytics data about website traffic and behavior
- Enrichment Data: The AI intelligence engine may augment Customer Data with publicly available business information for enrichment purposes
2. How We Use Your Information
| Purpose | Legal Basis |
| Provide and operate the Service | Contract performance |
| Process demo requests and sales inquiries | Legitimate interest |
| AI-powered enrichment, scoring, and intelligence | Contract performance |
| Send product updates and service notifications | Contract performance |
| Improve the Service and develop new features | Legitimate interest |
| Analyze website traffic and marketing effectiveness | Legitimate interest / Consent |
| Prevent fraud and ensure security | Legitimate interest |
| Comply with legal obligations | Legal obligation |
3. AI Data Processing
Our Service includes AI-powered features that process your Customer Data to provide enrichment, signal detection, opportunity scoring, and outreach assistance. Specifically:
- The AI intelligence engine processes Customer Data to enrich contact profiles with publicly available information
- AI models analyze pipeline data to detect buying signals and predict outcomes
- AI-drafted outreach content is generated using contact context and engagement history
- All AI processing is performed solely to provide the Service to you
- We do not use your Customer Data to train general-purpose AI models
- You maintain full control over AI features and can disable them at any time
4. Data Sharing
We do not sell your personal information. We may share information in these limited circumstances:
- Service Providers: Third-party vendors that help us operate the Service (hosting, analytics, email delivery). These providers are contractually bound to protect your data.
- Integrations: When you connect third-party services (e.g., Salesforce, Slack), data flows as directed by your integration configuration.
- Legal Requirements: When required by law, subpoena, court order, or government request.
- Business Transfers: In connection with a merger, acquisition, or sale of assets, with continued protection of your data.
- With Your Consent: When you explicitly authorize us to share information.
5. Cookies and Tracking
We use the following types of cookies and tracking technologies:
- Essential Cookies: Required for authentication and basic Service functionality (e.g.,
commander_token, commander_refresh)
- Analytics Cookies: Google Analytics 4 for understanding website traffic and user behavior. You can opt out via the Google Analytics Opt-out Browser Add-on.
- Marketing Cookies: UTM parameters and session-based tracking for measuring advertising campaign effectiveness
6. Data Security
We implement industry-standard security measures to protect your data:
- AES-256-GCM encryption for sensitive data at rest
- TLS 1.3 encryption for data in transit
- RS256-signed JWT tokens with automatic key rotation via JWKS
- Role-based access control (RBAC) with principle of least privilege
- Full audit logging of security-relevant operations
- Regular security assessments and monitoring
7. Data Retention
- Active Accounts: Customer Data is retained for the duration of your subscription
- Terminated Accounts: Customer Data is available for export for 30 days after termination, then permanently deleted
- Demo Request Data: Contact form submissions are retained for 24 months unless you request earlier deletion
- Analytics Data: Aggregated and anonymized analytics data may be retained indefinitely
- Audit Logs: Security and audit logs are retained for 12 months
8. Your Rights
Depending on your jurisdiction, you may have the following rights:
- Access: Request a copy of the personal information we hold about you
- Correction: Request correction of inaccurate personal information
- Deletion: Request deletion of your personal information
- Portability: Request export of your data in a machine-readable format
- Objection: Object to processing based on legitimate interest
- Restriction: Request restriction of processing in certain circumstances
To exercise these rights, contact us at support@myorg.ai. We will respond within 30 days.
9. International Data Transfers
Your data may be processed and stored in the United States. If you are located outside the United States, by using the Service you consent to the transfer of your data to the United States, where data protection laws may differ from those in your jurisdiction.
10. Children's Privacy
The Service is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, contact us and we will promptly delete it.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service. The "Last updated" date at the top of this page indicates when the policy was last revised.
12. Contact Us
For questions or concerns about this Privacy Policy or our data practices, contact us at: