ShieldFlow盾流
← Back to home

Privacy Policy

Zero-log by architecture, not by promise

Last updated: April 19, 2026

ShieldFlow is built on a simple premise: we cannot leak what we never collected. This policy describes what little data we do handle, why we handle it, and how long it sticks around.

1. What we collect

To run a subscription service we need a minimum of account data. We collect an email address (for login and billing receipts), a hashed password, billing records tied to your Stripe or USDT payment, and a referral code if you were invited. We do not collect your real name, home address, or government identifiers.

2. What we do NOT log

We do not log your browsing history, connection timestamps, source IP addresses, destination hostnames, DNS queries, or bandwidth breakdown per destination. Relay nodes route packets in memory and discard them on forward. Nothing about your traffic is written to disk.

3. Operational metrics

Each node reports its own health (CPU, memory, concurrent socket count, aggregate egress bytes) to our control plane so we can detect failing servers. These metrics are aggregated — they describe the server, not any user. Per-user metrics that do exist (total monthly traffic, device count) are required to enforce plan limits and expire with the billing cycle.

4. Device fingerprinting

Your subscription token is device-bound: the first N clients that pull the subscription URL get registered against your account, where N is your plan's device limit. We store an opaque client fingerprint (user-agent + salted hash of the device's first-seen IP) solely to count slots. You can reset this list at any time from the Devices page.

5. Cookies and localStorage

The portal uses a single HTTP-only session cookie for login state. We do not use third-party analytics, advertising cookies, or cross-site trackers. Client-side language preference is stored in localStorage.

6. Payment data

Card payments are processed by Stripe; we never see your card number or CVV. USDT payments are verified on-chain; the only data we retain is the transaction hash and the paid amount.

7. Data requests from authorities

Because we do not log traffic metadata, there is no log to hand over. If compelled by lawful process we will provide the account-level data described in Section 1 (email, billing history) — and nothing else, because nothing else exists.

8. Your rights

You can export or delete your account at any time from Settings. Account deletion removes all personally identifiable records within 30 days. Billing records required by tax law are retained in anonymized form.

9. Contact

Questions about this policy can be sent to [email protected].