TeamShield software and system’s architecture have been designed and developed applying from day one the principles of "security by design" and "privacy by design".
Neither TeamShield nor any of our employees have any possibility of decrypting any file or message that our customers and their users store in, or send through, TeamShield.
Using TeamShield, we help our customers comply with privacy laws such as the CCPA and GDPR, which requires encryption of information to protect it, and we provide broad privacy and confidentiality features.
To put it simply in layman’s terms, unlike other broadly used online services, when using TeamShield, you’re not the product: we will never show advertising (and even less so, targeted advertising) and we will not sell your data to any 3rd party.
While nothing is 100% secure, we strive to provide the best possible protection, and are always improving on it.
We take a multi-layer approach to security, where end-to-end encryption is only one of several aspects to ensure privacy and security of all the messages and files that our users exchange using TeamShield.
TeamShield unites the features of several common online collaboration and business productivity tools in one solution, with a special focus on Privacy of the data and metadata of our users: TeamShield combines features from cloud drives, messaging apps, from large file sharing services and from email solutions. More features are added on an ongoing basis, with the constant objective of protecting user’s data and privacy.
Regarding end-to-end encryption, we use multi-layer encryption processes and several military-grade algorithms. All encryption keys are always generated locally on the user’s device, never on our servers. In addition to user-specific keys, each message, each transfer of file, as well as each file stored on the user’s cloud drive are encrypted separately with new, unique keys and other encryption materials (such as initialization vector) that are also new and unique to each message / each transfer of files, in order to make the encryption more robust. The only one who has access to the account’s encryption keys in a usable format is you, the user, because they are generated locally on the user’s device and are systematically encrypted with an encryption passphrase (among other steps) that only the user knows and over which the user has full and sole control. TeamShield never has access to the user’s passphrase.
TeamShield also provides easy and secure messaging and files transfer even to people who don’t have an account. Such recipients are also bound by our Terms of Service and Privacy Policy when they access our web app in order to view/download the message/files sent to them by our users.
The purpose of TeamShield, and our mission, is to help you communicate and cooperate privately and securely with people you trust whether they are colleagues, customers, suppliers, family members or friends, and to keep your confidential information at bay from big tech and prying eyes. We facilitate a secure and private channel but you should still continue exercising your best judgment and common sense regarding who you choose to interact with on our platform and what information you share in which context. You are solely responsible and liable for your actions.
Our Terms of Service and Privacy Policy are available below. For the purposes of these Terms of Service and this Privacy Policy, ‘we’, ‘us’, ‘our’ and ‘TeamShield’ all refer to TeamShield, Inc., a Delaware C-Corp, and ‘you’ refers to you, the user of our Services.
By accessing or using our web app (website application) at teamshield.ai/app (or teamshield.ai/temporary, or any of their subfolders), or by downloading, installing, signing up, copying or otherwise using any of our apps, services, or web apps that run either on our main infrastructure - or on a Private Cloud in case you our your organization contracted a Managed Private Cloud instance of TeamShield - (together, “Services”), you are consenting to be bound by our Terms of Service (“Terms”). TeamShield operates and provides our Services and is responsible for your information when you use TeamShield Services.
Please read our Privacy Policy to understand how we safeguard the information you provide when using our Services. For the purpose of operating our Services, you agree to our data practices as described in our Privacy Policy.
You must be at least 16 years old to use our Services with an individual, self-registered user account. However those under the age of 16 may use our Services with the consent or authorization of their parent or legal custodian. Family Account Administrator and Corporate Account Administrator (view definitions in section B of our Privacy Policy) are responsible for that authorization when they add someone under the age of 16 to an Organizational account (more details about these types of accounts in our Privacy Policy).
To create an account you must register for our Services using your email address (and optionally for 2FA, your phone number). You agree to receive email and text messages (from us or our third-party providers) with confirmation links or verification codes to register for our Services. These are known as transactional emails and are essential in order to use our Services. They can not be disabled. Similarly, other transactional emails such as for the purposes of resetting your passphrase or other security notifications can not be disabled for your own security, and to make sure that we can provide you with our Services.
For your convenience, by default you may also receive email notifications for example to let you know when you have received new files. While these types of emails are also considered transactional and usually enhance your user experience, you can opt out of such notification emails from your settings section (and activate them again at any time if you wish to). In any case, you will always have access to in-app notifications that don’t rely on a 3rd party email provider.
In order to enable new features and enhanced functionality, you consent to reloading our web app, or downloading and installing updates to our Services such as our OS-specific apps (for example for macOS, Windows, Linux, Android or iOS), either manually or automatically. Most updates will be completely transparent, however we may sometimes automatically log you out and prompt for a mandatory reload of our web app or for the installation of a new OS-specific app version in order to continue using our Services.
You are responsible for data and mobile carrier fees and taxes associated with the devices on which you use our Services. We do not provide any kind of internet connection as part of our Services, and internet connection is required to be able to use most of our Services.
You must use our Services according to our Terms and posted policies. If we disable your account for a violation of our Terms, you will not create another account without our permission. In case you do anyway, we reserve the right to terminate any other new account without notice.
You agree to use our Services only for legal, authorized, and acceptable purposes. You will not use (or assist others in using) our Services in ways that:
(a) violate or infringe the rights of TeamShield, our users, or others, including privacy, publicity, intellectual property, or other proprietary rights;
(b) involve sending illegal or impermissible communications such as bulk messaging, spamming, auto-messaging or sending any unsolicited files;
(c ) could cause harm to recipients; especially, you will not try to send any file that contains viruses or spyware.
In particular, you hereby agree to the following:
Your TeamShield account and associated use of our Services is non-transferable. You agree not to disclose your passphrase and log-in details voluntarily to third parties. If you do so, you are accountable for any actions made via your account by another party. We are also obviously not responsible for any loss or leak of data from your account if you have shared your passphrase or log-in details with anyone or published them publicly. It’s against our Terms to do so.
Contact us immediately if you think someone is using your account using any of the contact methods listed in the Security Contacts of the Contacts section.
Bear in mind that TeamShield never sends emails or contacts you by other means with a request to provide your passphrase or password details. If you received such an email, please do not respond to it, and immediately contact our security team (see Contacts section), forwarding the email you received impersonating TeamShield, so that we can investigate further and prevent any harm to your account or other users’ accounts.
As a recipient either of an unwanted invitation, or of unsolicited or offending, inappropriate or IP-infringing content, you agree to not held us liable for any harm caused by such event, and to cooperate with us as described above to help us investigate and stop such behavior, in order to both protect you and to protect other users or recipients whom might also be impacted by the actions of the user that has sent or shared said content.
If your account has been reported to us for any of the above mentioned infringement, depending on the gravity of the facts and the proofs available to us, we might either reach out to you with a simple warning and/or to give you an opportunity for clarification, or we might unilaterally and immediately block your access and disable or delete your account. It would be an infringement of our terms to try to recreate an account with a different email address in order to engage in similar behavior.
If you receive inappropriate content from a user, we may ask you to provide us with the relevant screenshot(s) of the specific message(s) and/or copy of the file(s) so that we can investigate and so that, if appropriate, we can take action against the offending party. As a user, you acknowledge and agree that for the benefits of such investigation, your recipient might provide us with an unencrypted copy of messages or content you sent or shared with them via TeamShield and that we would otherwise not have access to in readable format (since, by design, we do not have the possibility to decrypt any of your messages and documents).
You must not (or assist others to) access, use, modify, distribute, transfer, or exploit our Services in unauthorized manners, or in ways that harm TeamShield, our Services, or systems. For example you must not
(a) gain or try to gain unauthorized access to our Services or systems;
(b) disrupt the integrity or performance of our Services;
(c) create accounts for our Services through unauthorized or automated means;
(d) collect information about our users in any unauthorized manner;
(e) sell, rent, or charge for our Services; distribute, rent, lease, sell, sublicense or otherwise transfer all or part of the Licensed Software or the Service to any person or company. If you are interested in becoming a distributor, contact us.
(f) permit the Licensed Software to be accessed through “shareware” distribution;
(g) try to analyze, decompile, disassemble, reverse engineer, or otherwise attempt to derive all or any part, particularly the source code of the Services or of our OS-specific apps and web apps, except for the scope in which such limitation is explicitly prohibited by law.
(h) modify or create derivative works based on the Services;
(i) remove or modify any Service Content, disclaimer or warning notice included or embedded in any part of the Services.
TeamShield embraces privacy by design and security by design, and does not have the ability to read or view your messages nor files. You are responsible for keeping your device and your TeamShield account safe and secure. TeamShield does not store your passphrase and it cannot be restored. It is your sole responsibility to remember your passphrase. If you forget your passphrase, all your encrypted content will be lost. While we dedicate ourselves to protecting your information and our systems, the strength of your passphrase and how you manage/store/protect it are your responsibility and are also paramount to ensuring the security of your account and of your information. It is your sole responsibility to keep your passphrase secret and undisclosed to other parties. As such, we are not responsible for any loss or disclosure of your messages/files that would be the consequence of your passphrase being compromised or lost. In future versions, we might provide an optional cryptographic recovery mechanism involving the Organization you belong to (for members and admins of Organizational Accounts) and/or your TeamShield contacts. In this case, we would update our Terms, and TeamShield would still not have access to the user’s passphrase.
Considering our mission, our security architecture and the sensitivity of the information you entrust us with (even in encrypted form such as the Secured Content as defined in our Privacy Policy), it may not be possible for us to help you with certain user service requests unless you are listed as an Account Administrator and are communicating from your verified email address. In the event that you change your email address, it is very important that you update your email immediately on your TeamShield account(s) or you may eventually lose access. We can only process requests for support or account details update when they originate from the email address we have on file for your account, or in certain cases if you send your request by TeamShield messaging feature from within that same account.
Our Services do not provide access to emergency service providers like the police, fire department, hospitals, or other public safety organizations. Make sure you can contact emergency service providers through a mobile, fixed-line telephone, or other service.
Our Services may allow you to access, use, or interact with third-party websites, apps, content, and other products and services. When you use third-party services, their terms and privacy policies govern your use of those services. For example, users have the option to import their contacts from Microsoft/Outlook or Google/Gmail. However, such use is totally voluntary at a user level, and can be completely disabled at the level of any Managed Private Cloud.
While we do our best to ensure backward compatibility with older browser versions and older OS-versions of devices, it is your responsibility to update your browser(s) and device(s)’ OS to recent or latest versions, both for a better user experience with our Services, and generally as a good security habit. It is recommended to access our Services with the latest versions of browsers and devices’ OS. We do not guarantee that any feature works on older versions. Some browsers and OS might not be supported or compatible with some of TeamShield features.
In some (so far) rare cases, if you use a personal firewall, or access TeamShield through a corporate firewall, you might need to whitelist certain domains (information available upon request) for our apps or web apps to work properly.
Although not a requirement, we also encourage you to whitelist (or save in your contacts) the email addresses listed in the Contact section at the end of the Terms, in order to ensure a better user experience and receive our notifications in a timely manner.
For some plans or features where the consumption is indicated as “unlimited” in our pricing page details, we reserve the right to apply a fair usage policy in order to ensure the quality of our Services for all customers. This is a rare occurrence and will only be applied in extreme circumstances.
You own the information you submit through our Services. You must have the rights to the email address (and phone number in case of 2FA) you use to sign up for your TeamShield account.
We own all copyrights, trademarks, domains, logos, trade dress, trade secrets, patents, and other intellectual property rights associated with our Services. You may not use our copyrights, trademarks, domains, logos, trade dress, patents, and other intellectual property rights unless you have our written permission. To report copyright, trademark, or other intellectual property infringement, please contact our support team (see Contact section).
TeamShield grants you a limited, revocable, non-exclusive, and non-transferable license to use the software related to our Services (“Licensed Software”) and to use our Services in accordance with these Terms. Licensed Software is licensed, not sold. Your license to use the Licensed Software is automatically revoked if you violate these Terms.
3.4 Transfer to Subsidiary or other Company within the TeamShield group of companies. TeamShield may transfer and assign its rights and obligations under these Terms of Service and Privacy Policy to one or more of its wholly-owned subsidiaries and/or one or more of its companies within its group of companies, provided that any such subsidiary or company shall become bound by the terms of this Agreement and shall become liable for the performance of the obligations deriving from any such assignment. As an example, TeamShield might later create a subsidiary in the EU, dedicated to its EU customers, and thus could transfer its Privacy obligations and Terms of Service for EU customers to this new EU entity.
TeamShield offers a free plan as well as paid plans. Details about the limits of your plan (whether free or paid) are available both prior to signing up, on our pricing page, and after signing up, from the plans section within your user account. If you ever choose to upgrade, details of the plan you intend to upgrade to are available to you before you subscribe. In all cases, after signing up (whether for a free plan or a paid plan), and after any upgrade, you will receive an automated email notification with a summary of the main characteristics of your new plan.
The free plan offers access to many of our features, albeit with some limitations. For example, the number of files that can be sent per month is limited, the total size of files stored is limited too. In order to benefit society at large and give the chance to anyone to protect their privacy, it is our intention to always provide a free version of our Services - the Forever Free plan - but we reserve the right to change its characteristics over time.
In addition to, and independently from, the free plan mentioned in the previous paragraph, we offer a free trial on some of our paid subscriptions. This free trial period, if applicable, is clearly indicated before you subscribe, and is clearly indicated in the on-screen confirmation message after subscribing. In such a case, you are charged nothing for the subscription at the time of subscribing for it, and will only be charged at the end of the free trial period, unless you cancel your subscription prior to the end of the free trial period, in which case you will never be charged anything.
There are several ways to acquire a paid subscription: directly from our web app, via our sales team, or because a license for a paid plan has been assigned or gifted to you by a third party (for example, for our Corporate plans: by your employer, a company whom you do business with as a supplier or client, etc; for our Family plans: by a family member). If a paid plan has been assigned to you by a third party, that third party remains in charge of the potential cancellation or revocation of the corresponding subscription. If you have purchased a paid subscription directly or if you have bought a paid subscription that you have assigned to someone else, the following cancellation and refund policies apply to said licenses.
You can cancel your TeamShield subscription at any time. To cancel your subscription, follow the instructions in the Plans section of your TeamShield account or contact support directly (see Contacts section) using the same email address that you used for signing up to TeamShield.
Your subscription will remain active from the time you cancel until the end of your current billing period, and you will not receive a refund or credit for any remaining days in your current billing period. At the end of your subscription you will lose access to all features associated with your paid TeamShield plan, and your account will be automatically downgraded to a free plan (unless you re-subscribe) which will allow you to keep enjoying TeamShield, albeit with some limitations. Should the storage space you use be greater than what the TeamShield free plan entitles you to, it’s your responsibility to delete or backup your content outside TeamShield. Should you not do so by the date your subscription ends, you understand, agree and acknowledge that your files will be deleted automatically from TeamShield and no longer accessible via TeamShield at any point after the end of your subscription.
Deleting your TeamShield account or removing the TeamShield application from your device(s) does not cancel your subscription.
When purchasing a subscription directly in our web app, you enter your credit card details into a form supplied by the payment provider that will be processing the payment, and this information goes directly to the payment provider's server. Your credit card information never reaches TeamShield’s servers. We do not access and do not store your credit card information.
Instead of subscribing directly on our website, if you prefer, you may first talk to our sales team who can answer any questions you might have and then at your request send you an invoice, whether corresponding to one of our standard plans, or creating a custom plan for your company. You may pay the invoice by bank transfer, or by using a link to pay with credit card. In the latter case, the process (and associated privacy/security) described in 4.7 about handling of your payment details also applies.
If you obtain a TeamShield paid subscription via a third party (e.g. Google Play, Apple App Store - albeit we currently do not offer this option), your purchase may be further subject to the third party's terms as agreed between you and the third party. For Paid Services obtained via a third party, your billing relationship will be directly with the applicable third party.
Compliance with the Terms. Failure to comply with the TeamShield Terms of Service may result in a temporary or a permanent ban from TeamShield or some of its services. In such instances, you might lose the benefits of your TeamShield paid subscription, if any, and we will not compensate you for this loss.
Unilateral Termination. TeamShield can decide to stop offering subscriptions at any time, including in response to unforeseen circumstances beyond our control, or to comply with a legal requirement; in this case we will cancel your subscription and refund the prorated portion of any prepaid subscription fee equal to the remaining unused term of the subscription.
YOU USE OUR SERVICES AT YOUR OWN RISK AND SUBJECT TO THE FOLLOWING DISCLAIMERS. WE PROVIDE OUR SERVICES ON AN “AS IS” BASIS WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, NON-INFRINGEMENT, AND FREEDOM FROM COMPUTER VIRUS OR OTHER HARMFUL CODE. TEAMSHIELD DOES NOT WARRANT THAT ANY INFORMATION PROVIDED BY US IS ACCURATE, COMPLETE, OR USEFUL, THAT OUR SERVICES WILL BE OPERATIONAL, ERROR-FREE, SECURE, OR SAFE, OR THAT OUR SERVICES WILL FUNCTION WITHOUT DISRUPTIONS, DELAYS, OR IMPERFECTIONS. WE DO NOT CONTROL, AND ARE NOT RESPONSIBLE FOR, CONTROLLING HOW OR WHEN OUR USERS USE OUR SERVICES. WE ARE NOT RESPONSIBLE FOR THE ACTIONS OR INFORMATION (INCLUDING CONTENT) OF OUR USERS OR OTHER THIRD PARTIES. YOU RELEASE US, AFFILIATES, DIRECTORS, OFFICERS, EMPLOYEES, PARTNERS, AND AGENTS (TOGETHER, “TEAMSHIELD PARTIES”) FROM ANY CLAIM, COMPLAINT, CAUSE OF ACTION, CONTROVERSY, OR DISPUTE (TOGETHER, “CLAIM”) AND DAMAGES, KNOWN AND UNKNOWN, RELATING TO, ARISING OUT OF, OR IN ANY WAY CONNECTED WITH ANY SUCH CLAIM YOU HAVE AGAINST ANY THIRD PARTIES.
THE TEAMSHIELD PARTIES WILL NOT BE LIABLE TO YOU FOR ANY LOST PROFITS OR CONSEQUENTIAL, SPECIAL, PUNITIVE, INDIRECT, OR INCIDENTAL DAMAGES RELATING TO, ARISING OUT OF, OR IN ANY WAY IN CONNECTION WITH OUR TERMS, US, OR OUR SERVICES, EVEN IF THE TEAMSHIELD PARTIES HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. OUR AGGREGATE LIABILITY RELATING TO, ARISING OUT OF, OR IN ANY WAY IN CONNECTION WITH OUR TERMS, US, OR OUR SERVICES WILL NOT EXCEED ONE HUNDRED DOLLARS ($100). THE FOREGOING DISCLAIMER OF CERTAIN DAMAGES AND LIMITATION OF LIABILITY WILL APPLY TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW. THE LAWS OF SOME STATES OR JURISDICTIONS MAY NOT ALLOW THE EXCLUSION OR LIMITATION OF CERTAIN DAMAGES, SO SOME OR ALL OF THE EXCLUSIONS AND LIMITATIONS SET FORTH ABOVE MAY NOT APPLY TO YOU. NOTWITHSTANDING ANYTHING TO THE CONTRARY IN OUR TERMS, IN SUCH CASES, THE LIABILITY OF THE TEAMSHIELD PARTIES WILL BE LIMITED TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW.
We strive to ensure that our Services are never interrupted, even shortly, including for maintenance and upgrades. However, on rare occasions, it is possible that a major version upgrade would require a short interruption in order to ensure a successful upgrade to all our users, in which case we would provide advance notice. To run our infrastructure we use cloud providers offering a scalable, secure, multi availability zone infrastructure to ensure the availability of our Services; we would not be responsible if there were exceptionally a network or infrastructure failure of our providers, albeit such occurrences are unlikely. We may update our Services, change and/or add features, and may replace existing Services by enhanced ones, always in the aim of serving your privacy and security needs better.
You agree to resolve any Claim you have with us relating to or arising out of our Terms, us, or our Services exclusively in the United States District Court for the District of Delaware or a state court in Delaware. You also agree to submit to the personal jurisdiction of such courts for the purpose of litigating all such disputes. The laws of the State of Delaware govern our Terms, as well as any disputes, whether in court or arbitration, which might arise between TeamShield and you, without regard to conflict of law provisions.
You may end these Terms with TeamShield at any time by deleting TeamShield OS-specific application(s) from all of your devices AND by discontinuing use of our Services especially by no longer accessing TeamShield’s web apps. We may modify, suspend, or terminate your access to or use of our Services anytime for any reason, such as if you violate the letter or spirit of our Terms or create harm, risk, or possible legal exposure for TeamShield. Any account on TeamShield might be suspended, deactivated or deleted by TeamShield if the user has not logged-in or used the Services for over 60 days. The following provisions will survive termination of your relationship with TeamShield: “Licenses,” “Disclaimers,” “Limitation of Liability,” “Resolving dispute,” “Availability” and “Ending these Terms,” and “General”.
Here is the list of contact information and channels you may use to contact us depending on the topic:
(both for account support and for technical support)
TeamShield may update the Terms from time to time. When we update our Terms, we will update the “Last Modified” date associated with the updated Terms. Your continued use of our Services confirms your acceptance of our updated Terms and supersedes any prior Terms. You will comply with all applicable export control and trade sanctions laws. Our Terms cover the entire agreement between you and TeamShield regarding our Services. If you do not agree with our Terms, you should stop using our Services.
If we fail to enforce any of our Terms, that does not mean we waive the right to enforce them. If any provision of the Terms is deemed unlawful, void, or unenforceable, that provision shall be deemed severable from our Terms and shall not affect the enforceability of the remaining provisions. Our Services are not intended for distribution to or use in any country where such distribution or use would violate local law or would subject us to any regulations in another country. We reserve the right to limit our Services in any country. If you have specific questions about these Terms, please contact us at [email protected].
A reference to each update, including the date of such update and which section was modified, will be listed here.
Updates list: none currently
Terms of Service - Effective as of July 5th, 2023
Terms of Service - Last Modified date: July 5th, 2023
Your privacy is of the utmost importance to us, and our mission is to protect and enhance the privacy of our users. TeamShield is committed to privacy and is private by design.
TeamShield utilizes state-of-the-art security and end-to-end encryption to provide a number of online collaboration and business productivity tools in one solution - such as secure and private messaging, files sharing and sending - to our users (“Services” - see the full definition of our “Services” in our Terms of Service above). Your messages and files remain always encrypted (except when you or your intended recipients are viewing them locally on a device using our Services), so that they can never be decrypted or viewed by anyone but yourself and your intended recipients. In particular, neither TeamShield as an organization, nor anyone working at TeamShield, even our technical and security staff, has any way of reading your messages or viewing your files. By the design and architecture of our systems, we simply can’t.
Furthermore, as part of our commitment to preserving the privacy and security of your personal data:
Whenever possible, even metadata is encrypted in a way that we can decrypt it. We believe that the least information we can know about you, the better.
Unless otherwise noted, “you” (“your”, “yours” and their capitalized versions) throughout our Privacy Policy and Terms of Service, refers to the end-user. You are the person who completed the last step of signing up for an account by choosing a passphrase and accepting our Terms of Service and Privacy Policy in the last stage of the signup process; “you” also refers to non-registered users who are recipients of at least one of our users and who have received a password protected communication from one of our users, also accepting our Terms and Privacy Policy or accessing our web app to retrieve the communication sent to them by one of our users.
In case:
- you represent an organization, such as a business, team or educational institution, that utilizes our Services through a Corporate Account (from now on we may also refer to you as “Corporate Account Administrator”, or “Organizational Account Administrator”, or simply “Account Administrator”), or
- you represent a Family, that utilizes our Services through a Family account (from now on we may also refer to you as “Family Account Administrator”, or “Organizational Account Administrator”, or simply “Account Administrator”), or
- you are an end user of TeamShield Services and/or of a TeamShield account provided by your organization or company, (from now on we may also refer to you as “Non-Administrator Member”),
please see the Organizational Accounts section of this privacy policy to learn how we process your data and further policies that apply to your account.
If you are a Non-Administrator Member of a Corporate Account, your use of TeamShield may also be subject to your organization’s privacy policy or practices, if any. In such a case, you should direct your privacy inquiries, including any requests to exercise your data protection rights, to your organization’s Administrator. We are not responsible for the privacy or security practices of your organization or employer, which may differ from those set out in this privacy policy.
If you lose access to the Organization that you are affiliated with (for example, if you change your employment), you may lose access to TeamShield Services, account and the associated content or data. Obviously, if you have other TeamShield account(s) that are not related to your organization, such as a Family Account or a single, self-registered account, for which you registered using a different email address than a corporate email address provided by your Organization, then these other accounts won’t be affected by any change to your Organizational account, as they are completely segregated.
Non-administrator members of an account transfer some of the rights described in our Terms and Privacy Policy to the Organization they belong to and/or to the Account Administrator(s) of their Organization - as indicated in various sections of our Terms of Service and Privacy Policy, as well as to some extent in the Organizational Accounts section.
If you are a Corporate Account Administrator or a Non-Administrator Member, and if your Organization has contracted our Services in the Managed Private Cloud modality, an adapted version of our Terms of Service and Privacy Policy would be provided to you for your review on the last step of the sign up process, and might offer terms that differ from the ones presented in this document and based on what your Organization contracted with us.
As stated in our Terms of Service, you are considered to be using our Services (and are therefore bound by this Privacy Policy) by accessing or using our web app (website application) at teamshield.ai/app (and teamshield.ai/temporary) or any of its subfolders, or by downloading, installing, signing up, copying or otherwise using any of our apps, services, or web apps that run either on our main infrastructure or on a Private Cloud in case you our your Organization contracted a Managed Private Cloud version of TeamShield (altogether, “Services”).
In addition to our main web app (available at teamshield.ai/app and region-specific similar paths) and our OS-specific apps, all of which are aimed at providing the maximum privacy to our users and full encryption of their messages and files, we also operate a website on the root domain at teamshield.ai which is an informative, educational, commercial and marketing website aimed at informing and educating visitors about privacy, and detailing our Services. This site contains a blog, newsletter sign-up, industry-specific landing pages and a number of characteristics common to most similarly-purposed marketing and commercial websites. As such, and considering that you can use our privacy Services (on teamshield.ai/app and/or via OS-specific apps) completely independently of visiting or not our marketing website (on teamshield.ai), for commercial and marketing purposes we do reserve the rights to use marketing-purposed tracking (but only after the visitor has given consent via our Cookies manager) for commercial purposes and other commercial techniques on teamshield.ai (but, again, not on teamshield.ai/app). For example, if you sign up for a newsletter on teamshield.ai or via any other advertising that we might publish online, you agree to receive said newsletter or other commercial information (an opt-in mechanism is provided during the newsletter signup process), and you acknowledge that the profile information you shared with us in the context of a marketing campaign or commercial information is not covered by the same encryption or privacy mechanism implemented in our Services - albeit we also take your privacy very seriously in any marketing endeavor, hence for example the systematic opt-in mechanism.
Independently of whether or not you are a user of our Services, you may separately and at any point access our Public Website, which is accessible at teamshield.ai/ and whose purpose is informational and commercial. More specifically, the Public Website includes teamshield.ai/ and any other subfolders (except for teamshield.ai/app and any of its subfolders, and teamshield.ai/temporary and any of its subfolders), for example teamshield.ai/blog and teamshield.ai/landing (throughout this document: “Public Website”). The clauses of this privacy policy that relate to the data acquired via our Public Website also apply to data acquired via any public campaign (i.e. any marketing campaign on social media platforms or equivalent).
“Secured Content” is the content that you choose to send, share or upload on our Services, and that we are not capable of decrypting under any circumstances. Your Secure Content includes all the messages and files you send through our messaging feature, all the files, documents, photos, folders that you upload to your TeamShield drive, and any of these same items that you share from your TeamShield drive.
“Services-related Data” are data acquired by us (either collected programmatically and transparently to you, or that you consciously share with us) via your use of our Services and/or that are inherent to operating our Services. Services-related Data include certain aspects of your usage of our Services, your account, and your payments. We strive to retain only enough Services-related Data to operate and maintain the Services. These data are never used for any other purpose. Services-related Data are kept confidential. It is visible to our staff on a strict need-only basis, and includes, but is not limited to, server logs, and some personally identifiable information such as company or family name, email address and billing information. See more in section C.7. As long as you are using our Services, we retain the right to hold and use Services-related Data to provide our Services, to troubleshoot problems, to analyze the performance and demands on our services, and to provide our payment processors with the information they need to process payments. As always, we do so with the utmost care for your privacy.
The next sections go into more details about the information collected in each case and their uses.
This will also apply to any other form of user-generated confidential content for which TeamShield might provide privacy and security features in the future, such as calls or video calls. TeamShield end-to-end encrypted messages* (that have all been encrypted locally on the sender’s device) are stored securely on remote cloud-based servers, so that they can be delivered safely to your recipients and so that for your convenience your message history is synced and accessible to you on all of your own devices. None of our cloud providers is able (and they will never be able) to view your files nor messages, since they have been encrypted locally prior to storage (and no cloud provider has access to the passphrase that is indispensable for decrypting them). We will NEVER ask for your passphrase by any channel, so never share your passphrase with anyone pretending to be from TeamShield (you should never share your passphrase with anyone anyway), and do report to us any request to do so by contacting us on our Security contact.
*Please note that currently messages that can be exchanged between users on TeamShield include both text messages and recorded voice messages (but not live calls).
TeamShield limits the additional technical information and metadata we gather to the bare minimum required to operate the Services and most metadata is itself encrypted.
Since one of the main features of TeamShield is to allow users to securely send messages and files among themselves, by using our Services you agree and acknowledge that content that you send to and share with other users (or recipients that are non-users) via our Services can be decrypted by them (albeit by no one else).
In particular, unlike some other email services and instant messaging (including some of those who encrypt some of your communications), in TeamShield ALL of the files and messages you send to anyone, whether or not the recipient is a registered user or not, are by default, systematically encrypted. It is not possible to willingly or unwillingly send an unencrypted message or file via our instant messaging or drive sharing features. Only Secured Content can be exchanged between users.
When you create a TeamShield user account, you typically register with a profile name of your choice and an email (and optionally a phone number for 2FA). Email and (optionally) phone numbers are used to provide our Services to you and other TeamShield users. You may optionally add other information to your account, such as a profile picture (also known as avatar).
There are different ways of signing up for TeamShield and/or of getting invited to TeamShield (see Invitations section for more details). Depending on the case, some of your account information might be provided to us by the inviter and/or by your Organizational Account Admin, and pre-filled in the invitation you receive, so as to make it easier and faster for you to complete your signup. For example, your Organization might provide us with your name and email address, in which case the only step left for you to finish signing up is to choose a passphrase to protect your account, and to accept our Terms of Services and Privacy Policy (via the checkbox on the page where you input your passphrase for the first time).
We may also use the email you provided during account creation in order to inform you about new TeamShield products and services in which you might have an interest. The legal basis for processing is consent, and you are free to opt out at any time.
Organizational accounts (and in some case other types of accounts) who have some of the customization options enabled, might have the option to provide a logo that will be used for all the members of their Organization, for their own account, and when communicating with other users or external recipients (the logo is used both on our Services such as in the login page of the web app and inside the app, and in the email notifications). The purpose of this is to enhance the branding of said customer and the experience of their users and recipients. This is optional (and might require a fee) and only at your discretion as our customer (as you need to provide us with the logo file or at least give us instructions to use your logo obtained on public source e.g. from the internet). By ordering such customization and/or instructing us to use your logo, and by accepting our Terms of Service and Privacy Policy, you acknowledge and authorize us to use your logo for the customization and branding purposes described above.
You (or your Organization in applicable cases) retain full ownership of your messages, files, folders, and any information you upload to TeamShield (together, your Secured Content). Files that you store on TeamShield online drive are yours and only yours. However, if you decide to send a message or file via TeamShield messaging features, or to share a file from your TeamShield drive with any recipient, you acknowledge and agree that said recipient(s) (which you choose yourself and to/with whom you took the action yourself to send/share) will have access to said message(s) and/or file(s), and might retain access even after you stop using TeamShield (or after you archive, delete, remove the file or message from your TeamShield drive or from your TeamShield messaging conversation history). This is quite similar to what happens when you send a message or file via email: even if you delete the email on your end, the recipient(s) will retain a copy both of the message content but also of its metadata such as the email address you used and the name that was associated with your email account. That said, TeamShield provides advanced security measures for you to better protect and control your information. The most important one is that, unlike traditional email providers who can read the content of your emails and read the content of your files and other attachments, we can not. In addition, when you use the messaging feature, there is an expiration date for files. Past this expiration date, the recipient will no longer be able to download the file from the messaging section. Please note that if they have previously downloaded the file, they would still have access to their downloaded copy, independently and outside of the TeamShield ecosystem. When you share a file from TeamShield Drive, you have the option, at any moment, to stop sharing said file with some or all of the recipients with whom you had previously shared it. If you unshare it, the recipients will no longer have access to said file in the TeamShield ecosystem, however they will still potentially have access to a downloaded copy outside of TeamShield if they had downloaded it before you revoked sharing it with them. Future versions of TeamShield will add more controls, for example you will be able to choose that a recipient can only preview within our app a file you shared with them from the TeamShield drive, and restrict the option for them to download it. We provide a secure and private way for you to exchange information with people and/or companies of your choice, in order to protect you from third parties (or providers) wanting to intercept it, however it is your responsibility to only exchange information with recipients that you trust and who will not misappropriate or misuse your information.
You acknowledge and agree that other users of our Services, especially those with whom you choose to communicate with, will have access to certain information, and that they may be located in a different jurisdiction than you, for example outside the EEA or outside California. Note that by entering into the Terms of Service and choosing to communicate with such other users of TeamShield, you are instructing us to transfer your personal data, on your behalf, to those users in accordance with this Privacy Policy. We employ all appropriate technical and organizational measures (including encryption of your personal data) to ensure a level of security for your personal data that is appropriate to the risk. To give specific example, if you choose to add someone as a contact in TeamShield, and/or if you choose to send them a message or share a file with them via TeamShield, you acknowledge and agree that the recipient will have access to the following information about you: the email address you registered with and/or that is currently associated with your account if you changed it subsequently, the name you chose to associate with your account (or that was pre-filled out, or given to us by your Organization in the case of an Organizational Account), your avatar if you have decided to upload one (otherwise they will just see a default anonymous avatar with the initials of your chosen name in the application, which does not have to be your real name). You acknowledge and agree that they will also have access to the specific file(s) or message(s) (Secured Content) that you chose to send or share with them (as described in C.5) - and obviously, access is strictly limited to the Secure Content you specifically sent or shared with them, not the rest of your Secured Content. If you decide to use the messaging feature to send a message or file to someone who is not a user, a one-time password will be added for extra protection; you acknowledge and agree that the recipient will have access to your TeamShield name and email (which they will see in the notification email and/or on the web page linked to in the notification email), and that, after entering said password, they will have access to the file(s) and/or message(s) you sent to them.
TeamShield reserves the right to collect and store some personal information which is needed to run our Services, such as your contact and billing information, email address, phone number (optional), and messages sent to our support team. Service data includes the name on your TeamShield profile and any avatar that you may upload, at your option and discretion, as part of your profile. IPs might be collected for security purposes, technical monitoring, to provide you with some of the features of our Services and/or in order to route requests to the correct region for GDPR compliance. Our general philosophy is to collect as little information about our users and as little metadata as possible in order to find the right balance between affording them the maximal privacy while ensuring the security and smooth operation of our systems and applications. As previously mentioned, whenever possible, even metadata is encrypted.
Optional: Help us Improve TeamShield and provide you with better support
You may choose to help us improve your user experience by allowing TeamShield to automatically log app-related errors when they occur. This process is easy and transparent, and you just have to click ”accept” once. You may also retract your consent at any time from your settings page.
After signing up and shortly after you sign in for the first time, you will be presented with a pop up offering you to participate in our product improvement program, which purpose is twofold:
We also have access to the following records of Account activity: number of messages sent, amount of storage space used, total number of messages, last login time, total number of contacts within your TeamShield-specific in-app address book. However, we have strict access controls and this information is not accessed by any employee of TeamShield, unless in special circumstances and by authorized personnel only and for a very specific purpose, such as troubleshooting or security concerns.
In the case of merely informational use of our Public Website, i.e., if you do not register (you do not use our Services) or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. Please note that this is true of any visit you make from any browser to any website, because, due to how the http protocol was designed, the browser transmits the following information with each request, and there is nothing we can do on our end to prevent this. So, if you visit our website, we receive and collect the following data: IP address, date and time, URL, amount of data transferred, browser type and version, operating system used, http code to indicate whether the request was successful.
Please note however that we purge these logs from our live servers within a maximum of three months. The storage is based on our legitimate interests, as well as those of users in protection against misuse and other unauthorized use. The collection of log data for the provision of the website including their storage in log files is mandatory for the operation of the website. Therefore, as a rule, there is no possibility of objection on the part of the user. This does not apply to log data that is processed in the context of our Services offered on our website beyond purely informational use. You can find more information in this respect in the notes relating to the individual services in this privacy policy.
In certain sections of our public Website, you have the option to provide personal information that will enable us to enhance your site visit, provide support, answer your questions, or to follow up with you after your visit. It is completely optional for you to participate. For example, we may request information from you when you:
In each case, we use your information for the specific and exclusively purpose for which you provided it. For example, the information you provided or that we collected may be used to:
Personal information you provide will be kept confidential and used to support your customer relationship with us.
Any follow-up email related to the above is considered a commercial email (as opposed to the transactional emails referenced in section 1.3 of our Terms of Service). As such, all these email communications with you will be on an opt-In basis, with the ability for you to remove your consent at any time. This is solely at your discretion. Occasionally, We will send you email communications with information, which may be useful to you, including information about Our Services. We do not send you any information from any affiliates nor business partners, and do not share any information with any such entities. In fact, we do not work with any affiliate or business partner. When you first provide us with your email address on our Public Website, you will be given the option of not receiving any such email communications. Each of our email messages includes instructions on how to unsubscribe (or a link to directly do so), just in case you later decide you do not want to receive any future email communications. At any time, you can also easily opt-out of receiving further marketing from us by contacting us at the marketing address below and requesting to have your name removed from our lists.
When interacting with us via our Public Website/public campaigns, vs. when using our Services, you may choose to use a different email address or the same one. In case you decide to use the same one, which is totally fine, please note that we will treat your email address depending on the context in which it was collected. For example, you may very well at any time decide to opt-out of receiving marketing or promotional emails, but yet you will still be able to receive any security email related to the use of our Services and your user account.
Upon visiting any of our websites (whether Public Website or our Services), you are presented with a cookie banner to provide you with information about every cookie, both necessary and optional, and to let you choose which cookies you want to accept or reject. No optional cookies are ever installed without getting your prior consent.
Cookies are stored on your computer when you use our Public website and/our using our Services. Cookies are small text files that are stored on your hard drive, assigned to the browser you are using, and through which the party that sets the cookie (in this case: us), obtains certain information. Some functions of our website cannot be provided without the use of cookies. Cookies cannot execute programs or transfer viruses to your computer.
Regardless of whether you choose to agree or disagree at that point when presented with the cookies banner, you can at any moment change your mind and make a different choice by toggling the corresponding settings in your Teamshield settings section.
In addition to the choices about optional cookies that we provide you with (both the initial banner and the option to change your preferences later on from the settings section of your TeamShield account), if you do not want any cookies at all (even the strictly necessary ones) to be stored on your computer, you can deactivate the corresponding option in the system settings of your browser, and previously stored cookies can be deleted in the system settings of the browser. Please note that in this case not all the features of our Services could be used and the app and website might not function properly.
A Comprehensive list and description of each cookie, both strictly necessary and optional, is presented to the user on our Public Website and on our web app, with the option to completely deactivate the optional ones.
Cookies that are technically necessary to carry out the electronic communication process or to provide certain functions you have requested are stored as provided by Article 6.1.f of the GDPR. As a website and SaaS operator, we have a legitimate interest in storing cookies to operate and optimize our services.
The purpose of optional cookies is typically to help us understand behavior on our Public Website and/or in app of our users anonymously (so that we can understand how users use our features on an individual and aggregate level and both make improvements to existing features and offer new complementary features). The information collected for this purpose is anonymized and sanitized on your device before being sent to us, so that we have no way of linking it back to you. These cookies are used to understand broad and anonymous user behavior when you use our Services. Such anonymized user behavior includes time spent by a visitor on the website, most visited webpage, aggregated clicks on signups etc.
"Third-party cookies" are cookies offered by providers other than us (as opposed to "first-party cookies" which are offered by us, the provider of the Services and Public Website). Unlike many websites, even security-focused products, we never use third-party cookies to serve any third-party advertisement to visitors once they have left our Public Website as we do not work with any partner sites across the web. Your visits of our Public Website is nobody else’s business and we keep this information private too. We do use third party cookies for legitimate and necessary purposes such as for processing payments with our payment provider. Optional third party cookies could be related to tracking the effectiveness of our advertising and social media campaigns.
Client applications, including web browsers, will store information about your account to assist with future sign-ins and keep some information available to you when you are not signed in. Users may remove all such information from their devices, but doing so will require that they provide complete information (account details, account passphrase) on subsequent sign-ins. For more information on each specific cookie, and to change your consent, please visit our Cookie Settings Manager: a) for our Services: in the settings section of your TeamShield account, b) for our Public Website: using the link in the footer.
We may use Video Platforms such as YouTube service in order to embed videos on our Public Website. The legal basis is your consent pursuant to Article 6.I.a of the GDPR.
Video Platforms use cookies to collect information about visitors to their website. These platforms use these to collect video statistics, to prevent fraud and to improve user-friendliness, among other purposes. The cookies remain on your terminal device until you delete them or until they expire.
As soon as you start a YouTube video on our website, a connection to YouTube's servers is established. The YouTube server receives the information which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. In doing so, data may be transferred to the USA and linked to further data from other Google services, especially if you are logged into your Google account. If such a transfer of this information to YouTube and Google is not desired, you can prevent this transfer by logging out of your YouTube account before accessing our website.
The processed data typically includes:
We have no influence on the storage period of the data and further data processing by YouTube and Google, or any other similar Video Platforms.
In order to reduce data transfer before the actual start of a video, we use the extended privacy mode. According to YouTube, this mode has the effect that YouTube does not store any information about visitors to this website before they watch the video. We also embed the videos on our website in such a way that a transfer of your data to Google or YouTube partners (the Google DoubleClick network) only begins with your active click on the video.
For more information about data protection at YouTube and Google, please see their terms of service / privacy policy respectively here and here.
True to our mission of respecting and strengthening your privacy, TeamShield does not need to access the address book of any of your devices nor any of your other online accounts (such as, respectively the native contact app of your mobile phone or the contacts section of your Google or Microsoft account) .
However, you can optionally, and at your entire discretion, allow TeamShield to import your contacts from an address book managed by another service such as Microsoft or Google. This process requires your express and manual consent, it includes several steps and can be interrupted at any point along the way. It allows you, if you so choose:
- to import into your TeamShield Contacts section, those of your other address book’s contacts who happen to already be users of TeamShield, and
- to send invitations to TeamShield those that are not yet users.
Within the contacts section of TeamShield, you may also search for other TeamShield users - in your settings you have the option to not appear in such search results, however the default behavior is to appear in search results in order to facilitate communication between users. Nonetheless, in order to avoid spamming, the search feature requires that a user enters the full email address of another user in order to see that user in the search results. When doing so, and unless the searched user has chosen the option not to appear in search results, the searching user will be able to see the name that is associated with that email address in TeamShield, the avatar, and the Company the user is associated with, if any.
Please note that to facilitate communications between users, even if you decide not to appear in search results, a user who knows the complete email address associated with your account will be able to send a message to you by adding your email address to the recipient list in the Compose section of the messaging feature. This is similar to the behavior expected when emailing someone or messaging them in a number of email and instant messaging apps. But we might change this in the future based on users’ feedback.
There are several ways of inviting others to become users.
In all the above cases, by requesting or sending each and any invitation, you are authorizing us to create new accounts for your invitee, and you confirm that you have the authorisation from the invitee to share with us the information you might provide us during the account creation/invitation process (typically, for the first bullet point: email address, name of company, name of invitee; for the second bullet point: only the email address). You take full responsibility for sharing this information with us, and, should the invitee reach out to us to complain (for example if the invitee did not wish to receive the invitation and did not wish for us to contact them), you agree to take full responsibility for all legal actions and legal costs associated with the invitee’s complaint. We will of course, as stated in section D.1, delete any invitation and invitee’s personal data if the invitee so desires. If this occurs, we might restrain your ability to send or request additional invitations in the future, or block your account.
If you invite someone, you represent that you have a legitimate reason to do so and that you have the implicit or explicit authorization from the invitee to do so and to provide us with their email, name and/or company name.
If you contact TeamShield Support, any personal data you may share with us is kept only for the purposes of researching the issue and contacting you about your case. Please bear in mind that, depending on the channel you used to contact support (for example: traditional email or chat), the information shared with support in this way will not be encrypted. Please do not share through these channels any information that you wish to remain encrypted.
In some paid plans (and at our discretion for other accounts, including free accounts), we might offer the option to set up a screen sharing session via a third party product (for example via Anydesk). This session is entirely optional and for the sole purpose of troubleshooting a problem that can not be resolved otherwise, and to provide further assistance to the user who needs it. In such a case, we will require your written consent by email or via a message in TeamShield prior to conducting such a session. Giving us your consent means that you authorize us to connect to your computer for the time needed for the troubleshooting session, and that you authorize us to view your computer’s screen. You agree and acknowledge that we will be able to see the content of your screen, therefore we ask that, prior to starting the session, you close any windows (of any program or browser) that may contain confidential information and that you do not want us to see - we too do not want to view any information that we do not need to see for the purpose of troubleshooting. In the process of troubleshooting, we will never ask you for your passphrase, and we will not be able to view or access the content of your files (Secured Content).
If you actively contact us by e-mail, by using the contact form or through a phone call, the personal data you provide will be collected and processed in order to deal with your request. This includes, in particular, your name and contact details (e-mail address, mobile phone number) as well as other information provided by you. When using our contact form, the data transmitted through it will be processed (e.g., name, company, e-mail address and the time of transmission) similarly.
The legal basis for this is Article 6.1.f of the GDPR. Our legitimate interest is in the processing of the request. If your contact is aimed at the conclusion or execution of a contract, this is based on the provision in Article 6.1.b of the GDPR.
We delete the data accruing in the context of customer support once the storage is no longer necessary, or we restrict the processing in case of statutory retention obligations.
Please be aware that the online support chat is not encrypted and not appropriate for certain things like security related topics or concerns.
Any information you include in a comment on our blog may be read, collected, and used by anyone. If your personal information appears on our blog and you want it removed, contact our marketing team.
Any information you include in a comment on any of our social media accounts and posts may be read, collected, and used by anyone. If your personal information appears and you want it removed, contact that specific social media platform, as we have no power or control over it.
We may initiate and/or maintain social media presences on LinkedIn, Twitter, Instagram, and other social networks, which you can access via the corresponding buttons on our Public Website and from some of our Services. If you visit any of these social networks websites or applications by clicking on any of the links that we provide, personal data may be transmitted to the provider of the social network. We urge you to be careful and to be aware that there is no expectation of privacy from these platforms. We can not guarantee that any action you take on these platforms will be private - we have no control nor responsibility over it.
We would like to point out that in this case user data is transmitted to a server in a third country and might therefore be processed outside the European Union. An appropriate level of protection for the transfer of data is ensured by the conclusion of the EU standard data protection clauses.
In addition to the storage of the data specifically entered by you in this social medium, the provider of the social network may also process further information. If you are logged in to the network with your personal user account while visiting the corresponding website, this network can assign the visit to this account. The purpose and scope of the data collection by the respective medium and the further processing of your data there, as well as your rights in this regard, can be found in the respective provisions of the respectively responsible party, e.g.:
Please note that the above links are provided for convenience only and we are not responsible neither for the corresponding privacy policy nor for updating the links should these providers change the urls of their respective policies. Please contact them directly for any inquiry.
The EU GDPR protects the personal data of individuals in their “home territory” of the European Economic Area (from now on, the “EEA”). The EU GDPR governs any processing of their data “in the context of the activities of an establishment of a controller or a processor” in that home territory, as well as any processing by a controller or processor located outside the home territory. Personal data relating to EEA subjects can only be transferred to a foreign country (aka a “third country”) if an appropriate level of data protection can be ensured there, and only if appropriate protection in that third country is ensured via specifically prescribed transfer solutions.
The UK GDPR and Swiss FDPA each impose similar restrictions related to their respective home territories. From now on, we will refer to the EU GDPR, UK GDPR and Swiss FDPA as “European Data Protection Laws”.
Transfers to third countries are generally restricted, however transfers to adequate countries are permitted if there is a formal decision by the relevant regulatory authority that an adequate level of protection is ensured by a third country, for example, in the case of EU GDPR: Switzerland, UK, Canada (commercial organizations only) New Zealand, etc;
If personal data is transferred to a country (or entity) deemed adequate under applicable European Data Protection Law, no additional transfer solution is needed, as the transfer will already comply with applicable transfer rules under European Data Protection Law.
For example, transferring data (of a commercial organization) between Germany and Canada is adequate under EU GDPR because Canada has received an Adequacy decision (https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en). However, in order to transfer personal data from EEA to the United States, a transfer solution is required because the United States has not yet received an adequacy decision from the EU.
An alternative, in the absence of an adequacy decision, the European privacy laws permit the use of Standard Contractual Clauses for EEA/UK/Swiss personal data transferred to third countries.
In the case of our use of Google Cloud Services, we have certified that our use of Google Cloud services is subject to European Data Protection Laws (because we offer services to EEA, UK and Swiss residents. As a controller of Customer Personal Data under the EU GDPR, the EU C2P SCCs applies to our relationship with Google as a service provider when transferring Customer Personal Data to the legal Google entity with whom our Google service provider relationship is established, in our case Google LLC. As a processor of data, the EU P2P SCCs apply. Regarding Personal Data under the UK GDPR, the SCCS as amended via the UK Addendum, apply. By certifying to Google that our use of Google Cloud services is subject to European Data Protection Laws, we have automatically entered all the appropriate SCCs with our Google service provider.
We have also voluntarily taken additional supplementary measures to protect data, such as end-to-end encryption of Secure Content, and whenever possible, encryption of metadata.
It’s also important that when users sign up, we use a combination of techniques to determine whether they are EU subjects or not (and in some cases we ask them to confirm). Based on this determination, it is important to note that all data belonging to EU subjects is stored in data centers located in Europe and it’s the case of all their data as long as they only interact with other users who are also EU subjects.
TeamShield is the Data Controller in reference to the GDPR. TeamShield, and the processors or sub processors we may appoint in specific cases (such as hosting services, payment processors), are the Data Processors in reference to the GDPR.
During the signup process, we employ various means in order to determine on a best effort basis whether you are a EU subject according to the GDPR, but you agree and acknowledge that you waive your rights under the EU GDPR if you try to conceal the fact that you are a EU subject, by any means such as for example (not an exhaustive list):
EU subjects must use our Services on teamshield.ai/app/eu in order to benefit from the protection of the EU GDPR. Data of users using our EU-focused Services (teamshield.ai/app/eu) is stored in Europe, most of it in Belgium, home of some of the main European institutions, and with storage redundancy in other parts of the Europe Union.
You can manage your personal information in TeamShield’s application Settings. For example, you can update your profile information such as your profile picture, and change your passphrase. There are a number of security and privacy features that you can choose to enable or disable in the settings section. If you need other changes to your personal information, you may contact our support team.
In case TeamShield is ever involved in a merger, acquisition, or sale of all or a portion of our assets, you will be notified via email and/or a prominent notice on our Public Website and inside our app of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.
As indicated in the Invitations section, if you have been invited and received an email invitation from us on behalf of one of our users, and in case you disagree with it, we encourage you to let us know immediately as we strongly condemn any abuse of our system and wish to respect your privacy.
If you received an invitation from another company or individual via TeamShield, and you do not wish to accept the invitation, you have the right to request that we delete the invitation and the associated metadata (especially: your email address, and if also provided to us: your name and the name of your company). Upon receiving your instructions via email (to our support team) we may if you so desire delete all data related to you that has been provided to us (email in all cases; name and/or company name in some other cases) and we may also take action against the offending user.
If you are an external recipient you agree that we will keep some data after your first visit / first reception of a message /file in order to facilitate your access to the information shared with you at a later date and /or in case you later receive more files /messages from the same sender or from other senders, and that we might contact you to offer you a fully fledged account - giving you the possibility to opt out at any point and to delete you data.
We work with third parties to provide some of our Services. For example, our Third-Party Providers send a verification code to your phone number when you register for our Services (and subsequently at sign-in) when the 2FA (two-factor authentication) is enabled. Each provider is a data subprocessor that processes a different category of data - we never share, and thus they never store data outside of the scope of their specific purpose. Notably, our providers do not store identifiable data in relation with the general day-to-day use of your account and our Services, which is exclusively processed by TeamShield. These third parties cannot see your actual Secure Content, which remains encrypted. These providers are bound by their Privacy Policies to safeguard that information, and we take special care in providing only the minimum information possible needed to provide you with the relevant service, such as sending the 2FA code, adhering to strict need-to-know only rules. We do not in any circumstances and for any purpose share any of your personal information with any social media or marketing company, in particular we have no association with Facebook, YouTube, and similar companies, and we do not use Google Analytics.
Other instances where TeamShield may need to share your data:
However, as stated above, TeamShield would have no possibility of sharing any of the messages or files exchanged using TeamShield in an exploitable manner, since we do not have any access at any point to the passphrase that protects the user’s account. Without that passphrase it is impossible to decrypt any message or file.
Currently, our Service Providers include:
We take extra precautions in providing only the strictly necessary data to each of these providers and in the specific context of the action/event relevant to the use of our Services and to fulfill our obligations to you and provide our Services, and all of these providers are GDPR compliant.
GCP and AWS never have access to any Secured Content in any exploitable form, it has always been encrypted in a way that they can not decrypt it.
We take extra security measures (some of which are detailed on the security page of our Public Website), such as using completely segregated infrastructures and splitting some encryption materials between several completely separate, segregated infrastructure, so that even a compromise of our provider’s data center/infrastructure, a compromise of one of our account at that provider, will not provide any useful encryption material to an attacker.
Moreover, even if a hacker had been able to hack all our accounts at all providers, the encryption material stored remotely that they would have been potentially able to reassemble, would still not be enough to decrypt any Secured Content.
In addition to Matomo being a much more privacy-oriented alternative to google analytics, we do some additional custom anonymization on the client side beyond what they already offer before sending out any data.
Cloudflare: http requests are directed through Cloudflare that provides dns services and we don't control the routing of the encrypted (https) traffic. We make sure we encrypt payload and obfuscate as much as possible any metadata prior to leaving the user’s device. Please note that there are 2 separate encryption processes: the transport channel https (TLS) encryption, and ours (which is itself composed of multi-layered encryption processes) and that Cloudflare has no control over nor access to.
Zetpo: We use Zepto as a 3rd party email service provider to which, for the sole purpose of sending email notifications, we pass a) in the case of a user: the user email, name (and avatar or at least avatar url), and b) in the casse of an external recipient: their email address only.
In the future, we might use a customer support platform, in which case we will update this Privacy Policy accordingly.
In the future, we might use a CRM platform, in which case we will update this Privacy Policy accordingly.
In the future, we might use a service provider to send commercial/marketing email, in which case we will update this Privacy Policy accordingly.
As noted in section 1.3 of our Terms of Service, in order to create an account you must register for our Services using your email address (and optionally for 2FA, your phone number). You agree to receive email and text messages (from us or our third-party providers) with confirmation links or verification codes to register for our Services. These are known as transactional emails and are essential in order to use our Services. They can not be disabled. Similarly, other transactional emails such as for the purposes of resetting your passphrase or other security notifications can not be disabled for your own security, and to make sure that we can provide you with our Services - you can read more about transactional emails in the above mentioned section of our Terms of Service.
By accepting our Terms of Service and Privacy Policy, you also agree to receiving the following communications from us:
We may also contact you in order to provide you with support, either in response to an inquiry or request from you, or, in case you opted in for our “help us improve program”, in case we detected a technical issue that may be impacting your account.
We may also contact you proactively or reactively for any security-related issue.
Any other non-transactional and non-support/security related communication originating from us will require you to first opt-in (for example, if you sign-up for a newsletter).
All of the above-mentioned communications shall be conducted either via email, in-app message from one of our official accounts, or via in-app chat widget.
In case 2FA by phone number is activated on your account, we will not use the phone number associated with your account to contact you, except if you allow us to do so, or if there is a security concern with your account.
For the accounts on which phone support is enabled, we may contact you, at your request, on the phone number you (and/or an Organizational Admin if you belong to an Organization) would provide to us.
Under applicable data protection legislation, in certain circumstances, you have rights concerning your personal data. You have a right to: (1) request a copy of all your personal data that we store and to transmit that copy to another data controller; (2) delete (see section 10 below) or amend your personal data; (3) restrict, or object to, the processing of your personal data; (4) correct any inaccurate or incomplete personal data we hold on you; and (5) lodge a complaint with national data protection authorities regarding our processing of your personal data.
If you wish to exercise any of these rights, kindly contact us at using the contacts provided in section 7.3 Privacy-related contact of our Terms of Service.
H. Deleting your account, your personal data and your content
If you would like to delete your account, you can do this by contacting our support team (see section 7.2 of our Terms of Service) and writing to us using the same email address that your account is connected to. This action must be confirmed via your TeamShield account and cannot be undone. Deleting your account removes from our live systems all documents, media, contacts and every other piece of data that you stored in TeamShield online drive, to the exception that those documents which you previously shared with others and have not decided to unshare prior to requesting the deletion of your account. Some metadata and personal data about your account will also be kept as it has been shared with others with whom you previously interacted or were a mutual contact of, as detailed in section 1.3 above. For example, a copy of your encrypted message history with a specific recipient will stay on the server as part of your recipient's message history. As soon as your recipient deletes their account too, it's gone forever. Until then, the conversation history view of any thread you participated in might display an indication next to your TeamShield name and/or email address such as “deactivated” or “deleted”.
As a remainder, all messages and files are encrypted in ways that even when stored on our servers to ensure synchronization with your devices and that of your recipients, TeamShield has no way to read them.
If all participants in a conversation you participated in, request to delete their account, then all information related to said conversations will be completely deleted from our live systems. Similarly, any document that you shared via the drive and didn’t unshare prior to deleting your account, will be deleted if all the people you shared it with also request to delete their account.
When closing your account a few pieces of metadata (as listed above) are not deleted but they are encrypted in a way that we don't have access to them: only your recipients and contacts can see them so that they can continue using the app (ex: someone whom you wrote to previously would still see the name and email you used previously in the application - same as what happens with old emails you sent to someone, but with a mention specifying that your account has been deleted, and they will no longer be able to contact you as a user. They would only be able to send to you as an external recipient.
For security purposes and to prevent any impersonator from attempting to illegitimately delete your account, we will validate that your deletion request was really originated by you. Once validation is done and before we proceed with the deletion, we will remind you that you can unshare all documents before deleting your account, so that you can rest assured that, once your account is deleted, no document will remain available to others via TeamShield drive if you choose so.
If your account was created at the request of a company, the company retains ownership of the account and might be required to approve the deletion request. It might also choose to simply request us to cut your access and deactivate the account, while it may choose to retain access to the information your account contained for business continuity purposes or other data retention requirements. This is similar to corporate email addresses and corporate online drives, whose content and data remains the corporation’s property even after the employee’s departure. Even if you don’t request your account to be deleted, the company that provided you with this account might at any time decide to request us to cut your access, deactivate or delete your account.
If you stop using TeamShield for an extended period, your account will be deleted automatically without the need for you to request it. We reserve the right to close accounts for inactivity after three months (we typically will send a reminder in-app or by email prior to deletion. You just need to login again to keep your account active).
For the purposes of disaster recovery and data availability requirements, TeamShield has a legitimate interest in maintaining secure and immutable backups. Backups are kept for a maximum of 1 year. Deletion requests and automatic deletions do not alter those backups.
Unless expressly stated otherwise within the scope of this privacy policy, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations, e.g., in the case of data that must be retained for reasons of commercial or tax law.
We will comply with applicable laws and regulations to provide Secured Content or Services-Related Data to law enforcement agencies. In such a case, please note that your Secured Content will remain encrypted in a way that we have no way to decrypt it, and so we will only hand over Secured Content in encrypted form. If permitted, we will notify you of such a request and whether or not we have complied.
Some Services-Related Data of any members of an Organizational Account could be made available to the Administrator(s) of that specific Organizational Account.
When self signing and purchasing a paid plan for more than one user directly from within our web app, by default the user who makes the purchase will be automatically assigned the role of Administrator for that group of users he/she purchases licenses for, whether a Corporate Account or a Family Account. The Admin may at any point contact support in order to add an Administrator or to pass on the role of Administrator to another user in their Organization, in which case the new Administrator needs to confirm that they accept the role before the transfer of role becomes effective. Until then the original Administrator remains as Administrator.
When purchasing licenses via an interaction with our sales team, our invoice will typically mention the name of the Administrator whom your Organization has indicated to us, or the Organization might inform us of their choice of Administrator(s) in writing at a later date, either via email or via an in-app message. This Administrator will need to agree to our Terms of Service and Privacy Policy upon signing up (whether this person signs up before or after the invoice issuance). By accepting the terms or by signing-in after having been designated as an Administrator for their Organization, the person represents and certifies that they have the necessary authority within their Organization or got the relevant approval by their hierarchy in order to act as or be designated as the Administrator as described in these Terms of Service / Privacy Policy.
Our Corporate Accounts clients can enjoy the extra benefit of being provided Guest accounts for their own clients, providers, partners, etc. Depending on the Corporate Account subscription, these plans might have different characteristics than a typical account. Depending on the number of TeamShield licenses provided to the specific client of a TeamShield Corporate client (from now on, “client of client”), there will be either an Administrator designated at the client of client, or an Administrator or Non-Admin member of the client might fill this role. In the former case, the Administrator for the client of client company might be initially designated by our client, but can later be updated both by our client and by the client of client.
Requests to delete an account can come both from our client or from the client of client.
If you are the Administrator of a client of client (and your Organization has guest accounts that were provided at no cost, you agree to being contacted by us, either automatically or by a human, in order to offer you to expand your usage of TeamShield to the other employees or collaborators of your Organization that have not been invited by our client - and if you are an Administrator of our client you also aknowledge and agree to the above.
K. Managed Private Cloud
If your Organization contracts our Managed Private Cloud modality, you will have more controls, and some tailored Terms of Service and Privacy Policy can apply to your Organization and your users.
Please contact sales in order to get a Managed Private Cloud set up and configured for your organization, and to get more information about the specific Terms and Privacy policy that would apply.
Please also read our Terms which also governs the terms of this Privacy Policy.
If you have questions specifically about our Privacy Policy please contact us at [email protected].
For all other contact requests or topics, please see the section 7 (Contacts) of our Terms of Service, which list a number of contacts and channels depending on the topic of your request.
We will update this privacy policy as needed so that it is current, accurate, and as clear as possible. Your continued use of our Services confirms your acceptance of our updated Privacy Policy.
A reference to each update, including the date of such update and which section was modified, will be listed here.
Updates list: none currently
Privacy Policy - Effective as of July 5th, 2023
Privacy Policy - Last Modified date: July 5th, 2023