Skip to content
shield23
// TRUST CENTER //

Built to a higher standard. Because we have to be.

We protect people who cannot afford to be exposed. Our security, privacy, and operational posture has to reflect that — and be auditable.

// COMPLIANCE //

Certifications & frameworks.

ISO 27001
certified

Information security management system.

SOC 2 Type II
in progress

Trust services criteria audit underway.

ISO 27701
planned

Privacy information management extension.

GDPR
compliant

EU General Data Protection Regulation.

KSA PDPL
compliant

Saudi Personal Data Protection Law.

UAE PDPL
compliant

United Arab Emirates PDPL.

// SECURITY ARCHITECTURE //

How your data is protected.

Zero-knowledge credential handling
Customer-managed encryption keys (KMS) for SHIELD tier
Multi-region data residency (EU, GCC, South Asia, APAC)
Hardware-rooted SOC analyst access (FIDO2 + biometric)
Tamper-evident audit logs in separate AWS account
Quarterly external red team engagements
Public bug bounty program
// PRIVACY //

Data minimization is the default.

Minimization

We collect only what's required to operate the service. Nothing about you that doesn't directly inform protection.

Retention

Operational data retained 90 days, audit logs 7 years. Client-controlled deletion at any time.

Subject Rights

Access, rectification, erasure, and portability — fulfilled within 30 days, no exceptions.

// COMMITMENTS //

What we will never do.

Never share client identities, including for marketing.
Never use client data for training models or analytics.
Never store credentials in retrievable form.
Never sell anonymized data, in any form.
Never name clients in case studies, even with permission.
// RESPONSIBLE DISCLOSURE //

Found a vulnerability?

We run a public bug bounty program with rewards for valid findings, and a coordinated disclosure window for sensitive issues.

90-day coordinated disclosure
// CONTACT
security@shield23.com
// PGP FINGERPRINT
4F9C 8B41 6D2A 7E03 9C12 1F88 5D74 2E11 7A6B 8E21
// SCOPE
  • shield23.com / *.shield23.com
  • portal.shield23.com
  • api.shield23.com