Privacy Policy

AbesShield Accountability • Effective date: March 15, 2023 • Contact: [email protected]

1. Scope

This Privacy Policy explains how Rishon Group Ltd, trading as AbesShield Accountability, collects, uses, stores, discloses, and otherwise processes personal data when you use AbesShield. It applies to our website, signup flow, account management, authentication, billing interactions, capture processing, report delivery, and support communications. For privacy questions or requests, contact [email protected] or write to AbesShield Accountability, 67 Windsor Road, Manchester, M25 0DB, United Kingdom.

2. Data we collect

Account and contact data, such as your name, email address, phone number, connection key, guardian name, and guardian email address. Authentication and security data, such as one-time passcodes, session tokens, verification records, device identifiers, login timestamps, and account-update verification records. Subscription and billing data, such as subscription status, billing interval, currency, amount, Stripe customer identifiers, Stripe subscription identifiers, and related payment event records. We do not intend to store full payment card numbers on our own systems; card payment processing is handled by Stripe. Device and service-operation data, such as device name, policy or configuration file records, DNS status, online or offline status, last-seen timestamps, tamper indicators, capture-failure counters, and support or diagnostic logs. Screen accountability data, such as randomly captured screen images and related metadata. Based on the current service design, images are intended to be blurred on-device before transmission. Even when blurred, some content may remain recognisable, especially larger shapes or large text. Report data, such as generated PDF reports, report attachment metadata, and report-delivery records sent to the guardian you designate or, where no guardian email is available, to you. Communications data, such as customer-support emails, tickets, legal requests, and postal correspondence.

3. How we collect data

We collect data directly from you when you sign up, update your account, nominate a guardian, contact support, complete Stripe checkout, or otherwise interact with the Service. We collect data automatically from enrolled devices and from our systems when the Service generates connection keys, device records, authentication events, capture events, status events, or reports. We also receive data from service providers such as Stripe, hosting providers, email delivery providers, and technical infrastructure vendors.

4. Why we use personal data

To create and administer accounts, authenticate users, manage subscriptions, process payments, provide customer support, maintain device status, deliver policy files and reports, monitor abuse, and operate, secure, and improve the Service. To send transactional messages, sign-in codes, account-update verification codes, billing notices, service notices, and support responses. To investigate fraud, misuse, tampering, suspected unauthorised access, and violations of our Terms. To comply with legal obligations, respond to lawful requests, establish or defend legal claims, and enforce our rights.

5. Lawful bases

Where UK GDPR or similar law applies, we generally process personal data because it is necessary to perform our contract with you, necessary for our legitimate interests in operating and securing the Service, necessary to comply with legal obligations, or based on consent where consent is the appropriate basis. Where you provide another person’s personal data, including a guardian’s contact details or data relating to a device user, you are responsible for ensuring you have an appropriate lawful basis and any required notice or consent.

6. Screen captures and accountability reports

The Service is designed so that screen images are captured at random intervals, processed on-device, blurred before transmission by default, and then sent to our servers for inclusion in reports. Reports may contain the highest-priority or otherwise selected captures for the relevant reporting period. We use captured data to generate and deliver reports, maintain service operation, troubleshoot issues, detect tamper conditions, and improve system performance. We do not promise that every event will be captured, retained, or included in a report. Because reporting is an intentional core function of the Service, any guardian you designate is an intended recipient of report data. You are responsible for nominating a suitable guardian and for any consequences that flow from your choice of recipient.

7. Sharing of personal data

We share personal data only where reasonably necessary for the purposes described in this Policy, including with hosting and cloud-storage providers, email delivery providers, authentication or security providers, Stripe and related payment providers, professional advisers, regulators, courts, law-enforcement, and corporate affiliates or acquirers. We disclose report data and related account identifiers to the guardian email address you nominate, or to your own email address if no guardian email is available for delivery. We may disclose data if required to do so by law, to respond to valid legal process, to protect our rights or the rights of others, or in connection with the sale, merger, or restructuring of our business.

8. International transfers

Our providers may process data in countries outside the United Kingdom. Where required, we use appropriate safeguards for restricted transfers, such as contractual protections, adequacy regulations, or other recognised lawful transfer mechanisms.

9. Data retention

We keep personal data only for as long as reasonably necessary for the purposes described in this Policy, including to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements. Based on the current company profile, captured screen activity is retained for at least 24 hours and may then be deleted for storage-efficiency reasons. Actual retention may be shorter or longer where operational, legal, security, backup, or dispute-resolution needs require. We may retain account, billing, audit, and support records for longer periods than captures where needed for tax, accounting, compliance, fraud-prevention, or legal reasons.

10. Security

We use technical and organisational measures intended to protect personal data, including access controls, encryption in transit where supported, hosted cloud infrastructure, and monitoring tools. Based on the current service description, blurred captures are transmitted using 256-bit encryption and hosted on Amazon Web Services. No method of storage, transmission, or software operation is completely secure. We therefore cannot guarantee absolute security, uninterrupted confidentiality, or that the Service will be immune from loss, misuse, unauthorised access, alteration, malware, device compromise, or third-party failures.

11. Your rights

Where applicable law grants you rights, you may request access to personal data, correction of inaccurate data, erasure, restriction, portability, objection to certain processing, or withdrawal of consent where processing is based on consent. Requests will be assessed in light of applicable law and our legitimate operational, security, legal, and contractual obligations. We may need to verify identity before acting on a request. You may also request a copy of captures still held by us or request that captures be erased from our servers, subject to any lawful basis to retain them.

12. Children

The Service is not directed to children for independent purchase. If the Service is used in relation to a child or minor, the responsible adult must have lawful authority to arrange that use and provide any notices or consents required by law.

13. Cookies and website analytics

If we use cookies, pixels, analytics tools, or similar website technologies, we may use them for site functionality, security, performance analysis, and service improvement. Where required by law, we will seek consent before placing non-essential technologies.

14. Changes to this Policy

We may update this Privacy Policy from time to time. The latest version will be posted with an updated effective date. Where legally required, we will provide additional notice of material changes.