Privacy Policy

WoneShield (“WoneShield”, “we”, “us”) provides an enterprise security and resilience platform delivered as software-as-a-service. For personal information processed on behalf of our customers within the platform, the customer is the controller and WoneShield acts as a processor under our Data Processing Addendum. For information we collect directly (for example, through this website or our sales process), WoneShield is the controller.

We collect the following categories of personal information:

• Account & contact data — name, work email, company, role, and credentials of users who register or are provisioned.
• Inquiry data — information you submit through our contact, demo, assessment, partner and booking forms.
• Usage & device data — log data, IP address, browser/device characteristics, and product telemetry used to operate and secure the service.
• Customer data — security signals, findings, and configuration metadata that customers connect to the platform; this is processed under the customer’s instructions and the DPA.
• Cookies & similar technologies — strictly necessary cookies for authentication and security; we do not use advertising cookies.

We use personal information to: provide, secure and improve the platform; authenticate users and prevent abuse; respond to inquiries and provide support; send service and, where permitted, relevant product communications; meet legal, regulatory and contractual obligations; and operate our business.

Where the GDPR or comparable laws apply, we rely on: performance of a contract; our legitimate interests in operating and securing the service (balanced against your rights); compliance with legal obligations; and, where required, your consent (which you may withdraw at any time).

Data residency is a feature of our platform, not an afterthought. Customer data is hosted in the region selected for the tenant. Where we operate across regions, we apply appropriate safeguards (such as standard contractual clauses) for any cross-border transfer, and we contractually limit onward access.

We do not sell personal information. We share it only with: vetted sub-processors who help us operate the service under written contracts and confidentiality obligations; professional advisors; and authorities where legally required. A current list of sub-processors is available via our Trust Center and on request.

We protect information with encryption in transit and at rest, strong authentication and multi-factor options, least-privilege access, network segmentation, continuous monitoring, immutable audit logging, and a documented incident-response process. No system is perfectly secure, but security is the discipline we are built on.

We retain personal information only as long as necessary for the purposes described here, to comply with legal obligations, resolve disputes and enforce agreements. Customer data is retained per the customer’s configuration and deleted or returned on termination per the DPA.

Subject to applicable law — including Canada’s PIPEDA, Quebec’s Law 25, and the GDPR — you may have the right to access, correct, delete, port, or restrict the processing of your personal information, to object to certain processing, and to withdraw consent. To exercise these rights, contact privacy@woneshield.com. If your data is processed within a customer’s tenant, we will refer your request to that customer as controller. You may also lodge a complaint with your local supervisory authority.

The platform is intended for business use and is not directed to individuals under the age of 16. We do not knowingly collect personal information from children.

We may update this policy to reflect changes in our practices or the law. Material changes will be posted here with an updated effective date, and where required we will provide additional notice.

WoneShield Privacy Office — privacy@woneshield.com. For security matters, see security.txt or email security@woneshield.com.