// Trust & Security Report
Shield Intelligence ApS
Shield Analytics - a LinkedIn-only analytics platform (post archive, engagement/impressions tracking, audience demographics) at shieldapp.ai, plus an optional 'Shield AI Agent' add-on that lets users query their own data in plain language via third-party LLM inference. THE VENDOR IS SHUTTING DOWN: shieldapp.ai now serves a wind-down notice (as of roughly May-June 2026) stating Google and LinkedIn made it impossible to keep operating the product.
Certifications held
1
Maturity
Growth
Trains on your data
Unknown
Trust center
Yes
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on shieldapp.ai“"Shield operates under GDPR with primary legal bases including contract performance and legitimate interest"; DPA identifies Shield as processor ("Shield Intelligence ApS, Norrebrogade 36A, 1, 2200 Copenhagen N, Denmark") and lists user rights: "Access - Rectify - Delete - Restrict - Port - Object - Withdraw consent." Also uses "EU Standard Contractual Clauses (SCCs)" for non-EU sub-processors and hosts data in the EU (Frankfurt/Amsterdam).”
> Show 7 unconfirmed / not-held certifications
source: shieldapp.ai"Shield relies on vendor certifications and its own controls; SOC 2 is on the radar but not scheduled" / "DigitalOcean employs robust physical and virtual security programs, including SOC 2 Type II, ISO/IEC 27001:2013, and PCI-DSS certifications" (this is Shield's cloud host DigitalOcean's certification, not Shield's own). Shield's own Terms similarly point to "certified cloud providers (SOC 2 / ISO 27001)", i.e. the hosting vendor, not a Shield-held audit.
source: shieldapp.ai"DigitalOcean employs robust physical and virtual security programs, including SOC 2 Type II, ISO/IEC 27001:2013, and PCI-DSS certifications" - this is the ISO 27001 certification of Shield's infrastructure host DigitalOcean, not a certification held by Shield/Shield Intelligence ApS itself. No independent ISO 27001 certificate for Shield was found.
source: shieldapp.aiNo public evidence of a HIPAA compliance program on Shield's own site. Not applicable to the product's data scope (LinkedIn profile/engagement analytics, not protected health information).
source: shieldapp.aiDigitalOcean's PCI-DSS certification is referenced as the host's, and payment processing is delegated to Stripe ("Payment processing" sub-processor, Ireland & US) rather than handled directly by Shield. No evidence Shield itself holds a PCI DSS attestation.
source: shieldapp.aiNo public evidence of ISO 42001 or any AI-governance certification on Shield's own domain.
source: shieldapp.aiNo public evidence of a CSA STAR registration or certification on Shield's own domain.
source: shieldapp.aiNo public evidence of FedRAMP authorization; not applicable, Shield is a consumer/creator-focused SaaS tool with no stated US federal government offering.
// Privacy & AI training
Trains on customer data
Not stated
Data processing agreement
Offered
Data region
EU: DigitalOcean data centers in FRA1 (Frankfurt, Germany) and AMS3 (Amsterdam, Netherlands); daily backups encrypted and stored in the EU, overwritten within 30 days.
The core analytics platform does not use AI at all: "The core analytics platform does not rely on AI." The optional 'Shield AI Agent' sends prompts to third-party LLM providers as sub-processors - "OpenAI, LLC" and "Anthropic PBC" for "AI-model inference (prompts via MCP)", both US-based and both described as "certified under the EU-US Data-Privacy Framework (DPF)". No explicit no-training / opt-out clause for the AI Agent was found in the public DPA or privacy policy, so whether prompt data is used for model training by those providers is not confirmed one way or the other on Shield's own site.
// Security controls
Encryption at rest
DigitalOcean-managed volume encryption plus application-level AES-256-GCM encryption for secrets; encrypted backups stored in the EU
shieldapp.aiAccess control
SSO/MFA required for staff access; least-privilege role-based access control (RBAC); logical segregation of customer data by organization ID
shieldapp.aiHosting / data residency
DigitalOcean FRA1 (Frankfurt) and AMS3 (Amsterdam); 24/7 monitoring, alerting, automated failover
shieldapp.aiPenetration testing
Indexed vendor page states independent third-party penetration tests are run bi-annually; could not re-verify this specific claim on a live fetch of the trust-security page since it now serves the shutdown notice
shieldapp.aiData retention
Account & content data deleted within 6 months after subscription ends; backups overwritten within 30 days; invoices/transactional records kept 5 years
shieldapp.ai// Products & data scope
data: LinkedIn profile and post data (impressions, engagement, follower growth, audience demographics) connected with user consent; no AI processing
"The core analytics platform does not rely on AI" per Shield's Terms. Product is being discontinued; the vendor states it will no longer operate as previously built.
data: User's own archived analytics data, sent as prompts via MCP to OpenAI and Anthropic for inference
Covered by a separate AI Policy referenced in the Terms; relies on OpenAI and Anthropic as sub-processors (both listed as EU-US DPF certified). No explicit training opt-out language found on Shield's own site.
// What to watch
- PRODUCT IS SHUTTING DOWN: shieldapp.ai now serves a wind-down notice ("Shield is winding down... Both Google and LinkedIn made it clear that we could not continue operating Shield as it was built"), reported in creator-community coverage as occurring around May-June 2026. This should be surfaced prominently in any AIFOXX listing rather than presenting the tool as an active, purchasable product.
- Identity-conflation risk: the name 'Shield' is shared by multiple unrelated companies found during research - Shield AI Inc. (shield.ai, defense/military drone AI, a large enterprise unrelated to this vendor), Shield (shield.com, device-fraud detection), ShieldFC (shieldfc.com, financial services SOC 2 news), and ShieldScore (shieldscore.ai). None of those certifications or news items belong to Shield Intelligence ApS / shieldapp.ai, and none were used in this assessment.
- SOC 2 / ISO 27001 language on Shield's own Terms and trust-security page ("certified cloud providers (SOC 2 / ISO 27001)") refers to their infrastructure host DigitalOcean, not an audit Shield itself has undergone. Correctly disclosed by the vendor as a 'secure by association' posture, but should not be shown as a Shield-held badge in the directory.
- No confirmation of whether the optional AI Agent's prompt data is used for model training by OpenAI/Anthropic, or whether an opt-out exists; the public DPA does not address this explicitly.
// At a glance
Pricing model
Consumer/creator subscription tiers: Starter ~$8/mo, Creator ~$16/mo, Influencer ~$25/mo (per third-party listings; not independently re-verified on a live pricing page since the product is winding down)
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Shield Intelligence ApS's own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-09. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
shieldapp.ai