// Trust & Security Report

    Shield Intelligence ApS logo

    Shield Intelligence ApS

    Shield Analytics - a LinkedIn-only analytics platform (post archive, engagement/impressions tracking, audience demographics) at shieldapp.ai, plus an optional 'Shield AI Agent' add-on that lets users query their own data in plain language via third-party LLM inference. THE VENDOR IS SHUTTING DOWN: shieldapp.ai now serves a wind-down notice (as of roughly May-June 2026) stating Google and LinkedIn made it impossible to keep operating the product.

    Certifications held

    1

    Maturity

    Growth

    Trains on your data

    Unknown

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    GDPR (posture)
    HELD

    "Shield operates under GDPR with primary legal bases including contract performance and legitimate interest"; DPA identifies Shield as processor ("Shield Intelligence ApS, Norrebrogade 36A, 1, 2200 Copenhagen N, Denmark") and lists user rights: "Access - Rectify - Delete - Restrict - Port - Object - Withdraw consent." Also uses "EU Standard Contractual Clauses (SCCs)" for non-EU sub-processors and hosts data in the EU (Frankfurt/Amsterdam).

    Verify on shieldapp.ai
    > Show 7 unconfirmed / not-held certifications
    SOC 2 (Type I/II)
    NOT CONFIRMED

    "Shield relies on vendor certifications and its own controls; SOC 2 is on the radar but not scheduled" / "DigitalOcean employs robust physical and virtual security programs, including SOC 2 Type II, ISO/IEC 27001:2013, and PCI-DSS certifications" (this is Shield's cloud host DigitalOcean's certification, not Shield's own). Shield's own Terms similarly point to "certified cloud providers (SOC 2 / ISO 27001)", i.e. the hosting vendor, not a Shield-held audit.

    source: shieldapp.ai
    ISO 27001
    NOT CONFIRMED

    "DigitalOcean employs robust physical and virtual security programs, including SOC 2 Type II, ISO/IEC 27001:2013, and PCI-DSS certifications" - this is the ISO 27001 certification of Shield's infrastructure host DigitalOcean, not a certification held by Shield/Shield Intelligence ApS itself. No independent ISO 27001 certificate for Shield was found.

    source: shieldapp.ai
    HIPAA
    NOT CONFIRMED

    No public evidence of a HIPAA compliance program on Shield's own site. Not applicable to the product's data scope (LinkedIn profile/engagement analytics, not protected health information).

    source: shieldapp.ai
    PCI DSS
    NOT CONFIRMED

    DigitalOcean's PCI-DSS certification is referenced as the host's, and payment processing is delegated to Stripe ("Payment processing" sub-processor, Ireland & US) rather than handled directly by Shield. No evidence Shield itself holds a PCI DSS attestation.

    source: shieldapp.ai
    ISO/IEC 42001 (AI management)
    NOT CONFIRMED

    No public evidence of ISO 42001 or any AI-governance certification on Shield's own domain.

    source: shieldapp.ai
    CSA STAR / CSA STAR for AI
    NOT CONFIRMED

    No public evidence of a CSA STAR registration or certification on Shield's own domain.

    source: shieldapp.ai
    FedRAMP
    NOT CONFIRMED

    No public evidence of FedRAMP authorization; not applicable, Shield is a consumer/creator-focused SaaS tool with no stated US federal government offering.

    source: shieldapp.ai

    // Privacy & AI training

    Trains on customer data

    Not stated

    Data processing agreement

    Offered

    Data region

    EU: DigitalOcean data centers in FRA1 (Frankfurt, Germany) and AMS3 (Amsterdam, Netherlands); daily backups encrypted and stored in the EU, overwritten within 30 days.

    The core analytics platform does not use AI at all: "The core analytics platform does not rely on AI." The optional 'Shield AI Agent' sends prompts to third-party LLM providers as sub-processors - "OpenAI, LLC" and "Anthropic PBC" for "AI-model inference (prompts via MCP)", both US-based and both described as "certified under the EU-US Data-Privacy Framework (DPF)". No explicit no-training / opt-out clause for the AI Agent was found in the public DPA or privacy policy, so whether prompt data is used for model training by those providers is not confirmed one way or the other on Shield's own site.

    // Security controls

    Encryption in transit

    TLS 1.2+ with HSTS enforced

    shieldapp.ai

    Encryption at rest

    DigitalOcean-managed volume encryption plus application-level AES-256-GCM encryption for secrets; encrypted backups stored in the EU

    shieldapp.ai

    Access control

    SSO/MFA required for staff access; least-privilege role-based access control (RBAC); logical segregation of customer data by organization ID

    shieldapp.ai

    Hosting / data residency

    DigitalOcean FRA1 (Frankfurt) and AMS3 (Amsterdam); 24/7 monitoring, alerting, automated failover

    shieldapp.ai

    Penetration testing

    Indexed vendor page states independent third-party penetration tests are run bi-annually; could not re-verify this specific claim on a live fetch of the trust-security page since it now serves the shutdown notice

    shieldapp.ai

    Data retention

    Account & content data deleted within 6 months after subscription ends; backups overwritten within 30 days; invoices/transactional records kept 5 years

    shieldapp.ai

    // Products & data scope

    Shield Analytics (core platform)LinkedIn analytics / creator performance tracking

    data: LinkedIn profile and post data (impressions, engagement, follower growth, audience demographics) connected with user consent; no AI processing

    "The core analytics platform does not rely on AI" per Shield's Terms. Product is being discontinued; the vendor states it will no longer operate as previously built.

    Shield AI AgentOptional AI chat add-on

    data: User's own archived analytics data, sent as prompts via MCP to OpenAI and Anthropic for inference

    Covered by a separate AI Policy referenced in the Terms; relies on OpenAI and Anthropic as sub-processors (both listed as EU-US DPF certified). No explicit training opt-out language found on Shield's own site.

    // What to watch

    • PRODUCT IS SHUTTING DOWN: shieldapp.ai now serves a wind-down notice ("Shield is winding down... Both Google and LinkedIn made it clear that we could not continue operating Shield as it was built"), reported in creator-community coverage as occurring around May-June 2026. This should be surfaced prominently in any AIFOXX listing rather than presenting the tool as an active, purchasable product.
    • Identity-conflation risk: the name 'Shield' is shared by multiple unrelated companies found during research - Shield AI Inc. (shield.ai, defense/military drone AI, a large enterprise unrelated to this vendor), Shield (shield.com, device-fraud detection), ShieldFC (shieldfc.com, financial services SOC 2 news), and ShieldScore (shieldscore.ai). None of those certifications or news items belong to Shield Intelligence ApS / shieldapp.ai, and none were used in this assessment.
    • SOC 2 / ISO 27001 language on Shield's own Terms and trust-security page ("certified cloud providers (SOC 2 / ISO 27001)") refers to their infrastructure host DigitalOcean, not an audit Shield itself has undergone. Correctly disclosed by the vendor as a 'secure by association' posture, but should not be shown as a Shield-held badge in the directory.
    • No confirmation of whether the optional AI Agent's prompt data is used for model training by OpenAI/Anthropic, or whether an opt-out exists; the public DPA does not address this explicitly.

    // At a glance

    Pricing model

    Consumer/creator subscription tiers: Starter ~$8/mo, Creator ~$16/mo, Influencer ~$25/mo (per third-party listings; not independently re-verified on a live pricing page since the product is winding down)

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Shield Intelligence ApS's own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-09. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    shieldapp.ai

    > Browse all vendor trust reports