Let's Go

Privacy Policy

Effective Date: January 13, 2025 | Last Updated: January 19, 2025

Privacy Policy Overview

This Privacy Policy describes how Jenria Infotech LLP ("LinShield", "Company", "we", "us", or "our") collects, uses, shares, and protects your personal information when you use our zero-trust security platform for Linux server management (the "Service"). Our Service is accessible at linshield.com (marketing website) and app.linshield.com (application platform).

We are committed to transparency about our data practices. This policy applies to all users of our Service, including visitors to our website, registered users, and administrators who manage servers through our platform. By using LinShield, you acknowledge that you have read and understood this Privacy Policy.

Key Points: We collect only the data necessary to provide our services. We never sell your personal information. We implement enterprise-grade security measures to protect your data. You have rights over your personal data, which vary by jurisdiction.

Scope of This Policy

This Privacy Policy applies to:

  • The LinShield marketing website at linshield.com
  • The LinShield application platform at app.linshield.com
  • Our APIs and integration services
  • The LinShield agent software installed on your servers
  • Our mobile applications (if any)
  • Communications with our support team
  • Marketing communications (with your consent)

This policy does not apply to:

  • Third-party websites linked from our Service
  • Services provided by other companies, even if integrated with LinShield
  • Information collected by your servers that you manage (you control that data)

Data Controller Information

For the purposes of data protection laws, the data controller responsible for your personal information is:

Jenria Infotech LLP

Gujarat, India

Data Protection Contact: [email protected]

As a data controller, we determine the purposes and means of processing your personal data. We are responsible for ensuring that your data is processed in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and India's Digital Personal Data Protection Act, 2023 (DPDP Act).

Information We Collect

We collect information in the following ways:

1. Information You Provide Directly

When you create an account, use our services, or communicate with us:

  • Account Registration: Name, email address, password, organization name
  • Profile Information: Profile picture (optional), timezone, preferences
  • Payment Information: Billing name, billing address, payment method details (processed by Razorpay; we do not store full card numbers)
  • Server Configuration: Hostnames, IP addresses, SSH public keys, server labels
  • Support Communications: Messages, attachments, feedback you provide
  • Multi-Factor Authentication: TOTP secrets (encrypted), WebAuthn credentials

2. Information Collected Automatically

When you access or use our Service, we automatically collect:

  • Device Information: Browser type and version, operating system, device type, screen resolution, language settings
  • Network Information: IP address, approximate geographic location (city/country level), Internet Service Provider
  • Usage Information: Pages visited, features used, time spent, clicks, scrolls, navigation paths
  • Authentication Logs: Login timestamps, authentication methods used, session tokens
  • Performance Data: Page load times, errors encountered, API response times

3. Information from Third Parties

We may receive information from:

  • OAuth Providers: If you sign in with Google, GitHub, or Microsoft, we receive your name, email, and profile picture from that provider
  • Payment Processor: Razorpay provides transaction status, payment confirmations, and fraud scores
  • Security Services: Threat intelligence about IP addresses or suspicious activities

4. Information from Your Servers

When you install our agent on your servers, we may collect:

  • System Information: Hostname, operating system version, kernel version, uptime
  • Resource Metrics: CPU usage, memory usage, disk usage, network statistics
  • Security Data: Installed packages, running services, user accounts, firewall rules
  • Audit Logs: Authentication events, sudo commands, security-relevant system events

Note: We do not access or store the content of files on your servers unless you explicitly use our file transfer feature. Terminal session content is transmitted but not stored unless you enable session recording.

Data Categories and Retention

The following table summarizes the categories of personal data we collect, their purposes, and retention periods:

Category Data Collected Purpose Retention
Account Information Name, email, password hash, profile settings Account creation, authentication, service delivery Duration of account + 30 days
Contact Information Email address, phone number (optional) Communications, support, security alerts Duration of account + 30 days
Payment Information Billing name, card last 4 digits, transaction history Payment processing, invoicing, fraud prevention 10 years (legal requirement)
Server Information Hostnames, IP addresses, configurations, SSH keys Service delivery, server management Duration of account + 30 days
Usage Data Feature usage, session data, actions performed Service improvement, analytics, debugging 90 days (rolling)
Security Logs Authentication attempts, access logs, security events Security monitoring, incident response, compliance 1 year
Device Information Browser type, OS, device identifiers, screen resolution Service optimization, security, compatibility 90 days (rolling)
Communication Records Support tickets, emails, chat transcripts Customer support, service improvement 3 years

How We Use Your Information

We use your personal information for the following purposes:

Service Delivery and Operations

  • Creating and managing your account
  • Authenticating your identity and authorizing access
  • Providing server management, terminal access, and file transfer features
  • Processing and managing your subscription and payments
  • Connecting you to your servers via our secure infrastructure
  • Deploying and managing SSH keys on your servers

Security and Fraud Prevention

  • Detecting and preventing unauthorized access and security threats
  • Monitoring for suspicious activities and potential abuse
  • Implementing and enforcing our security policies
  • Investigating security incidents and conducting forensic analysis
  • Verifying payment transactions and preventing fraud

Communications

  • Sending service-related notifications (e.g., security alerts, payment confirmations)
  • Responding to your support requests and inquiries
  • Providing important updates about changes to our Service or policies
  • Sending renewal reminders and subscription status updates
  • Marketing communications (only with your consent, and you can opt out anytime)

Service Improvement and Analytics

  • Understanding how users interact with our Service
  • Identifying areas for improvement and new features
  • Conducting research and analysis to enhance user experience
  • Troubleshooting technical issues and debugging
  • Measuring the effectiveness of our features

Legal and Compliance

  • Complying with applicable laws, regulations, and legal processes
  • Responding to lawful requests from government authorities
  • Establishing, exercising, or defending legal claims
  • Maintaining records required by financial and tax regulations
  • Enforcing our Terms of Service and other agreements

Legal Basis for Processing (GDPR)

Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds:

Contract Performance (Article 6(1)(b))

Processing necessary to provide our Service to you, including account management, server management features, payment processing, and customer support.

Legitimate Interests (Article 6(1)(f))

Processing for our legitimate business interests, including security monitoring, fraud prevention, service improvement, and analytics. We balance these interests against your rights and freedoms.

Legal Obligation (Article 6(1)(c))

Processing required to comply with our legal obligations, such as tax reporting, responding to legal requests, and maintaining required records.

Consent (Article 6(1)(a))

Where required, we obtain your consent for specific processing activities, such as marketing communications and non-essential cookies. You may withdraw consent at any time.

Third-Party Service Providers

We share your information with carefully selected third-party service providers who assist us in operating our Service. These providers are contractually obligated to protect your data and use it only for the specified purposes.

Provider Purpose Data Shared Location
Razorpay Payment processing Name, email, billing address, transaction details India
Amazon Web Services (AWS) Cloud infrastructure, hosting, KMS All data processed through our platform India (Mumbai region)
Google Analytics Website analytics Usage patterns, anonymized demographics United States
Resend Transactional email delivery Email addresses, email content United States
Google reCAPTCHA Enterprise Bot detection and spam prevention IP address, browser/device info, cookies, interaction data United States
EmailJS Contact form email delivery Name, email address, message content United States

All third-party providers are bound by data processing agreements and are required to maintain appropriate security measures. We conduct due diligence on our providers and regularly review their privacy and security practices.

When We Share Your Information

We never sell your personal information. We only share data as described below and with appropriate safeguards in place.

We may share your information in the following circumstances:

  • Service Providers: With third-party vendors who perform services on our behalf (see table above), under strict contractual terms.
  • Payment Processor: With Razorpay to process your payments. By using our Service, you consent to sharing your payment information with Razorpay pursuant to their Privacy Policy.
  • Legal Requirements: When required by law, court order, subpoena, or government request, or when necessary to protect our rights, property, or safety.
  • Business Transfers: In connection with a merger, acquisition, reorganization, or sale of assets. We will notify you before your information is transferred and becomes subject to a different privacy policy.
  • With Your Consent: When you have given us explicit permission to share your information for a specific purpose.
  • Within Your Organization: With other administrators in your LinShield organization who have appropriate permissions.
  • Aggregated Data: We may share aggregated, anonymized data that cannot be used to identify you (e.g., "50% of users prefer dark mode").

Data Security

We implement comprehensive security measures to protect your personal information. Our security program is designed to align with industry best practices and recognized frameworks.

Technical Security Measures

  • Encryption in Transit: All data transmitted between your browser and our servers is encrypted using TLS 1.3
  • Encryption at Rest: Sensitive data is encrypted using AES-256 encryption
  • Key Management: Cryptographic keys are managed using AWS Key Management Service (KMS) with hardware security modules (HSMs)
  • Zero-Trust Architecture: Our platform implements zero-trust principles for all server connections
  • SSH Key Security: SSH private keys are encrypted with unique tenant-specific keys using envelope encryption
  • Multi-Factor Authentication: We support TOTP and WebAuthn/Passkeys for additional account security

Organizational Security Measures

  • Access Controls: Role-based access controls limit data access to authorized personnel only
  • Security Training: All employees receive regular security awareness training
  • Incident Response: We maintain documented incident response procedures
  • Vendor Management: Third-party vendors are assessed for security practices
  • Regular Audits: We conduct regular security assessments and penetration testing

Compliance and Certifications

Our security practices are designed to align with:

  • SOC 2 Type II: Controls for Security, Availability, Processing Integrity, Confidentiality, and Privacy
  • ISO 27001: Information Security Management System standards
  • PCI DSS: Payment Card Industry Data Security Standard (through Razorpay)
  • RBI Guidelines: Reserve Bank of India Payment Aggregator Guidelines
  • OWASP: Open Web Application Security Project best practices
While we implement robust security measures, no system is completely secure. We will notify you promptly of any security breach that affects your personal information, as required by applicable law.

International Data Transfers

LinShield is operated from India, and our primary data processing occurs in India (AWS Mumbai region). However, some of our service providers may process data in other countries.

Transfer Mechanisms

When your data is transferred outside your country of residence, we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs): EU-approved contractual terms for transfers from the EEA
  • Data Processing Agreements: Contracts requiring providers to protect data according to our standards
  • Adequacy Decisions: Transfers to countries recognized as providing adequate data protection
  • Supplementary Measures: Additional technical and organizational safeguards where needed

Data Localization

For users subject to data localization requirements, the majority of your data is processed and stored in India. Contact us if you have specific data residency requirements.

Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements.

Retention Periods

  • Account Data: Retained for the duration of your account plus 30 days after deletion request
  • Payment Records: Retained for 10 years as required by tax and financial regulations
  • Security Logs: Retained for 1 year for security monitoring and incident investigation
  • Usage Analytics: Retained for 90 days in identifiable form, then aggregated
  • Support Communications: Retained for 3 years for service quality and dispute resolution
  • Marketing Consent Records: Retained for 3 years after consent withdrawal

Account Deletion

When you request account deletion:

  • Your account is immediately deactivated
  • Personal data is deleted within 30 days
  • Backups containing your data are overwritten within 90 days
  • Some data may be retained longer if required by law or for legitimate business purposes (e.g., transaction records)

Your Rights Under GDPR (European Users)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation:

  • Right of Access (Article 15): Request a copy of your personal data and information about how we process it
  • Right to Rectification (Article 16): Request correction of inaccurate or incomplete personal data
  • Right to Erasure (Article 17): Request deletion of your personal data ("right to be forgotten") under certain circumstances
  • Right to Restrict Processing (Article 18): Request that we limit how we use your data in certain situations
  • Right to Data Portability (Article 20): Receive your personal data in a structured, commonly used, machine-readable format
  • Right to Object (Article 21): Object to processing based on legitimate interests or for direct marketing purposes
  • Right to Withdraw Consent (Article 7): Withdraw consent for processing based on consent at any time
  • Right Not to be Subject to Automated Decisions (Article 22): Not be subject to decisions based solely on automated processing with legal effects

Supervisory Authority

You have the right to lodge a complaint with a supervisory authority in your country of residence. For a list of supervisory authorities in the EEA, visit the European Data Protection Board website.

Your Rights Under CCPA (California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with specific rights:

  • Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected, the categories of sources, our purposes for collecting, and categories of third parties with whom we share
  • Right to Delete: Request deletion of personal information we have collected from you, subject to certain exceptions
  • Right to Correct: Request correction of inaccurate personal information
  • Right to Opt-Out of Sale/Sharing: Opt out of the "sale" or "sharing" of personal information. Note: We do not sell or share (as defined by CCPA) your personal information.
  • Right to Limit Use of Sensitive Information: Limit the use of sensitive personal information to specific purposes
  • Right to Non-Discrimination: Not receive discriminatory treatment for exercising your privacy rights

Submitting CCPA Requests

To submit a CCPA request, email us at [email protected] with "CCPA Request" in the subject line. We will verify your identity before processing your request. You may also designate an authorized agent to make requests on your behalf.

Your Rights Under DPDP Act (India)

Under India's Digital Personal Data Protection Act, 2023 (DPDP Act), you have the following rights as a Data Principal:

  • Right to Information (Section 11): Obtain a summary of your personal data being processed and the processing activities
  • Right to Correction and Erasure (Section 12): Request correction of inaccurate or misleading data, completion of incomplete data, updating of outdated data, and erasure of data no longer necessary
  • Right of Grievance Redressal (Section 13): Have your grievances addressed in a time-bound manner through our grievance redressal mechanism
  • Right to Nominate (Section 14): Nominate any other individual to exercise your rights in the event of your death or incapacity

Grievance Officer

For grievances related to data processing under the DPDP Act, contact our Grievance Officer:

Email: [email protected]

(Include "DPDP Grievance" in the subject line)

We will acknowledge your grievance within 48 hours and provide a resolution within 30 days.

Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience on our Service. For detailed information about the cookies we use and how to manage them, please refer to our Cookie Policy.

Types of Cookies

  • Essential Cookies: Required for authentication, security, and basic functionality
  • Functional Cookies: Remember your preferences (theme, language, etc.)
  • Analytics Cookies: Help us understand usage patterns and improve our Service

Do Not Track

Some browsers have a "Do Not Track" feature that signals to websites that you do not want to have your online activity tracked. Our Service does not currently respond to DNT signals. However, you can manage your cookie preferences as described in our Cookie Policy.

Marketing Communications

We may send you marketing communications about our products, services, and promotions if you have opted in to receive them. You can manage your marketing preferences as follows:

  • Email Marketing: Click the "unsubscribe" link at the bottom of any marketing email
  • Account Settings: Update your communication preferences in your LinShield account settings
  • Contact Us: Email [email protected] to opt out of marketing communications

Note: Even if you opt out of marketing communications, we will still send you transactional messages related to your account, such as payment confirmations, security alerts, and service updates.

Children's Privacy

LinShield is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

If we become aware that we have collected personal information from a child under 18 without verification of parental consent, we will take steps to remove that information from our servers promptly.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make changes:

  • We will update the "Last Updated" and "Effective Date" at the top of this page
  • For material changes, we will provide prominent notice (e.g., email notification or in-app banner)
  • We will give you reasonable time to review material changes before they take effect
  • We encourage you to review this Privacy Policy periodically

Your continued use of our Service after any changes to this Privacy Policy constitutes your acceptance of the updated policy.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Jenria Infotech LLP

Gujarat, India

General Inquiries: [email protected]

Privacy Requests: [email protected] (Subject: "Privacy Request")

DPDP Grievance Officer: [email protected] (Subject: "DPDP Grievance")

Website: linshield.com

Response Times

  • General inquiries: Within 2 business days
  • Privacy requests: Within 30 days (as required by law)
  • Security concerns: Priority response within 24 hours

For payment-related grievances, you may also contact Razorpay at razorpay.com/grievances.