Privacy Policy

OPSSHIELD LLP ("OPSSHIELD", "We", "Us", or "Our") is committed to protecting your privacy. This Privacy Policy applies to visitors of opshield.com, manage.opsshield.com, app.opsshield.com, and their subdomains (collectively, the "Site"), as well as users of our products and services, including cPGuard and cPGuard Lite ("Service" or collectively "Services").

This Privacy Policy outlines how OPSSHIELD collects, uses, and shares the personal information you provide to us. It also explains the choices available to you regarding the use of your information, your access to it, and how to update or correct your personal information.

Additionally, the information collected through our Services, including basic non-compromising details from users' servers, is used strictly for the purpose of delivering the products and services contracted by our customers.

OPSSHIELD LLP reserves the right to update this Privacy Policy at any time at our discretion. Any revisions will take effect immediately upon updating the policy page. We will take reasonable steps to inform you of any changes through methods such as social media updates, email notifications, or other communication methods. By continuing to use our services after the Privacy Policy has been updated, you are agreeing to the revised terms. If you do not agree with any changes, you should discontinue using the website and our services. We encourage you to periodically review this policy for the latest information on our privacy practices.

Information We Collect and Process

1. Personal Information

OPSSHIELD LLP may collect personally identifiable information from you, including but not limited to:

• Names, addresses, telephone numbers, fax numbers, physical addresses
• Email addresses, credit card numbers (for direct customers)
• Company information (if applicable), including company names, addresses, telephone numbers, fax numbers, email addresses, tax ID numbers, or credit card numbers
• Technical contact information for your company or organization

2. Non-Personal Information

We may collect non-personally identifiable information, including:

• Browser type
• IP address
• Pages viewed on the Site
• Time of website visit -

  We do not process these details actively; they are part of standard web server logging and are periodically rotated and deleted.

3. Data Storage

Both personal and non-personal data are stored on our servers, which host our client management software and website. These servers are located in the United States and are protected by multiple layers of firewalls, encrypted traffic, and encrypted storage. Our client management software complies with GDPR and follows strict personal data protection policies.

4. User Communications

If you communicate with us, we may collect and store information related to that communication, whether it is through email, letters, forum postings, testimonials, or other forms of interaction between you and OPSSHIELD LLP or submitted by you to the Site ("User Communications").

How do we use the personal data

• TO IMPROVE CUSTOMER SERVICE: The information you provide helps us respond to your customer service requests and support needs more efficiently. Our employees do not access or use your content and context information without your prior authorization or as required for legal, safety, or security reasons.

• TO PERSONALIZE USER EXPERIENCE We may use information in the aggregate to understand how our Users as a group use the services and resources provided on our Site.

• TO IMPROVE OUR SITE: We may use feedback you provide to improve our products and services.

• TO PROCESS PAYMENTS: We may use the information Users provide about themselves when placing an order only to provide service to that order. We do not share this information with outside parties except to the extent necessary to provide the service.

• TO RUN A PROMOTION, CONTEST, SURVEY OR OTHER SITE FEATURE: To send Users information they agreed to receive about topics we think will be of interest to them.

• TO SEND PERIODIC EMAILS: We may use the email address to send User information and updates pertaining to their order. It may also be used to respond to their inquiries, questions, and/or other requests. If User decides to opt-in to our mailing list, they will receive emails that may include company news, updates, related product or service information, etc. If at any time the User would like to unsubscribe from receiving future emails, they may do so by contacting us via our Site.

How We Share Your Personal Data

We do not share, transfer or sell any your personal data to any third-party companies or providers. All data is stored in house with standard security measures to keep them safe and secure. But we will display personal testimonials of satisfied customers on our public websites. With your consent, we may post your name and your company name alongside the testimonial.

We may also disclose your personal information as required by law, such as to comply with a legal process when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

In the event OPSSHIELD LLP is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our website, of any change in ownership, uses of your personal information, and choices you may have regarding your personal information.

How we Store and Secure Personal Data

We implement a variety of security measures to maintain the safety of your personal information when you place an order or enter, submit, or access your personal information. We use secure and well known IaaS providers and all supplied sensitive information is transmitted via Transport Layer Security (TLS) to and then stored in our database to be only accessed by those authorized with special access rights to our systems, and are required to keep the information confidential. The disk (aka volume) where we store the data is encrypted with LUKS (Linux Unified Key Setup). Credit card information is transmitted directly to the payment processor and is not stored on our servers. If you have any questions about the security of your personal information, you can contact us at [email protected]

Retention of Personal Data

We retain the Personal Data that you provide to us where we have an ongoing legitimate business need to do so (for example, as needed to comply with our legal obligations, resolve disputes, and enforce our agreements). When we have no ongoing legitimate business need to process your Personal Data, it is still stored in our database but will not be processed or used to initiate a communication.

You have the right to contact us to delete your personal information that include your name, address, email, invoices, services, transactions, tickets, email communication logs, etc permanently from our database. Please note that the service termination can be requested only if you have no service dues pending. You can reach us at [email protected] or [email protected] for more information to terminate and delete your account and services.

Web Browser Cookies

Our Site may use “cookies” to enhance User experience. User’s web browser places cookies on their hard drive for record-keeping purposes and sometimes to track information about them. The user may choose to set their web browser to refuse cookies or to alert you when cookies are being sent. The use of Cookie is limited in nature and we do not use Cookies to track user browsing pages and/or other activities. There is no behavioral targeting using the cookies and they are used strictly for functional/technical purposes only.

Collection of Information About Your Server (cPGuard Lite)

cPGuard Lite is an on-premise software solution that operates primarily on your server with minimal communication to OPSSHIELD servers. For servers running cPGuard Lite, we collect the following information:

1. The licensed or unlicensed status of the software
2. The public IP address of the server associated with the license
3. The type of control panel used on the server
4. Information provided by you when requesting technical support from OPSSHIELD LLP, which may include IP addresses, usernames and passwords for SSH access, a list of running processes, and configuration file contents

Please note that cPGuard Lite does not transfer any data, logs, or other sensitive information from your server. All such data is stored and processed locally on your server.

Collection of Information About Your Server (cPGuard Web Security Suite)

The cPGuard Web Security Suite is a comprehensive software solution comprising two main components: the App Portal UI (hosted on our central cloud) and the agent service (running on customer servers). When cPGuard Web Security Suite is installed on your server, we collect the following information:

1. The licensed or unlicensed status of the software
2. The public IP address of the server associated with the license
3. The type of control panel used on the server
4. The last update time from the agent service
5. The server's Operating System version details
6. The status of various cPGuard modules
7. Attack counts per module for displaying statistics
8. Information collected when you request technical support services from OPSSHIELD LLP, which may include IP addresses, usernames and passwords for SSH access, a list of running processes, and configuration file contents.

Please note that we do not collect any additional information, such as usernames, website names or counts, additional IP addresses, or logs.

Information on Logging Website Names and URI (ReCaptcha Protection Module)

The ReCaptcha Protection Module is operated through our central cloud infrastructure. As part of Captcha verification requests, the website name (i.e., domain name) is logged in the web server’s access logs. However, we do not process or analyze the domain name data in these logs.

The access logs are automatically rotated and deleted every 7 days. During this period, any processing performed on the logs is limited to the IP addresses of the end-user and the server (contained in the requested URI fields). The domain name information is not used or processed for any other purpose.

This version ensures clarity and focuses on the limited nature of the logging and processing of domain names.

Data Storage in the cPGuard Web Security Suite App Portal

We prioritize storing only the essential data necessary to provide you with a consolidated view of information from multiple servers. The backend of the cPGuard App Portal is designed to store minimal information, ensuring simplicity and compliance with privacy regulations.

1. Data We Store

   To efficiently display consolidated dashboards and reports, we store summaries (i.e., statistics) of various attacks in our database. Additionally, we retain basic information about your servers, including:

   1. Server IP address
   2. Hostname
   3. Operating system
   4. Main cPGuard module statuses
   5. Number of domains

   This is the information you see on the dashboard and server list pages within the app portal.

2. Data We Do Not Store

   We do not store logs or sensitive information in the app portal. This includes:

   1. Domain names
   2. Additional IP addresses
   3. Client IPs
   4. Browser information
   5. Detailed statistics or logs

   All relevant information is requested and loaded on-demand using the agent service running on your server.

3. Data on Your Server:

   Apart from the summarized data mentioned above, all other pertinent information collected and used by cPGuard is stored on your server. This data is accessed via API calls to the agent service running on the server and is loaded only when needed.

4. Security Architecture

   1. cPGuard uses a custom Nginx server running as a standard user with controlled privileges, accepting only predefined operations specific to cPGuard.
   2. For security reasons, the UI in your browser does not communicate directly with the agent service on your server. Instead, the app portal backend acts as an intermediary, encrypting requests and sending corresponding API requests to the agent service.
   3. All API requests between the cloud and the agent service are sent via HTTPS and secured using public/private key encryption. Each server or license has its own unique encryption keys.

5. Database and Encryption

   1. The app portal's backend database is protected by a cloud firewall, and the storage disk is encrypted.
   2. Several additional security measures are in place to prevent unauthorized access to your server and ensure that your data remains safe.

Collection of Attack Vectors

As part of our ongoing efforts to enhance our software and support research and development (R&D), we collect information related to attacks blocked by cPGuard on client servers. This data collection occurs both automatically and through manual user submissions via the software or our website.

Automatic Data Collection

The following information is collected automatically:

• Attacker IP address
• Targeted service
• Suspiciously running process path (with sensitive details such as usernames masked)
• Suspicious or virus-infected file contents

Manual Data Submission

We also collect information submitted manually by users, including:

• Files reported as false positives or containing viruses
• Web Application Firewall (WAF) false positive reports
• Files, website names, login credentials, and other data provided via support requests

Data Storage and Security

The collected data is securely stored in our internal databases and servers, which are protected by cloud firewalls and have restricted access. The data is stored within the European Union (EU) on multiple servers in a clustered environment to facilitate efficient processing.

Data Usage and Sharing

The collected data is used solely for internal R&D purposes and to improve our software. We do not share this information with third parties.

Privacy Rights Regarding Your Personal Data

• Access to Personal Data

  You have the right to request confirmation from us about whether or not we are processing your personal data. If your data is being processed, you may also request access to that data. This includes information such as the purpose of processing, the types of personal data involved, and the recipients or categories of recipients with whom your data has been or may be shared.

• Correction of Inaccurate Data

  If your personal data is inaccurate, you have the right to request that we correct it. In cases where your data is incomplete, you can also request that it be supplemented with additional information, depending on the processing requirements.

• Right to Deletion

  You may request that we delete your personal data. Please note that once your data is deleted, it is permanently erased and cannot be restored.

• Restriction of Data Processing

  You have the right to request that we limit the processing of your personal data. In such cases, your data will be marked to indicate that it can only be processed by us for specific purposes.

• Withdrawal of Consent

  If you have previously provided consent for the processing of your data, you have the right to withdraw that consent at any time. The withdrawal must be communicated to us in writing, either via email or through a support ticket.

• Identity Verification:

  To protect your privacy, we may need to verify your identity before processing certain requests, such as those related to accessing, correcting, or deleting your data. We will use appropriate methods based on the nature of your request.

Data Protection Officer

If there are any questions regarding this Privacy Policy, our privacy practices, or your dealings with this Site of the software that we provide, you may contact our Data Protection Officer using the information below:

Information About Children

Products and services offered by OPSSHIELD LLP are not directed at persons under 16 and we do not knowingly collect Personal Information from children under 16. If you become aware that your child has provided us with Personal Information, without your consent, then please contact us using the details above so that we can take steps to remove such information and terminate any account your child has created with us.

Final Note

We may update this Privacy Policy from time to time to reflect changes in our software, services, or legal obligations. We encourage you to review this policy periodically to stay informed about how we are protecting your information. Your continued use of the software after any changes signifies your acceptance of the updated terms.

Thank you for trusting us with your personal information and for using our software.