← SHADOWCYPHER
Privacy Policy
Last updated: June 1, 2026
Summary
ShadowCypher is a security platform you use to monitor your own networks and devices. We treat your data the same way we'd want our data treated: collect only what's necessary, store it as little as we can, never sell it, never share it with third parties for marketing, and let you delete it whenever you want.
Mobile apps (Guardian & Shadow AI)
This section applies specifically to the Guardian and Shadow AI Android apps.
- API key: stored locally on your device only (Android SharedPreferences, encrypted). Never transmitted to us except as a bearer token to authenticate API requests you initiate.
- Voice / microphone: Shadow AI processes voice entirely on-device using an offline speech model (Vosk). No audio is ever recorded, transmitted, or stored — not by us, not by any third party. The microphone is only active when you are actively speaking to the assistant.
- Network data: Guardian displays your scan results from the Guardian agent. That data flows through the ShadowCypher API (Cloudflare Workers → your account) with the same protections described below.
- No advertising ID, no device fingerprint, no crash reporting SDK. Neither app includes any third-party analytics, attribution, or advertising library.
- Permissions used:
- Guardian: INTERNET, ACCESS_NETWORK_STATE, POST_NOTIFICATIONS, RECEIVE_BOOT_COMPLETED, VIBRATE
- Shadow AI: INTERNET, RECORD_AUDIO (offline, on-device only), POST_NOTIFICATIONS, RECEIVE_BOOT_COMPLETED
What we collect
- Account info: email address and (optional) display name when you sign up. Stored in our auth provider (Supabase).
- Scan data: when you run the Guardian agent, it sends us details about devices on your local network — MAC addresses, IP addresses, hostnames, open ports, vendor identifiers. This is the data the platform analyzes to keep you secure.
- Incidents: security events flagged by the agent (new devices, ARP anomalies, etc.) — these stay in your account so you can review them.
- Billing data: if you subscribe, Stripe handles payment information directly. We never see your card. We only store your Stripe customer ID and current plan.
- Server logs: Cloudflare records request logs (IP address, user agent, timestamp) for abuse prevention. These are retained for 30 days.
What we don't collect
- We don't track you across other sites. No third-party analytics, no ad pixels, no Google Analytics, no Meta Pixel.
- We don't read or store the content of network traffic — only metadata about devices.
- We don't sell your data. Ever. Full stop.
- We don't share your data with advertisers, data brokers, or marketing partners.
Where data lives
- Database: Supabase (PostgreSQL), hosted in their US infrastructure.
- API: Cloudflare Workers, edge-distributed globally.
- Static site: GitHub Pages, served via Cloudflare.
- Email delivery: Resend (when notifications are enabled).
- Payments: Stripe.
You can self-host the entire platform — the code is open source at github.com/jakes1345/ShadowCypher. If self-hosting matters to you (it should for some use cases), that option is real.
Retention
- Free tier: scan history retained 7 days.
- Guardian Pro: 90 days.
- Operator: retained as long as your account is active.
- Account deletion: when you delete your account, all your data is purged within 7 days.
Your rights
You can request access, export, correction, or deletion of your data at any time by emailing privacy@shadowcypher.site or by deleting your account directly from the dashboard. We'll respond within 30 days. If you're in the EU, UK, or California, you have additional rights under GDPR / UK GDPR / CCPA — same email address, same response window.
Cookies
We use a small number of strictly necessary cookies for authentication (Supabase session) and Cloudflare bot mitigation. We don't use tracking cookies. There's no consent banner because there's nothing requiring consent.
Changes to this policy
If we make material changes, we'll email everyone with an active account at least 14 days before the change takes effect. Minor edits (typos, clarifications) happen without notice — the "Last updated" date at the top reflects the latest version.
Contact
Privacy questions: privacy@shadowcypher.site
General contact: hello@shadowcypher.site
Code / issues: github.com/jakes1345/ShadowCypher/issues
Home ·
Terms of Service ·
GitHub