Privacy Policy

This Privacy Policy explains how RelyShield (Stanislovas Kalašnikovas, sole proprietor) collects, uses, stores and discloses your personal data when you use the Website and Services, including account recovery, account security setup, consultations, breach monitoring, self-guided security guides and subscription plans. We process only the data that is necessary.

Version: 2.0 · Effective from: 2026-03-19

1. Data controller

Data controller: Stanislovas Kalašnikovas (sole proprietor under Lithuanian law)
Business ID: 1436981
Email: info@relyshield.com
Website: relyshield.com
This Policy applies to anyone who visits the Website, uses the client portal, submits forms, or orders Services.

2. What data we collect

The scope of data depends on which service you use and what information you provide. We may collect:

2.1. Registration and contact data

Name, email address, phone number, country, language preference, and profile data you provide when creating a RelyShield account or submitting a service request.

2.2. Account and incident data

Account URLs, usernames, platform IDs, Business Manager IDs, ad account IDs, page names, incident descriptions, dates, screenshots, documents and any other information you submit for recovery, security setup or consultation.

2.3. Login credentials (if voluntarily provided)

For certain services (especially account security setup), you may voluntarily share temporary login data (password, 2FA codes, session access). This data is used exclusively for the requested service and you are advised to change passwords immediately after service completion.

2.4. Payment data

Payments are processed by Stripe, Inc. We do not see or store your full card details. We receive payment confirmation data (status, amount, currency, plan, partial card info) required for accounting and customer service.

2.5. Breach monitoring data

Email addresses you add for breach monitoring are checked against third-party breach databases (Have I Been Pwned). Email addresses are stored as HMAC-SHA256 hashes in our database. Passwords entered for breach checks are never stored – only a partial hash is sent to the third-party API using k-anonymity.

2.6. Authentication data

If you sign in via Google, we receive your Google profile name, email address and profile picture URL. We do not receive your Google password.

2.7. Technical and usage data

IP address (stored as HMAC-SHA256 hash for security logs), device and browser information, session timestamps, page views, error diagnostics, cookies and similar identifiers necessary for website operation, security and analytics (subject to your consent choices).

3. Why we process data

We process your data for the following purposes:

  • Accepting and administering service orders (recovery, security setup, consultations)
  • Providing the requested services, including automated processing where applicable
  • Communicating with you about your case, order status, and support inquiries
  • Processing payments and fulfilling accounting, tax and legal obligations
  • Monitoring email addresses for data breaches (breach monitoring service)
  • Ensuring website and system security, preventing abuse and fraud
  • Improving service quality and performing internal analytics
  • Complying with legal requirements and resolving disputes

4. Legal bases

We process personal data only when we have a lawful basis under GDPR:

  • Contract performance (Art. 6(1)(b)) – processing necessary to provide the services you ordered or to take pre-contractual steps at your request.
  • Legal obligation (Art. 6(1)(c)) – accounting, tax, data retention requirements under applicable law.
  • Legitimate interest (Art. 6(1)(f)) – website and system security, abuse prevention, fraud detection, service improvement, dispute resolution. Our interest is balanced against your rights and freedoms.
  • Consent (Art. 6(1)(a)) – for non-essential cookies, analytics, and any marketing communications. You may withdraw consent at any time without affecting the lawfulness of prior processing.

5. Third-party recipients

We share data only as necessary for the stated purposes:

Stripe, Inc.

Payment processing, subscription management, fraud prevention. Stripe receives payment details, billing information and transaction metadata.

Have I Been Pwned (HIBP)

Breach monitoring. We send hashed email addresses and partial password hashes (k-anonymity model) to check for known data breaches. No plaintext passwords are transmitted.

OpenAI

Used in our automated recovery system to generate platform-appropriate support messages. Case-related data may be transmitted to OpenAI's API. OpenAI processes this data under their data processing terms and does not use API inputs for training.

Google (reCAPTCHA, OAuth, Analytics)

Google reCAPTCHA protects forms from abuse. Google OAuth enables sign-in. Google Analytics (with your consent) provides anonymous usage statistics.

Platforms (Meta, Google, etc.)

When providing recovery or security services, we may submit data to platform support channels on your behalf and with your authorisation.

Hosting and email infrastructure

Server hosting, database, and email delivery (SendGrid) providers operating under data processing agreements.

Legal and accounting

Legal counsel and accounting services when required by law or for dispute resolution.

We do not sell, rent or trade your personal data to third parties for marketing purposes.

6. Automated processing and AI

Our account recovery service uses an automated system that may: (a) fill platform appeal forms using data you provided, (b) generate support messages using AI (OpenAI), (c) submit requests to platform support channels, and (d) create action logs visible in your client portal. These automated actions serve contract performance and do not make legally significant decisions about you – final decisions on account access rest with the respective platforms.

You have the right to request human review of any automated processing that affects you. Contact us at info@relyshield.com.

7. International data transfers

Some of our service providers (Stripe, OpenAI, Google, SendGrid) are based in the United States or operate globally. Your data may be transferred outside the European Economic Area (EEA).

Where applicable, these transfers are protected by Standard Contractual Clauses (SCCs), adequacy decisions, or other GDPR-recognised mechanisms. By using our Services, you acknowledge that such transfers may occur as described in this Policy.

8. Data security

We implement reasonable technical and organisational measures: password hashing (bcrypt), HMAC-SHA256 hashing for IP addresses and monitored emails, HTTPS encryption, access control, session management, CSRF protection, rate limiting, and security audit logging.

No system is 100% secure. You are responsible for the security of your own devices, email account, and any credentials you share. We strongly recommend changing passwords and reviewing sessions after any service involving account access.

9. Data retention

We retain data only as long as necessary for the purposes or as required by law:

  • Service cases and correspondence: up to 24 months from the last action.
  • Accounting records (invoices, payment data): as required by law (typically 10 years).
  • Subscription data: during the subscription and up to 24 months after cancellation.
  • Login credentials (if provided): only as long as necessary for the service, then deleted.
  • Security audit logs: up to 24 months, unless needed for an ongoing investigation.
  • Breach monitoring data: hashed emails retained while monitoring is active; removed upon request or account deletion.

10. Your rights

Under GDPR and applicable data protection law, you have the right to:

  • Access – obtain information about what data we process and receive a copy.
  • Rectification – request correction of inaccurate or incomplete data.
  • Erasure – request deletion of your data (“right to be forgotten”) where applicable.
  • Restriction – request that we limit processing in certain circumstances.
  • Data portability – receive your data in a structured, machine-readable format.
  • Object – object to processing based on legitimate interest.
  • Withdraw consent – at any time without affecting prior processing.
  • Human review – request human review of automated processing decisions.
  • Complaint – lodge a complaint with the State Data Protection Inspectorate (Lithuania) or your local supervisory authority.

To exercise your rights, contact info@relyshield.com. We may verify your identity before processing your request. We respond within 30 days.

11. Account deletion and data export

You can request account deletion from your dashboard (Account → Privacy). Deletion requests have a 30-day cooling-off period during which you can cancel. After 30 days, your account and personal data are anonymised. Anonymisation is irreversible.

You can export your personal data from the dashboard at any time. Certain data (accounting records, security logs) may be retained as required by law even after account deletion.

12. Children's privacy

Our Services are not directed at persons under 16 years of age. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

13. Cookies

We use cookies and similar technologies as described in our Cookie Policy. You can manage your cookie preferences at any time via the cookie settings button on our website.

14. Changes to this Policy

We may update this Policy when our services, technology, or legal requirements change. The latest version is always available on the Website with the effective date shown above. Material changes will be communicated via website notice or email where appropriate.

15. Contact

For questions about this Policy or to exercise your data protection rights:

  • Data controller: Stanislovas Kalašnikovas
  • Email: info@relyshield.com
  • Website: relyshield.com