1. Introduction
SharpShield ("Company," "we," "us," or "our") is committed to protecting the privacy and security of all data processed through our platform. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our enterprise risk management services.
This policy applies to:
- Visitors to our website (sharpshield.io)
- Customers using our platform (app.sharpshield.io)
- Data processed on behalf of our customers (Data Processor role)
2. Definitions
"Customer" refers to the business entity that has entered into a service agreement with SharpShield. "End User" refers to the customers of our Customers (i.e., bettors whose data is analyzed by our platform). "Personal Data" means any information relating to an identified or identifiable natural person. "Processing" means any operation performed on Personal Data, including collection, storage, analysis, and deletion. "Controller" means the entity that determines the purposes and means of Processing Personal Data. "Processor" means the entity that Processes Personal Data on behalf of the Controller.3. Our Role in Data Processing
3.1 As Data Controller
SharpShield acts as the Data Controller for:
- Customer account information
- Customer employee/user data
- Website visitor data
- Marketing and communications data
3.2 As Data Processor
SharpShield acts as the Data Processor for:
- End User betting data submitted by Customers
- End User risk assessments
- Analytics and reports generated for Customers
When acting as a Processor, we process data solely according to Customer instructions and applicable law.
4. Information We Collect
4.1 Customer Account Data
When you register for SharpShield, we collect:
| Data Type | Purpose |
|---|---|
| Company name and address | Account setup, invoicing |
| Contact person name | Account management |
| Email address | Communications, authentication |
| Phone number | Support, verification |
| Billing information | Payment processing |
| User credentials | Platform access |
4.2 Platform Usage Data
We automatically collect:
- Login times and session duration
- Features accessed
- API usage statistics
- Configuration changes
- Audit logs
4.3 End User Data (Processed on Behalf of Customers)
Our Customers may submit the following End User data for analysis:
Required Data:- Player identifier (pseudonymized ID)
- Bet details (stake, odds, market, outcome)
- Timestamps
- Device fingerprint
- IP address (hashed)
- Session information
- Geographic region
- Real names
- Email addresses
- Physical addresses
- Payment card details
- Government ID numbers
- Sensitive personal data
4.4 Website Visitor Data
We collect through cookies and analytics:
- IP address
- Browser type and version
- Pages visited
- Referral source
- Device information
5. How We Use Information
5.1 Customer Data Usage
| Purpose | Legal Basis |
|---|---|
| Provide and maintain services | Contract performance |
| Process payments | Contract performance |
| Send service communications | Contract performance |
| Provide customer support | Legitimate interest |
| Improve our services | Legitimate interest |
| Send marketing (with consent) | Consent |
| Comply with legal obligations | Legal obligation |
5.2 End User Data Usage
We process End User data exclusively to:
- Generate risk scores and classifications
- Detect sharp betting patterns
- Identify syndicate connections
- Produce analytics reports
- Train and improve our ML models
We do not use End User data for:
- Marketing or advertising
- Sale to third parties
- Purposes beyond the Customer agreement
5.3 Aggregated and Anonymized Data
We may use aggregated, anonymized data for:
- Industry benchmarking
- Research and development
- Product improvement
- Statistical analysis
This data cannot be used to identify any individual.
6. Data Sharing and Disclosure
6.1 We Do Not Sell Data
SharpShield does not sell Personal Data to third parties under any circumstances.
6.2 Service Providers
We share data with trusted service providers who assist in operating our platform:
| Provider Type | Purpose | Data Shared |
|---|---|---|
| Cloud hosting | Infrastructure | All platform data (encrypted) |
| Payment processor | Billing | Customer payment info |
| Email service | Communications | Customer email addresses |
| Analytics | Product improvement | Aggregated usage data |
All service providers are bound by contractual obligations to protect data and are prohibited from using it for their own purposes.
6.3 Legal Requirements
We may disclose data when required to:
- Comply with legal process (subpoena, court order)
- Enforce our terms of service
- Protect rights, property, or safety
- Investigate potential violations
We will notify Customers of legal requests unless prohibited by law.
6.4 Business Transfers
In the event of a merger, acquisition, or asset sale, Personal Data may be transferred. We will notify affected parties and ensure the successor entity honors this Privacy Policy.
7. Data Security
7.1 Technical Measures
We implement industry-standard security measures:
- Encryption: AES-256 at rest, TLS 1.3 in transit
- Access Control: Role-based access, MFA required
- Network Security: Firewalls, DDoS protection, VPN
- Monitoring: 24/7 security monitoring, intrusion detection
- Backup: Encrypted backups, geographic redundancy
7.2 Organizational Measures
- Security awareness training for all employees
- Background checks for personnel with data access
- Incident response procedures
- Regular security audits and penetration testing
- Vendor security assessments
7.3 Certifications
SharpShield maintains:
- SOC 2 Type II compliance
- ISO 27001 certification (in progress)
- GDPR compliance verification
See our Security Policy for detailed information.
8. Data Retention
8.1 Retention Periods
| Data Type | Retention Period |
|---|---|
| Customer account data | Duration of agreement + 7 years |
| Platform usage logs | 2 years |
| End User betting data | As specified by Customer (default: 3 years) |
| Risk assessments | As specified by Customer (default: 3 years) |
| Audit logs | 7 years |
| Marketing data | Until consent withdrawn |
8.2 Deletion
Upon Customer request or contract termination:
- End User data deleted within 30 days
- Customer account data retained as required by law
- Anonymized/aggregated data may be retained indefinitely
9. International Data Transfers
9.1 Processing Locations
Primary data processing occurs in:
- European Union (Frankfurt, Germany)
- Backup: European Union (Amsterdam, Netherlands)
9.2 Transfer Mechanisms
For transfers outside the EEA, we use:
- Standard Contractual Clauses (SCCs)
- Adequacy decisions where applicable
- Supplementary measures as required
9.3 EU-US Data Privacy Framework
We are committed to complying with applicable data transfer frameworks as they evolve.
10. Your Rights
10.1 Customer Rights
As a Customer, you have the right to:
| Right | Description |
|---|---|
| Access | Request a copy of your data |
| Rectification | Correct inaccurate data |
| Erasure | Request deletion of data |
| Portability | Receive data in machine-readable format |
| Object | Object to certain processing |
| Withdraw consent | Revoke previously given consent |
To exercise these rights, contact privacy@sharpshield.io.
10.2 End User Rights
End Users should contact our Customer (your betting operator) to exercise data rights. As a Processor, we will assist Customers in responding to such requests.
11. Cookies and Tracking
11.1 Cookie Types
| Category | Purpose | Cookie Name | Duration |
|---|---|---|---|
| Essential | Platform functionality | Session ID, CSRF token | Session |
| Functional | User preferences | language, cookieConsent, cookiePreferences | 1 year |
| Analytics | Usage statistics | _ga, _ga_TD775DEF60 | 2 years |
| Marketing | Advertising (website only) | _gcl_au | 90 days |
11.2 Google Analytics
We use Google Analytics 4 (GA4) to understand how visitors interact with our website. GA4 collects:
- Pages visited and time spent
- Referral source (how you found us)
- Device and browser information
- Geographic region (country/city level)
We have configured GA4 with privacy-enhancing settings:
- IP Anonymization: Your IP address is anonymized before storage
- Consent Required: GA4 only loads after you accept analytics cookies
- No Cross-Site Tracking: We do not enable Google Signals or advertising features
For more information, see Google's Privacy Policy.
11.3 Cookie Management
You can manage your cookie preferences at any time:
- Reset Cookie Preferences
- Use our cookie consent banner on the homepage
- Adjust settings in your browser
Essential and functional cookies cannot be disabled as they are necessary for basic website operation and remembering your preferences.
12. Children's Privacy
SharpShield services are designed for business use only. We do not knowingly collect data from individuals under 18 years of age. Our Customers are responsible for ensuring End Users meet legal gambling age requirements.
13. Changes to This Policy
We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will:
- Post the updated policy on our website
- Update the "Last Updated" date
- Notify Customers of material changes via email
- Provide 30 days' notice for significant changes
14. Contact Us
For privacy-related inquiries:
Data Protection OfficerSharpShield Email: privacy@sharpshield.io
EU Representative[To be appointed if required]
Supervisory AuthorityYou have the right to lodge a complaint with your local data protection authority.
15. Additional Information for Specific Jurisdictions
15.1 European Economic Area (EEA)
See our GDPR Policy for detailed information on EEA data subject rights.
15.2 United Kingdom
Post-Brexit, we comply with the UK GDPR and Data Protection Act 2018.
15.3 California (CCPA/CPRA)
California residents have additional rights under the CCPA/CPRA. SharpShield does not sell Personal Information. For CCPA requests, contact privacy@sharpshield.io.
© 2025 SharpShield. All rights reserved.