OpenShield
./targets./providers./bounties./roadmap./transparencyLog inDEPLOY →

Privacy Policy

We collect the sender domain and structured metadata extracted from the email headers you choose to report: SPF/DKIM/DMARC results, the sending IP, and a hash of the raw headers for de-duplication.

We do NOT store raw email headers or any message body. Raw headers are parsed and immediately discarded.

Authentication is handled by Supabase using a magic link (Google sign-in is coming soon). We never see your email password.

We do not sell data or run third-party trackers.

You can permanently delete your account and everything tied to it at any time from your supporter portal. Deletion cascades immediately to your reports, votes, pledges, and claims — no support request needed.