Privacy Policy

Privacy, without the legal maze.

Cybershield VPN provides traffic protection and security insights designed for iOS with privacy-first principles.

Plain-English summary

We provide VPN traffic protection and security insights with minimal data handling. We do not inspect your content or track your browsing.

Who we are (Data Controller)

Cybershield is a UK-based service. Contact: privacy@cybershield.io.

What data we collect

We collect only what is needed to deliver the service.

  • No account or login data (Cybershield does not operate user accounts).
  • Cybershield does not use device fingerprinting, cross-app tracking, or techniques intended to uniquely identify users across sessions.
  • Subscription status via Apple.
  • App functionality signals (on-device where possible).
  • Support messages if you contact us.
  • Optional diagnostic data, only if you choose to share it (e.g. when contacting support).

No accounts or user logins

Cybershield does not require user accounts, usernames, passwords, or profile creation.

We do not operate a login system and do not collect account identifiers, credentials, or persistent user IDs.

Subscription status is managed by Apple via the App Store. Cybershield does not receive personal account information from Apple beyond confirmation of an active subscription.

Because Cybershield does not use accounts, VPN usage and security activity are not designed to be associated with an identifiable individual.

What we do not collect

  • No browsing history.
  • No DNS queries.
  • No VPN traffic content.
  • No calls, messages, emails, or photos.
  • No advertising identifiers.
  • No third-party trackers.

Lawful bases for processing

We rely on the following GDPR bases:

  • Contract: to provide VPN and OneScan features.
  • Legitimate interests: security, abuse prevention, and service reliability.
  • Consent: optional diagnostics or marketing if added later.

VPN no-logs statement (precise)

  • We do not log browsing history, DNS queries, or traffic content.
  • Server infrastructure is designed to minimise retained metadata.
  • Limited operational metrics may exist for reliability (non-identifying).
  • As Cybershield does not use user accounts, VPN activity cannot be linked to an individual user.

No content inspection

Cybershield does not inspect, monitor, log, store, or analyse the content of your internet traffic, including websites visited, DNS queries, communications, files, or application data.

Network traffic is encrypted in transit and handled solely for the purpose of providing VPN connectivity and security features.

AI and automated analysis

Cybershield uses automated systems and AI-assisted analysis solely for risk scoring and security insights. AI features do not perform content inspection, behavioural profiling, advertising tracking, or decision-making that produces legal or similarly significant effects on users.

Signals are network-level and device-posture based, with clear visibility notes when iOS limits what can be verified.

OneScan™ combines network-level signals, device security posture, and visibility checks into a single security overview; some checks are informational and depend on network and iOS visibility.

Platform limitations

Cybershield operates within the technical and privacy constraints imposed by Apple's iOS platform. Certain device-level or system-level data may not be accessible due to iOS restrictions. Cybershield does not bypass, weaken, or attempt to circumvent platform security controls.

Local network scans identify devices and services visible on the same network as your device; results are processed on-device where possible and are not linked to user identity.

Data retention

  • Support emails: retained up to 24 months.
  • Optional diagnostics: retained up to 30 days.
  • Aggregated metrics: retained longer in non-identifying form.

Processors / third parties

  • Apple (subscriptions and billing).
  • Infrastructure hosting providers for VPN servers.
  • VPN server infrastructure is operated using reputable hosting providers under contractual and security safeguards appropriate for privacy-focused services.
  • Email provider for support communication.
  • We do not share identifiable browsing data with threat intelligence providers.
  • Security risk indicators may be evaluated using curated heuristics and non-identifying threat intelligence signals; we do not transmit identifiable browsing data to third-party threat databases.

International transfers

VPN servers may be located in multiple regions. We use safeguards appropriate for cross-border transfers and minimise transferred data.

Security safeguards

We implement appropriate technical and organisational measures to protect personal data, including encryption in transit, access controls, and minimisation of data collection. However, no system can be guaranteed to be 100% secure.

Cybershield provides security insights and tools, not guarantees of protection or anonymity.

Your rights

  • Access, correction, deletion, and portability.
  • Object to processing or request restriction.
  • Complain to the UK ICO if needed.

Children

Cybershield is not directed at children under 13 and does not knowingly collect personal data from children.

Cookies

No analytics cookies, tracking scripts, or advertising identifiers are used on cybershield.io.

Changes and last updated

We may update this Privacy Policy from time to time. Material changes will be reflected by updating the “Last updated” date. Continued use of Cybershield after changes become effective constitutes acceptance of the updated policy.

Last updated: 2026-01-11.

Contact

Email: privacy@cybershield.io

Cybershield acts as the data controller for personal data processed under this policy.