Overview
ShieldSync Enterprise (“ShieldSync,” “we,” “us”) is operated by ShieldSync Security Private Limited, whose tagline is “Empowering Cybersecurity Futures.” The platform lets an employer invite a candidate to complete a real, time-boxed cloud-security task, which the platform then auto-grades into a report for that employer. This policy covers the personal data we process to make that work, for both employer users and the candidates they invite.
Data we collect
For candidates invited to an assessment, we collect:
- Identity. Name and email address, provided to us by the employer who sends the invitation.
- A one-time passcode (OTP).Sent to the candidate's email to verify their identity before they can start the assessment, delivered via Amazon SES.
- Assessment activity.The candidate's actions and results during the task, a correctness score per objective, the time taken, and a short written “reflection” the candidate submits describing what they found and how they addressed it.
For employer users, we collect the information needed to create and manage an account — such as name, work email, and organization — and authenticate sign-in.
How we use it
We use this data only to operate the assessment workflow:
- Verifying a candidate's identity via OTP before granting access to the task.
- Provisioning and scoring the assessment, and compiling the results into a report for the inviting employer.
- Evaluating the candidate's written reflection. This may be processed by Google's Gemini API, on a tier where inputs are not used to train Google's models, to help assess the reflection's quality.
- Employer account authentication and platform administration.
We do not sell candidate or employer personal data, and we do not use candidate data for advertising.
How data is handled
- Employer and staff authentication is handled by Amazon Cognito.
- Each assessment runs inside a dedicated, isolated AWS account that is automatically wiped — every resource in it destroyed — once the assessment ends. Candidate work is not retained in that live environment.
- Assessment reports and results are stored in AWS (Amazon DynamoDB, us-east-1) with point-in-time backup enabled.
- Reports are accessed through private, unguessable secret links. They are not publicly listed or searchable, and are excluded from search-engine indexing.
Sub-processors
We rely on the following sub-processors to run the platform:
- Amazon Web Services (AWS)— compute and storage, transactional email (Amazon SES), and authentication (Amazon Cognito).
- Cloudflare— application hosting and content delivery.
- Google— the Gemini API, used to evaluate candidate reflections, on a no-training tier.
ShieldSync Enterprise is built on AWS and Cloudflare infrastructure and is designed with security best practices in mind.
Hosting & data transfer
The application itself runs on Cloudflare's global network. Assessment data processing and storage take place on AWS infrastructure in the us-east-1 (Northern Virginia, United States) region. If you or your candidates are located outside the United States, this means personal data is transferred to, and processed in, the United States as part of using the platform.
Retention & deletion
Assessment records are retained for up to 24 months from creation, after which they are deleted. A candidate or employer may request earlier deletion at any time by emailing privacy@shieldsyncsecurity.com.
Your rights
You may ask us to confirm what personal data we hold about you, correct inaccurate data, or delete your data (subject to the retention needs described above, such as an employer's legitimate need to keep a completed assessment report). To make a request, email privacy@shieldsyncsecurity.com. Because a candidate's assessment is requested by a prospective employer, candidates should also expect their employer contact to be involved in resolving data requests tied to a specific hiring process.
Security
We rely on AWS and Cloudflare's infrastructure controls, per-assessment account isolation, and unguessable, non-indexed report links as core parts of how we protect data. The platform is designed with security best practices in mind. If you believe you've found a security issue, see our security.txt or email security@shieldsyncsecurity.com.
Children's data
ShieldSync Enterprise is a hiring-assessment tool intended for use by employers and prospective job candidates. It is not directed at, and should not be used by, children.
Changes to this policy
We may update this policy as the platform evolves. We'll update the “Last updated” date above when we do. Material changes affecting active customer engagements will be communicated to the relevant employer contact.
Contact
General questions: info@shieldsyncsecurity.com. Privacy and data requests: privacy@shieldsyncsecurity.com. Security reports: security@shieldsyncsecurity.com. ShieldSync Security Private Limited.
See also our Terms of Service.