Social Protect / eShield Pty Ltd – Privacy Policy (Global Version)

Last updated: September 1, 2025

1. Introduction & Scope

Social Protect (operated by eShield Pty Ltd, “we”, “us”, or “our”) is committed to protecting your privacy and ensuring you have control over your personal data. This Privacy Policy describes how we collect, use, disclose, store, secure, and dispose of your personal information (or “personal data”) when you use our mobile app, website, services, or otherwise interact with us.

This policy applies to all users globally. However, depending on your location (for example, within Australia, the United Kingdom, the European Union / European Economic Area, or the United States), additional legal obligations or rights may apply. We have included supplementary sections below to address those jurisdiction-specific rules.

If there is any conflict between this global policy and a jurisdiction-specific supplement, the stricter requirement (from you as a data subject’s perspective) will generally prevail, unless otherwise prohibited.

By using our services, you consent to the practices described here. If you do not agree, please do not use our services.

2. What kinds of personal information do we collect?

We collect “Personal Information” (or “personal data”) meaning any information that identifies, or could reasonably be used to identify, a person. This may include:

  • Identity data: name, username, date of birth, gender, profile pictures.
  • Contact data: email address, postal address, telephone/mobile number.
  • Social media / online account data: user handles or identifiers, linked account tokens or content you grant us access to, usage metadata, posts, messages, comments (if you allow access).
  • Usage data: log data, IP address, device identifiers, operating system, version, technical data, connection data, browser type, pages visited, time stamps.
  • Sensitive data (where expressly permitted and with your consent): e.g. race or ethnicity, health, political opinions, criminal record, or other category data—only when strictly necessary for our services and subject to legal protections.
  • Aggregated or de-identified data: statistical or aggregated information derived from your personal data, from which you cannot be re-identified.

We may collect this data:

  • Directly from you (when you register, configure your account, fill in forms, provide content, or give consent).
  • From third parties (e.g. social media platforms you connect, analytics providers, public sources).
  • Automatically when you use our service (e.g. log files, cookies, device identifiers).

We endeavor to collect only the minimum personal information reasonably necessary to provide, maintain, and improve our services.

3. Why we collect and how we use personal information (Purpose & Legal Basis)

3.1 Purposes

We use your personal data for purposes including (but not limited to):

  • Operating, delivering, and maintaining the app and associated services
  • Identifying and analyzing instances of online abuse, harassment, or harmful content
  • Authenticating your account, preventing fraud or misuse, and ensuring security
  • Personalizing your experience, preferences, settings, and notifications
  • Customer support, responding to your inquiries or complaints
  • Communicating updates, changes, or promotional offers (where permitted)
  • Billing, invoicing, subscription management (if applicable)
  • Compliance with legal obligations, dispute resolution, enforcement of our Terms of Service
  • Aggregation, anonymization, or de-identification for reporting and analytics

3.2 Legal Basis (for UK / EU GDPR)

If you are in the UK or EU / EEA, we only process your personal data where at least one lawful basis applies:

  • Consent: you have given clear, freely given, informed consent for a particular processing (e.g. optional features or profiling).
  • Performance of a contract: processing is necessary to provide the services you requested (e.g. hosting your data, connecting social accounts).
  • Legal obligation: we have a legal duty (e.g. responding to lawful requests from law enforcement).
  • Vital interests: to protect someone’s life in a critical situation.
  • Public interest: when required by public policy or authority and allowed by law.
  • Legitimate interests: we have a legitimate purpose (e.g. improving security, preventing abuse), provided that such interests do not override your rights or freedoms.

We will always document which legal basis we rely upon, and we will inform you when your consent is the basis so you can withdraw it later.

4. Disclosure and sharing of personal information

We may disclose or share your personal data:

  • With service providers, contractors, or vendors who help us deliver the services (e.g. cloud hosting, analytics, payment processors).
  • With social media platforms or third-party providers if you opt to connect your accounts or share information.
  • With law enforcement, regulators, or government agencies where required by law or to protect rights, safety, or enforce our Terms.
  • In connection with a corporate transaction (merger, acquisition, sale) — subject to confidentiality protections.
  • In anonymised or aggregated form, where no individual can be re-identified.

We do not sell your personal information to third parties for their marketing purposes (unless you explicitly consent). If local law (e.g. in some US states) defines “sale” broadly, we will comply with any applicable opt-out requests.

5. International transfers of data

Because we operate globally, your personal data may be stored, accessed, or processed in countries outside your own, including in jurisdictions that may not have equivalent privacy protections.

  • In Australia, we adhere to the Australian Privacy Principles (APPs) under the Privacy Act 1988.
  • For transfers out of the UK / EU, we will ensure adequate safeguards, such as standard contractual clauses (SCCs), binding corporate rules, or other approved transfer mechanisms.
  • In the US or other jurisdictions, we’ll ensure that data importers implement appropriate protection measures consistent with applicable law.
  • Where necessary, we will inform you when your data is transferred and obtain additional consent (if applicable).

6. Data security, retention, and deletion

6.1 Security

We take reasonable technical, administrative, and physical measures to protect your personal data against loss, misuse, unauthorized access, alteration, or destruction. These may include encryption, access controls, pseudonymization, regular security audits, and staff training.

6.2 Retention

We retain your personal information only as long as needed for the purposes set out here or to satisfy legal, regulatory, tax, or reporting obligations. For instance, we may store client files and records for a minimum of 7 years in Australia (consistent with your prior policy).

After the retention period, we will securely delete, destroy, or de-identify your data.

6.3 Deletion / Erasure

You may request that we delete or erase your personal data (subject to applicable exceptions, e.g. legal obligations). After such a request, we will take reasonable steps to delete your account data unless required to keep certain data for audit, legal, or compliance reasons.

7. Your rights in different jurisdictions

7.1 Australian Rights

Under the Australian Privacy Act, you may request access to, correction of, or have us suppress your personal information. We do not charge for access but may impose administrative fees for copies. (Existing text.)

7.2 United Kingdom (UK GDPR & Data Protection Act 2018)

If you are in the UK, you have the following rights:

  • Right of access to your personal data
  • Right to rectification or erasure (“right to be forgotten”)
  • Right to restrict or object to processing
  • Right to data portability
  • Right to withdraw consent (where processing is based on consent)
  • Right to lodge a complaint with the UK data protection authority (the Information Commissioner’s Office, ICO)

We will respond to your request within one month (or, if appropriate, up to two months) unless a longer period is permitted under law.

7.3 European Union / EEA (GDPR)

If you are in the EU / EEA, analogous rights exist:

  • Right of access, correction, erasure
  • Right to restrict or object
  • Right to data portability
  • Right to withdraw consent
  • Right to lodge complaint with your local supervisory authority

We will respond to requests within one month (extendable by a further two months in complex cases), notifying you if an extension is needed.

If you believe our processing is unlawful, you also have the right to judicial remedy where permitted by law.

7.4 United States (State Privacy Laws like CCPA / CPRA)

If you are a resident of the US, you may have additional state-based rights (depending on your state). For example, under the California Consumer Privacy Act (CCPA / CPRA) you may have the right to:

  • Know the categories of personal data we have collected and disclosed, and the purposes
  • Request access to or deletion of your personal data
  • Opt out of the “sale” or “sharing” of your personal data (if applicable under your state law)
  • Not be discriminated against for exercising your privacy rights

To exercise these rights, contact us as instructed below. We will verify your identity and respond within the timeframes required by applicable state law (often within 45 days).

Note: Some rights may be limited by exemptions in state laws (e.g. for safety, fraud prevention, legal obligations).

8. Cookies, tracking & similar technologies

We and our third-party partners may use cookies, web beacons, pixel tags, analytics services, and similar technologies to collect usage data, usage patterns, and log data. We use these to:

  • Understand how you use our services
  • Monitor and improve performance, security, and user experience
  • Support analytics, diagnostics, fraud detection

You may disable or limit cookies via your browser settings or device settings, though this may reduce functionality or prevent you from using the service optimally.

We also may enable “do not track” signals, or partner with analytics providers who respect them.

9. Children & minors

Our services are not directed to, and we do not knowingly collect personal information from, children under the age of 16 (or higher minimum age if local law requires). If you believe we have collected data from a minor, contact us and we will promptly delete the data.

10. How to contact us / exercise your rights

If you have questions, complaints, or wish to exercise any rights described here (access, deletion, correction, objection, portability, etc.), please contact us:

Mail: PO Box 1003, Gungahlin ACT 2912, Australia
Email: info@socialprotect.ai

We may require verification of identity before processing your request. We will respond within the applicable legal timeframe for your jurisdiction.

If you remain unsatisfied, you may lodge a complaint with the relevant data protection authority (for example, OAIC in Australia, ICO in the UK, supervisory authority in your EU country, state privacy office in the US).

11. Changes to this privacy policy

We may revise or amend this policy from time to time. We will post updates on our website and indicate the “last updated” date. Where required by law, we will provide you notice (e.g. via email) of material changes.

12. Miscellaneous / other provisions

  • Severability: If any clause is held invalid, the remainder of the policy remains in effect.
  • Interpretation: Headings do not affect interpretation.
  • Third-party links: Our service may contain links to third-party sites; we are not responsible for their privacy practices.
  • International users: By using the service you consent to the cross-border transfer of your data consistent with this policy.