NeoShield Security logo NeoShield Security Quantum X

// privacy

Privacy notice

This is a self-hosted platform. “We” means the operator who deployed NeoShieldSecurity QUANTUM X on their own server. This notice explains, in plain language, what the platform collects, why, who it shares data with, how long it keeps it, and the choices you have. Our design principle is least-data: we hold the minimum that still makes a feature work, and inputs to offline analyzers are processed in memory and never stored.

Quick summary

Who is responsible for your data

For your account, purchases, and general use of the site, the operator is the data controller. For the SOC Console (a Team feature), the workspace owner is the controller of the log data and assets they ingest, and this platform acts as a processor that stores and analyses that data on their behalf, isolated per workspace.

What we store

When the optional database is enabled, the records above are stored in equivalent MariaDB tables (for example pro_users, team_users, pack_balances, donations, soc_log_events, academy_progress) instead of JSON files. The information held is the same.

What we never store

Cookies, advertising & analytics

Functional cookie (first-party). We set a single session cookie, NSS_SID, to keep you signed in. It is HttpOnly, SameSite=Strict, marked Secure over HTTPS, expires when your session ends, and times out when idle. It is not used for advertising or cross-site tracking.

Advertising (third-party). The site loads Google AdSense, which may set its own cookies and use device identifiers to show and measure ads. Google may use this data per its own policies. You can manage or opt out of personalised ads at Google’s Ads Settings and via aboutads.info, and you can control cookies in your browser.

Google’s handling of ad and analytics data is governed by the Google Privacy Policy. Third-party cookies are set by Google, not by us.

AI processing (Anthropic Claude)

Several features are powered by the Anthropic Claude API: drafting a tool, the AI SOC Copilot, the Phishing Email Analyzer, the AI Code Reviewer, the AI Security Consultant, the SOC “ask the analyst” feature, and AI-assisted vulnerability scanning. When you use them, the text you submit (for example a pasted email, a code snippet, a log excerpt, or your question) is sent to Anthropic to generate the response. We send only the content needed for that request; your account email and IP are not included. The content is processed in memory to produce your result and is not stored by this platform. Review Anthropic’s privacy policy for how they handle API requests.

Exposure & breach checks

The Exposure Check helps you find out whether a password or email appears in known breaches. Password checks use the Have I Been Pwned Pwned Passwords range API with k-anonymity, so your password and its full hash never leave the server. Email breach lookups are optional and only performed when the operator has configured a provider key; in that case the email address you enter is sent to that provider to perform the lookup. We don’t store the results against your account.

Plans, payments & donations

Paid plans (Pro, Team, Founder), add-on packs, and donations are processed by Stripe using Stripe Checkout. Card details are entered on Stripe’s own hosted page and never touch this server. We store only the Stripe checkout session id, the amount and currency, the payment status, and the email associated with the purchase — used to apply your entitlement and reconcile payments. We never receive or store card numbers. See Stripe’s privacy policy.

If you make a qualifying donation (¥1,000 or more), we use the email you are signed in with — or, if you are not signed in, the email you give Stripe for your receipt — to grant a time-boxed Pro window as a thank-you. Donations below the threshold are recorded for accounting but grant no access.

Emails & communications

Sign-in codes are delivered by email using the server’s mail configuration (PHP mail() or SMTP) and contain only the 6-digit code and its expiry — no tracking pixels. If you opt into the daily threat briefing, we send it to your email; every briefing includes a one-click unsubscribe link, and you can resubscribe at any time. Account and transactional emails (such as receipts or important security notices) may still be sent while your account is active.

How long we keep it

Your rights & choices

International transfers

Some processors we rely on — Anthropic, Stripe, and Google — operate in the United States and other countries. Using those features may involve transferring the relevant data to those providers, who handle it under their own privacy terms linked above.

Children

This platform is intended for security professionals and learners and is not directed to children under 16. We don’t knowingly collect data from children. If you believe a child has provided data, contact us and we’ll remove it.

How we protect your data

We assume breach and minimise what we retain. Protections include AES-256-GCM encryption and argon2id hashing where applicable, prepared statements, CSRF protection on every form, SSRF guards on outbound requests, a strict Content-Security-Policy and security headers, a hardened HttpOnly/SameSite=Strict session cookie with idle timeout, and the rule that no AI-authored code is ever executed on the server. No method is perfectly secure, but the platform is built to be auditable rather than trusted on faith.

Changes to this notice

We may update this notice as the platform evolves. Material changes will be reflected here with a new date below.

Last updated: July 2026.

← Home Security Contact