Privacy Policy

Effective date: April 15, 2026 · Last updated: April 15, 2026

CCOShield LLC ("CCOShield," "we," "us," or "our") operates the ccoshield.com website and the CCOShield compliance scanning platform (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our Service.

1. Information We Collect

Account and Contact Information

When you create an account or request a free scan, we collect your name, email address, organization name, website URL, and phone number (if provided). If you subscribe to a paid plan, we collect billing information through our payment processor (Stripe); we do not store your full credit card number.

Phone Number

If you provide your phone number during sign-up, a free scan request, or engagement onboarding, we collect it solely for the purpose of sending you SMS messages as described in Section 5 below. Providing your phone number is optional.

Usage Data

We automatically collect standard server logs including IP addresses, browser type, pages visited, and timestamps. We use this data to operate, maintain, and improve the Service.

Cookies

We use only essential cookies required for authentication and session management. We do not use third-party advertising or tracking cookies.

2. How We Use Your Information

• Provide, operate, and maintain the Service
• Deliver compliance scan results and findings reports
• Send transactional emails (account verification, alerts, digests)
• Send SMS notifications if you have opted in (see Section 5)
• Process payments and manage subscriptions
• Monitor for errors and improve Service reliability
• Respond to support requests

3. Third-Party Service Providers

We share information with the following categories of service providers, solely to operate the Service:

• Payment processing: Stripe (PCI-compliant payment processing)
• Email delivery: Postmark (transactional email)
• SMS delivery: Thrilled / Twilio (text message delivery)
• Cloud infrastructure: Amazon Web Services (hosting, database, file storage)
• Error monitoring: Sentry (application error tracking)

We do not sell, rent, or trade your personal information to any third party.

4. Data Retention

We retain your account data for as long as your account is active. If you cancel your subscription, your data is retained for 30 days to allow reactivation, after which it is permanently deleted upon request. Free scan data is automatically deleted after 30 days. You may request deletion of your data at any time by contacting us at support@ccoshield.com.

5. SMS/Text Messaging Policy

This section describes how CCOShield LLC uses SMS (text) messaging and applies to all users who opt in to receive text messages from us.

What Messages We Send

If you opt in, we may send you the following types of SMS messages:

• Compliance scan results and findings notifications
• Regulatory alerts relevant to your firm
• Engagement status updates
• Customer satisfaction surveys (NPS/CSAT)
• Account and service notifications

Message Frequency

Message frequency varies based on your account activity and regulatory developments. You can expect to receive no more than 10 messages per month.

Costs

Message and data rates may apply. CCOShield does not charge for SMS messages, but your mobile carrier's standard messaging rates apply.

How to Opt In

You may opt in to receive SMS messages from CCOShield by:

• Providing your phone number and checking the SMS consent box on our website at ccoshield.com
• Providing your phone number and verbal or written consent during an engagement onboarding call
• Texting START to our messaging number

By opting in, you confirm that you are the account holder or authorized user of the phone number provided and that you consent to receive SMS messages from CCOShield LLC at that number.

How to Opt Out

You can opt out of SMS messages at any time by:

• Replying STOP to any message from CCOShield
• Emailing support@ccoshield.com with your phone number and a request to unsubscribe

After opting out, you will receive a single confirmation message. You will not receive further SMS messages from us unless you opt in again.

Help

For help with our SMS program, reply HELP to any message or email support@ccoshield.com.

No Sharing of Phone Numbers

We will never sell, rent, or share your phone number with third parties for their marketing purposes. Your phone number is shared only with our SMS delivery provider (Thrilled / Twilio) solely for the purpose of delivering messages on our behalf.

Carriers

Carriers are not liable for delayed or undelivered messages. T-Mobile is not responsible for delayed or undelivered messages.

6. Data Security

We implement industry-standard security measures to protect your data, including:

• Encryption in transit (TLS/HTTPS) and at rest (AES-256 for database storage)
• Secure password hashing (PBKDF2 with SHA-256)
• HMAC-signed outgoing webhooks
• Org-scoped data isolation (each organization can only access its own data)
• Rate limiting on all public endpoints

7. Your Rights

All Users

You may access, update, or delete your account information at any time through your dashboard settings or by contacting us.

European Users (GDPR)

If you are in the European Economic Area, you have the right to access, rectify, erase, restrict processing of, and port your personal data. You also have the right to object to processing and to lodge a complaint with your local data protection authority. Our legal basis for processing is contract performance (to provide the Service) and legitimate interest (to improve the Service).

California Users (CCPA)

California residents have the right to know what personal information we collect, request deletion, and opt out of the sale of personal information. We do not sell personal information.

8. International Data Transfers

Your data is processed and stored in the United States (AWS us-east-1 region). By using the Service, you consent to the transfer of your data to the United States.

9. Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on the Service. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or our SMS messaging practices, please contact us at:

CCOShield LLC
Email: support@ccoshield.com