Back to Dashboard

Klyra Shield Privacy Policy

Last updated: 31 March 2026

1. Who we are

Klyra Labs Ltd ("Klyra", "we", "us") is the data controller for Klyra Shield.

Contact: hello@klyralabs.com

2. What Klyra Shield does

Klyra Shield is a browser extension and dashboard that helps organisations monitor and control what data is sent to AI platforms. The extension scans text locally in the browser before submission and blocks sensitive data based on configured rules.

3. What data we collect

Extension users

  • Name and email address (provided during connection)
  • Device and browser identifiers
  • Metadata about AI platform usage (platform visited, timestamp, whether content was blocked or flagged)
  • Detection event summaries (category of sensitive data detected, e.g. "NHS number detected")

We do not collect or store the actual content of prompts. Scanning happens locally in the browser.

Dashboard administrators

  • Name, email address, password (hashed)
  • Organisation name and industry
  • Billing information (processed by Stripe)

4. Why we collect it

  • To provide the Shield service (monitoring, blocking, reporting)
  • To manage user accounts and subscriptions
  • To generate audit reports for compliance purposes
  • To improve the product

5. Where data is stored

  • Database: Supabase, hosted in West EU (Ireland)
  • Application hosting: Vercel, EU region
  • Payments: Stripe (EU/UK)
  • Transactional email: Resend (USA, with Standard Contractual Clauses)

6. How long we keep it

Activity logs are retained for 1 year from the date of the event. Account data is retained while the account is active and deleted within 90 days of account closure. Organisations can request earlier deletion by contacting us.

7. Who we share data with

We do not sell data. We share data only with:

  • Infrastructure providers listed above (as data processors)
  • Law enforcement if legally required

For organisations using Klyra Shield via a Managed Service Provider (MSP), the MSP may have access to activity data for the organisations they manage.

8. Your rights

Under UK GDPR, you have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion
  • Object to processing
  • Data portability

Contact hello@klyralabs.com to exercise these rights.

9. Cookies

The dashboard uses essential cookies for authentication. We do not use tracking or advertising cookies.

10. Changes

We may update this policy. Significant changes will be communicated via email or dashboard notification.

Back to Dashboard