How Shokan Security collects, uses, and protects your information.
Account Information
When you register for Shokan Security, we collect your name, email address, company name, and billing information. This information is required to create and manage your account.
Usage Data
We collect data about how you use the Service, including the number of policy evaluations, agent runs, API requests, and timestamps of those requests. This data is used to calculate your bill and improve the Service.
Agent Telemetry
To provide intent orchestration and access control, Shokan processes metadata about agent actions submitted to our evaluation API — including tool names, resource identifiers, and policy outcomes. We do not store the underlying content of agent-generated text or LLM prompts.
Log Data
Our servers automatically record requests to the Service, including IP address, browser or SDK version, request timestamps, and HTTP response codes.
Cookies and Tracking
We use cookies and similar technologies solely for session management and authentication. We do not use third-party advertising cookies.
Providing the Service
We use your information to operate the Shokan platform, authenticate requests, enforce policies, generate audit logs, and present usage dashboards.
Billing
Usage data is used to compute your monthly bill based on the number of policy evaluations and agent runs attributed to your account.
Security and Fraud Prevention
We analyze log data and usage patterns to detect abnormal activity, prevent abuse, and protect the integrity of the Service.
Product Improvement
We may use aggregated, de-identified usage data to analyze trends, optimize performance, and inform product development decisions. We do not use your agent telemetry to train third-party AI models.
Communications
We use your email address to send transactional notifications (billing receipts, usage alerts, security notices) and, with your consent, product announcements. You may opt out of marketing emails at any time.
Service Providers
We share data with third-party vendors who process it on our behalf, including payment processors, cloud infrastructure providers, and monitoring services. These vendors are contractually required to protect your data and may not use it for their own purposes.
Legal Requirements
We may disclose your information if required by law, subpoena, or other legal process, or if we believe disclosure is necessary to protect the rights, property, or safety of Shokan Security, our customers, or the public.
Business Transfers
If Shokan Security is acquired or merges with another company, your information may be transferred as part of that transaction. We will notify you via email or a prominent notice on the Service before your data becomes subject to a different privacy policy.
No Sale of Data
We do not sell, rent, or trade your personal information or agent telemetry to third parties for their marketing or commercial purposes.
Account Data
We retain account and billing records for as long as your account is active and for a period thereafter as required for legal and financial compliance (typically seven years).
Agent Telemetry and Audit Logs
Policy evaluation records and agent run audit logs are retained for 90 days by default. Enterprise customers may configure longer retention periods within the platform.
Deletion
Upon account termination, we will delete or anonymize your personal data within 30 days, except where retention is required by law or legitimate business interest.
Technical Safeguards
All data is encrypted in transit using TLS 1.2 or higher and at rest using AES-256 encryption. Access to production systems is limited to authorized personnel and is protected by multi-factor authentication.
Incident Response
In the event of a data breach that affects your personal information, we will notify you without undue delay and no later than 72 hours after becoming aware of the breach, consistent with applicable law.
Access and Portability
You may request a copy of the personal information we hold about you, including your account data and usage history, in a portable format.
Correction
You may update your account information at any time through the platform settings or by contacting us.
Deletion
You may request deletion of your personal information. We will honor such requests subject to our data retention obligations.
Objection and Restriction
Where we process your data on the basis of legitimate interests, you may object to or request restriction of that processing. We will cease or restrict processing unless we have compelling legitimate grounds that override your interests.
California Residents
California residents have rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information is collected, the right to delete personal information, and the right to opt out of the sale of personal information (we do not sell personal information). To exercise your rights, contact us at the address below.
Shokan Security is headquartered in the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States, which may have different data protection laws than your country. Where required by applicable law, we implement appropriate safeguards for cross-border transfers, including standard contractual clauses approved by the European Commission.
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by prominently posting a notice on the Service at least 30 days before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.
For privacy-related questions, data subject requests, or to report a concern, please contact Shokan Security, Inc. by scheduling a call with our founders at cal.com/alanhou/15min.