Privacy Policy
Last updated: April 2026
Effective date: April 2026
1. Who we are
This Privacy Policy describes how Mayhem Shield LLC ("Mayhem Shield," "we," "us," or "our") collects, uses, discloses, and protects personal information when you visit mayhemshield.com (the "Site") or otherwise interact with us in connection with our professional services marketing and pre-engagement communications.
Mayhem Shield LLC is the data controller for personal information processed through the Site and for routine business contact inquiries, subject to the roles described below where we process data solely on behalf of a client under a services agreement.
Privacy inquiries: privacy@mayhemshield.com. General contact: info@mayhemshield.com.
2. Scope
This policy applies to information collected through the Site, email, scheduling tools linked from the Site, and similar pre-contractual channels. If you become a Mayhem Shield client, a separate engagement agreement, statement of work, and any applicable data processing addendum will govern how we handle personal information and confidential information for that engagement.
We do not intentionally collect sensitive categories of personal information through the Site (for example, health information, government identifiers, or biometric data). Please do not submit such information through the contact form unless we explicitly request it under a defined secure process.
3. Legal bases for processing (EEA, UK, CH)
Where the EU/UK General Data Protection Regulation or similar laws apply, we rely on one or more of the following legal bases:
- Legitimate interests. Operating the Site, responding to inquiries, securing our systems, understanding aggregate Site usage, and developing our business in a way that is proportionate and respects your rights.
- Pre-contractual steps. Processing contact details and messages you provide when you ask about services, request a proposal, or schedule a discovery call.
- Consent. Where we ask for consent (for example, for certain cookies or marketing communications where required), you may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
- Legal obligation. Where we must retain or disclose information to comply with law, regulation, or valid legal process.
4. Information we collect
Information you provide. When you submit the contact form, we collect your name, business email address, company name, optional AI tool name, service interest selection, and message content. If you email us directly, we collect the contents of your email and associated metadata (such as headers and timestamps).
Scheduling information. If you book a meeting through Calendly, Calendly processes the information you provide according to its own privacy notice. We receive meeting details needed to hold the appointment (for example, name, email, and time slot).
Technical and usage data. Our hosting and analytics providers may process IP address, device and browser type, general geographic region derived from IP, pages viewed, and similar diagnostic data. Vercel Analytics is configured for privacy-friendly, aggregated measurement as described in our cookie section.
We do not use the Site to knowingly collect personal information from children under 16, and the Site is not directed to children.
5. How we use information
We use personal information to:
- Respond to inquiries and schedule calls
- Prepare proposals, scopes, and pre-engagement materials when you request them
- Operate, secure, and improve the Site and our infrastructure
- Comply with law, enforce our terms, and protect rights and safety
- Maintain business records consistent with our retention schedule
We do not sell your personal information and we do not share it with third parties for their own marketing purposes.
6. Data retention
Unless a longer period is required by law or necessary to resolve disputes, we retain personal information collected through the Site and routine business inquiries for twelve (12) months after our last substantive interaction with you, after which we delete or anonymize it where feasible.
Security and infrastructure logs may be retained for shorter or longer periods depending on system design and legal requirements, typically on a rolling basis tied to detection and incident response needs.
7. Sub-processors
We use the following categories of service providers (sub-processors) who process personal information on our behalf to operate the Site and communications stack:
| Sub-processor | Role | Typical data |
|---|---|---|
| Vercel Inc. | Site hosting, edge delivery, analytics | Technical logs, aggregated usage metrics, IP-derived region |
| Resend Inc. | Transactional email delivery | Name, email, company, message content from contact submissions |
| Calendly LLC | Meeting scheduling (when enabled) | Scheduling details you submit in the booking flow |
We enter into data processing terms with vendors where appropriate. A current list of sub-processors is maintained in this policy and may be updated periodically; material changes will be reflected in the "Last updated" date above.
8. International transfers
Mayhem Shield is based in the United States. If you access the Site from the European Economic Area, United Kingdom, or Switzerland, your information may be transferred to the United States and other countries that may not be deemed to provide an adequate level of data protection by your local authority.
Where required, we implement appropriate safeguards such as the EU Commission Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum, or equivalent mechanisms approved under applicable law.
In limited cases, we may rely on derogations under GDPR Article 49(1)(b) for transfers necessary for pre-contractual measures taken at your request (for example, responding to a specific services inquiry that requires U.S.-based personnel to participate).
9. Cookies and similar technologies
We use cookies and similar technologies only as needed to operate the Site and measure performance. Vercel Analytics is designed to collect aggregated, privacy-oriented metrics without using cookies for visitors in many configurations; where cookies or local storage are used, they support core functionality or measurement consistent with Vercel's documentation.
You can control cookies through your browser settings. Blocking certain cookies may affect Site functionality.
10. Security
We implement administrative, technical, and organizational measures appropriate to the risk, including access controls, encryption in transit for the Site (HTTPS), secure configuration of cloud services, and vendor diligence for processors such as Vercel, Resend, and Calendly.
No method of transmission or storage is completely secure. If you believe your interaction with us has been compromised, contact us promptly at privacy@mayhemshield.com.
11. Your rights (GDPR / UK GDPR)
Depending on your location and subject to applicable law, you may have the right to:
- Access the personal information we hold about you
- Rectify inaccurate or incomplete information
- Eraseinformation in certain circumstances ("right to be forgotten")
- Restrict processing in certain circumstances
- Data portability for information you provided where processing is based on consent or contract and is carried out by automated means
- Object to processing based on legitimate interests, including profiling in permitted cases
- Withdraw consent where processing is based on consent
- Lodge a complaint with a supervisory authority in your country of residence, place of work, or place of an alleged infringement
To exercise these rights, email privacy@mayhemshield.com. We may need to verify your request and will respond within the timeframe required by law.
12. California privacy rights (CCPA / CPRA)
If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the CPRA, may apply to certain personal information we collect. We do not sell or share personal information as those terms are defined under California law, and we do not use or disclose sensitive personal information for inferring characteristics in a way that would trigger opt-out rights beyond what is permitted for reasonable business purposes.
California residents may have the right to:
- Know what personal information we collect, use, disclose, and retain
- Delete personal information, subject to exceptions
- Correct inaccurate personal information
- Non-discrimination for exercising privacy rights
Submit requests to privacy@mayhemshield.com. We will verify your request in line with applicable law. You may designate an authorized agent with written permission, subject to verification requirements.
13. Other U.S. state privacy laws
Residents of certain other U.S. states may have similar rights to access, delete, correct, or opt out of certain processing. Where a state law applies and grants you a right we do not already honor through this policy, you may contact us at privacy@mayhemshield.com and we will respond in accordance with applicable law.
We do not engage in profiling that produces legal or similarly significant effects solely through the Site in a manner that would trigger opt-out rights beyond standard analytics.
14. Disclosures required by law
We may disclose personal information if required to do so by law, subpoena, court order, or government request, or if we believe disclosure is necessary to protect the rights, property, or safety of Mayhem Shield, our clients, or the public, subject to applicable legal limitations.
15. Links to third-party sites
The Site may link to third-party websites (including Calendly and the Mayhem Shield Framework on GitHub). Their privacy practices are governed by their own policies. We encourage you to read those policies before submitting personal information.
16. Changes to this policy
We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date above. If changes are material, we will provide additional notice as required by law (for example, a banner on the Site or direct communication).
17. Contact
Mayhem Shield LLC, privacy contact: privacy@mayhemshield.com
General inquiries: info@mayhemshield.com