SilentShield

Privacy Policy – SilentShield.io

Last updated: March 19, 2026

1. Controller

The controller responsible for data processing in the context of this online service is:

Forge12 Interactive GmbH
Josefstr. 37, 78166 Donaueschingen, Germany
Email: [email protected]
Phone: +49 771 175 14272

2. General Information on Data Processing

We process personal data exclusively in accordance with the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and other applicable data protection regulations.

Processing only takes place to the extent necessary for the provision of our services, ensuring IT security, fulfilling contractual obligations, or complying with legal requirements.

3. Role within SilentShield.io

Insofar as we process personal data on behalf of our customers within SilentShield.io, this is done as a data processor in accordance with Art. 28 GDPR.

In these cases, responsibility for data processing lies with the respective customer (e.g., website operator).

Processing is carried out exclusively on the basis of a separate data processing agreement (DPA).

4. Purposes and Legal Bases of Processing

4.1 Provision and Security of Services

When using SilentShield.io, technical access data is processed in order to:

  • Detect and prevent attacks (e.g., bots, spam, DDoS)
  • Prevent misuse
  • Ensure the stability and security of the systems

In particular, the following data is processed:

  • IP address
  • Browser and device information
  • HTTP header data
  • Time and content of requests
  • Interaction and behavioral data

Automated analysis methods are used to detect attacks by evaluating access patterns. In this context, automated decisions may be made (e.g., blocking requests) insofar as this is necessary for system security.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in IT security and functionality)

4.2 Contractual Services

We process personal data for the initiation, execution, and fulfillment of contractual relationships.

  • Master data (name, company, address)
  • Contact data (email, phone number)
  • Contract and billing data

Legal basis: Art. 6(1)(b) GDPR

4.3 Communication and Support

When you contact us (e.g., by email, ticket system, or phone), we process the transmitted data to handle the inquiry.

Legal basis: Art. 6(1)(b) GDPR (contract), Art. 6(1)(f) GDPR (efficient communication)

4.4 References and Corporate Presentation

The use of company names or logos is carried out exclusively on the basis of express consent or an individual contractual agreement.

5. Categories of Processed Data

We process the following categories of data in particular:

  • Master data
  • Contact data
  • Contract and payment data
  • Technical access data (e.g., IP address, log files)
  • Usage and interaction data within SilentShield

6. Recipients of Data

6.1 Internal Recipients

Access is granted exclusively to employees involved in operations, support, billing, or IT security.

6.2 External Service Providers

We use selected service providers, in particular:

  • Hosting providers
  • IT and security service providers
  • Payment service providers

Where necessary, processing takes place within the framework of data processing agreements pursuant to Art. 28 GDPR.

6.3 Use of Cloudflare

We use the service Cloudflare (Cloudflare, Inc., USA) as a Content Delivery Network (CDN), reverse proxy, and security service (e.g., WAF, DDoS protection).

Data traffic is routed through Cloudflare's infrastructure. In particular, the following data may be processed.

  • IP address
  • HTTP header information
  • Browser and device information
  • Access data and log files

Purpose: Security, performance, and availability of our services. Legal basis: Art. 6(1)(f) GDPR

Cloudflare may transfer data to third countries (in particular the USA).

Cloudflare is certified under the EU-US Data Privacy Framework. In addition, standard contractual clauses pursuant to Art. 46 GDPR are used.

7. Data Transfer to Third Countries

Personal data is only transferred to third countries if:

  • An adequacy decision (Art. 45 GDPR) exists
  • Appropriate safeguards (Art. 46 GDPR), in particular standard contractual clauses, are in place

8. Retention Period

We store personal data only for as long as necessary for the respective purposes:

  • Contract and billing data: 6 to 10 years (statutory retention obligations)
  • Communication data: until final processing is completed
  • Technical access data: generally a maximum of 14 days, unless security-relevant events require longer retention

9. Rights of Data Subjects

Data subjects have the following rights:

  • Access (Art. 15 GDPR)
  • Rectification (Art. 16 GDPR)
  • Erasure (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Objection (Art. 21 GDPR)

In addition, there is a right to lodge a complaint with a data protection supervisory authority.

10. Competent Supervisory Authority

The State Commissioner for Data Protection and Freedom of Information of Baden-Württemberg

11. Data Security

We implement appropriate technical and organizational measures (TOMs) to protect personal data. These include in particular:

  • Encryption (TLS/SSL)
  • Access controls
  • Monitoring and security audits

12. Changes to this Privacy Policy

We reserve the right to amend this privacy policy to adapt it to changed legal requirements or technical developments.

The current version is available at any time on our website.