Data Sovereignty & Encryption Protocol | Last Updated: May 2024
At ShyFormation, our name defines our core architectural principle. We believe that identity should be "Shy"—present when needed for verification, but invisible to those who do not require access to your personal life. This Privacy Policy outlines our commitment to ensuring that your data remains your property, stored within our highly secured private databases and never utilized as a commodity for exchange or sale.
We only collect the absolute minimum data required to establish a unique human identity. This includes your name, business metrics, and profession. Unlike traditional authentication providers, we do not track your browsing habits, your physical location via GPS, or your social connections. The data we collect is used solely to generate your Shy Security User Identification (SSUID).
ZERO DATA SHARING WITH THIRD-PARTY APPLICATIONS DURING HANDSHAKES
The most critical aspect of our privacy protocol is how we handle external authorizations (e.g., logging into a merchant site like Zomato). Traditional SSO (Single Sign-On) providers often share your email, profile picture, and friend list with the requesting application. ShyFormation does NOT.
When you authorize a third-party application, our server performs a "Zero-Knowledge Handshake." We confirm to the merchant that "This is a verified human user," and we provide them with your SSUID. That is all. Your profession, business size, and personal metrics remain within our private database. The merchant never sees the data you used to create your identity.
Your data is stored in a partitioned, encrypted private database environment. We utilize industry-standard Transport Layer Security (TLS) for all data in transit and AES-256 encryption for data at rest. Our infrastructure on Neon and Render is configured with strict firewall rules that prevent unauthorized external access. Access to the production database is limited to a handful of senior system architects under strict audit logging.
We recognize you as the sole owner of your identity data. ShyFormation acts merely as a digital custodian. You have the right to:
ShyFormation does not use tracking cookies for advertising purposes. We utilize "Session Tokens" stored in your browser's LocalStorage to maintain your login state and to enable the "Real-Time Sync" feature for the authorization popup. These tokens are cryptographically signed and expire automatically upon logout or prolonged inactivity. We do not use third-party analytics scripts that could leak your IP address to data brokers.
Any developer utilizing the ShyAuth SDK is legally and technically bound by our "Minimalist Access" rule. They agree to accept only the SSUID as proof of identity. Any attempt by a developer to use social engineering to extract more data from a ShyFormation user will result in an immediate and permanent ban of their API credentials and domain blacklisting across our entire network.
In the highly unlikely event of a security compromise, ShyFormation maintains a rapid response protocol. Because we do not store plain-text PINs, your core identity remains secure even if database snapshots are intercepted. We commit to notifying all affected users within 24 hours of detecting any unauthorized access to our infrastructure.
Our business model is built on trust and infrastructure, not data brokerage. We guarantee that we have never, and will never, sell, rent, or trade your personal information to advertisers, researchers, or any third-party entities. Your data remains in our private DB, period.
Privacy is a human right. If you have any concerns regarding how your data is being handled, or if you suspect unauthorized use of your SSUID, please reach out to our privacy officer at shykageofficial@gmail.com. We do not use automated bots for privacy disputes; you will receive a response from a human team member within 48 business hours.