Security

Security isn't a feature — it's how we build everything. Your family's data is protected at every layer.

• All data is encrypted in transit using TLS 1.3
• Data at rest is encrypted using AES-256
• Passwords are hashed using bcrypt with strong work factors
• Session tokens are cryptographically secure and time-limited

• Hosted on enterprise-grade cloud infrastructure
• Regular security patches and updates
• Automated backups with point-in-time recovery
• DDoS protection and rate limiting

• Secure login via Bastion SSO
• Email verification required for new accounts
• Session management with secure cookies
• Automatic logout after extended inactivity

• Role-based access (parent vs child)
• Parents control all family settings
• Children cannot modify protection settings
• All administrative actions are logged

Shield uses DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT) to ensure your DNS queries are encrypted and cannot be intercepted.

• Encrypted DNS queries prevent eavesdropping
• DNSSEC validation where available
• No logging of query content, only patterns

If you discover a security vulnerability, please report it responsibly. We take all reports seriously and will respond promptly.

security@shield.family

Have questions about our security practices? We're happy to explain.

support@shield.family