Helvetic Shield

Privacy Policy

Privacy policy for the Helvetic Shield platform, compliant with the Swiss Federal Act on Data Protection (revDSG).

Last updated: April 2026

1. Controller

The controller responsible for data processing on this website and the Helvetic Shield platform is:

CICS GmbH Switzerland

Contact: privacy@helveticshield.ch

2. Scope

This privacy policy applies to the website helveticshield.ch and the Helvetic Shield community platform at community.helveticshield.ch.

3. Data Collection

3.1 Website Visits

When you visit our website, our servers may automatically collect technical data including your IP address, browser type, operating system, referring URL, pages visited, and timestamps. This data is processed for the purpose of ensuring the security and functionality of the website.

We do not use third-party tracking or analytics services. We do not deploy advertising cookies. Server logs are retained for a maximum of 90 days and are used exclusively for security monitoring and incident investigation.

3.2 Registration and Account Data

When you register for the Helvetic Shield community, we collect the information you provide, including your name, email address, organisational affiliation, and professional role. For higher membership tiers, additional verification data may be required, such as employer confirmation, professional credentials, or organisational documentation.

3.3 Community Participation

Content you contribute to the platform – including intelligence reports, forum posts, analysis, and chat messages – is stored and processed in accordance with the TLP classification applied to each item.

3.4 SENTINEL and Intelligence Products

When you access SENTINEL data, IOC feeds, or intelligence documents, we log access events for the purpose of watermarking, audit, and security. Download and export events are recorded and associated with your account.

We process personal data for the following purposes:

  • Contract performance – To provide access to the Helvetic Shield platform and services as agreed in your membership terms.
  • Legitimate interest – To maintain the security, integrity, and availability of our platform, to protect our members and community, and to trace unauthorised disclosure of restricted intelligence products.
  • Legal obligation – To comply with applicable Swiss law, including record-keeping and reporting requirements.
  • Consent – Where you have provided explicit consent, such as for optional communications or newsletter subscriptions.

5. Data Sharing

We do not sell personal data. We do not share data with advertising networks, data brokers, or any commercial third party.

We may share data with:

  • Service providers – Technical infrastructure providers operating under contract and bound by confidentiality obligations. All service providers are Swiss-based or operate under Swiss data protection standards.
  • Law enforcement – Where required by Swiss law or valid legal process issued by a Swiss authority.
  • Community members – Only to the extent that you voluntarily share information through the platform, subject to TLP and access controls.

6. International Transfers

Personal data is stored and processed exclusively in Switzerland. We do not transfer personal data outside Switzerland. If any future circumstance requires such a transfer, we will ensure appropriate safeguards are in place in accordance with the revDSG and will update this policy accordingly.

7. Data Retention

We retain personal data for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Specific retention periods:

  • Server logs: Maximum 90 days.
  • Account data: Duration of membership plus 30 days after account deletion, subject to legal retention obligations.
  • Intelligence access logs: Retained for 5 years for watermarking and audit purposes, as required by our intelligence integrity obligations.
  • Community contributions: Retained for the duration of membership. Upon account deletion, contributions are anonymised unless TLP obligations require ongoing attribution.

Account data is deleted upon request after membership termination, subject to the retention periods above.

8. Your Rights

Under the Swiss Federal Act on Data Protection (revDSG), you have the right to:

  • Access your personal data held by us.
  • Rectify inaccurate or incomplete data.
  • Delete your data, subject to legal retention requirements and intelligence integrity obligations.
  • Object to processing based on legitimate interest.
  • Data portability – Receive your data in a structured, commonly used format.
  • Withdraw consent – Where processing is based on consent, you may withdraw it at any time.

To exercise these rights, contact privacy@helveticshield.ch. We will respond within 30 days.

9. Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption at rest and in transit, access controls, audit logging, and regular security assessments.

10. Cookies

This website uses only technically necessary cookies required for site functionality (session management, security tokens). We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

11. Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated date. Material changes will be communicated to registered members via email or platform notification.

12. Contact

For questions or concerns regarding this privacy policy, contact:

CICS GmbH Email: privacy@helveticshield.ch