Request Demo

LEGAL INFORMATION

Privacy Policy for ViperShield™

Last Updated: June 8, 2026

 

1. Introduction & Architecture Overview

ViperShield™ is an enterprise-grade cloud-delivered security platform engineered and operated by GoCloudIQ LLC (“GoCloudIQ,” “we,” “our,” or “us”), a Texas limited liability company headquartered in Houston, Texas.

This Product Privacy Statement applies directly to the structured data processing architecture executed by the ViperShield browser extension framework, its centralized threat intelligence services, management portals, application programming interfaces (APIs), and downstream cloud analytics arrays (collectively, the “Services”).

ViperShield is purpose-built exclusively for organizational, workplace, and enterprise computing environments. The system acts as an inline technical control to automate the detection, isolation, and suppression of edge-layer vulnerability vectors, credential harvesting anomalies, document object model (DOM) exploits, malicious payloads, and unauthorized data exfiltration attempts.

By provisioning, installing, or interfacing with the Services, you acknowledge the data ingestion workflows defined herein. If you are administrative personnel executing deployment on behalf of an enterprise entity, you declare that you possess the requisite authority to bind said entity to these data processing limits.

2. Enterprise Processing & Google Limited Use Mandates

In compliance with United States state and federal privacy regulations and the Google Chrome Web Store Developer Program Policies, GoCloudIQ operates under strict data minimization boundaries:

  • Google API Limited Use Adherence: ViperShield’s utilization, extraction, and downstream transfer of information received via Google APIs strictly adheres to the Chrome Web Store User Data Policy, specifically satisfying its core Limited Use restrictions.
  • Absolute Restriction on Commercial Data Ingestion: GoCloudIQ does not sell, rent, lease, trade, or monetize transactional metadata or telemetry payloads.
  • Exclusion of Behavioral Tracking & Profiling: The platform maintains programmatic blocks preventing the extraction of telemetry for behavioral profiling, marketing analytics, cross-context ad indexing, or consumer intent tracking.
  • Exclusion of Automated Eligibility Profiling: We do not execute algorithmic evaluations to ascertain creditworthiness, institutional eligibility, or financial indexing.
  • Single-Purpose Operational Mandate: Telemetry packets are captured and analyzed for the sole, exclusive purpose of executing enterprise asset protection, licensing verification, compliance logging, and system optimization.

3. Core Permissions and Ingestion Mechanics

To maintain high-fidelity edge protection, the ViperShield extension leverages explicit runtime hooks. These scopes are declared strictly in accordance with data minimization best practices.

A. Host Permissions (e.g., <all_urls> or specific domain parameters)
  • Core Purpose: To process active ingress/egress connection vectors against centralized threat intelligence data arrays to disrupt phishing nodes and zero-day malicious infrastructure.
  • Operational Execution: Active Uniform Resource Locators (URLs) are interceptively compared against real-time signature sets and cloud classification nodes. Benign operational traffic triggers transient, localized evaluation and is completely decoupled from persistent user profile histories or centralized tracking records.
B. tabs and webNavigation Architecture
  • Core Purpose: To audit active interface handoffs, intercept risk transitions, and preserve the integrity of user navigation boundaries.
  • Operational Execution: Monitors internal routing updates across the runtime environment. Upon confirming a match with an unverified or high-risk domain classification, the system executes an inline intervention, serving an isolated administrative block-page.
C. scripting Runtime Application
  • Core Purpose: To inject presentation-layer script blocks that identify client-side data scraping, credential laundering sites, and phishing kits before user submission occurs.
  • Operational Execution: Evaluates structural webpage layouts and interface attributes solely to identify anomalous security profiles mimicking trusted institutional entities. ViperShield operates purely on the structural presentation layer; it contains strict programmatic barriers preventing the reading, parsing, caching, or transmission of actual user input, passwords, keystrokes, or data fields.
D. identity and identity.email Scopes
  • Core Purpose: To validate enterprise licensing allocations, govern access controls, and correlate endpoints with designated corporate tenant profiles.
  • Operational Execution: Extracts the active, authenticated corporate user email string to verify software licensing entitlement and apply specific security profile sets provisioned by the tenant’s IT administration.
E. downloads Interception
  • Core Purpose: To scan download origin streams and file properties to prevent zero-day binary threats from running on the device.
  • Operational Execution: Pulls active origin paths and file transfer metadata for real-time security validation before local execution privileges are finalized.
F. nativeMessaging Bridge
  • Core Purpose: To maintain data consistency between the browser runtime environment and localized system daemons.
  • Operational Execution: Pipes secure telemetry signals between the extension sandbox and pre-authorized desktop client binaries or adjacent system endpoint infrastructure.
G. storage and Managed Storage Pools
  • Core Purpose: To cache local structural settings, administrative configuration mappings, and localized threat indicators securely on the device.
H. notifications Interface
  • Core Purpose: To generate localized system alerts regarding threat isolation actions or policy compliance overrides.
I. alarms Scheduler
  • Core Purpose: To configure background system sync tasks for continuous signature database optimization and policy checks without degrading processing performance.

4. Telemetry Processing Classification

ViperShield enforces a clear boundary between local client-side analysis and remote cloud processing streams.

Localized Device Processing

The overwhelming majority of network analysis occurs natively within the isolated environment of the extension. The following data categories are confined to local device memory and are never transmitted to GoCloudIQ under standard operations:

  • Safe, verified network navigation vectors.
  • Localized policy evaluations and heuristic matching metrics.
  • Localized threat signature databases and dictionary caches.

Technical Exclusion Safe Harbor: ViperShield utilizes explicit content filters engineered to bypass and ignore consumer data properties, including financial account strings, credit card numbers, personal messaging applications, or protected health information.

Cloud Service Telemetry Ingestion

When the platform detects an active threat or policy exception, it transmits an encrypted Security Event Log packet to the customer’s cloud instance. This structural telemetry is restricted to:

  • The explicitly flagged malicious URL or threat origin path.
  • The corresponding threat classification category (e.g., Credential Harvesting Threat).
  • High-fidelity timestamps and system execution records.
  • Cryptographic user/device identifiers and anonymized organization/tenant tokens.
  • The automated mitigation action taken (e.g., Session Blocked).

5. Data Sharing & Third-Party Limitations

We do not permit access to system metadata or log data outside of the explicit technical pipelines detailed below:

  • Enterprise Customer Security Teams: Telemetry log packets are routed natively to the private administrative console of the enterprise entity provisioning the licensing token for integration into their internal security analysis systems (such as SIEMs).
  • Authorized Subprocessors: Cloud-hosted data processing is executed within secure cloud infrastructure (such as AWS or Microsoft Azure). These subprocessors operate under comprehensive data processing agreements (DPAs) that legally restrict them from utilizing telemetry for any independent commercial purpose.
  • Enforceable Legal Disclosures: GoCloudIQ will not surrender data logs unless formally compelled by a valid, legally enforceable subpoena, federal court order, or statutory mandate, or when urgent network defense actions require the mitigation of active, systemic platform attacks.

6. Jurisdictional Rights Notice (TDPSA, CCPA/CPRA, etc.)

GoCloudIQ operates in structural alignment with modern US data protection frameworks, including the Texas Data Privacy and Security Act (TDPSA) and the California Consumer Privacy Act (CCPA/CPRA).

Data Processor B2B Framework

ViperShield is systematically provisioned as a business-to-business (B2B) enterprise application. Under applicable statutory definitions, GoCloudIQ functions strictly as a Data Processor or Service Provider, while the enterprise corporate client acts as the formal Data Controller.

If an individual user seeks to exercise rights under state privacy laws—including data access, modification, or deletion—the request must be submitted directly to the IT or Compliance administration of the employing enterprise. GoCloudIQ cannot unilaterally modify or wipe tracking data associated with an active enterprise installation without explicit written instruction from the corporate organization holding the administrative token.

7. Security Architecture and Data Cryptography

GoCloudIQ employs administrative, technical, and physical safeguards engineered to protect our data assets.

  • Transport Cryptography: All network communications between the extension client and cloud analytics nodes are strictly encrypted using TLS 1.2 or TLS 1.3 protocols.
  • Perimeter Controls: Access to backend threat intelligence infrastructure requires mandatory multi-factor authentication (MFA) and is governed by strict Role-Based Access Control (RBAC) schemas.

8. Data Retention Thresholds

  • Device Removal: Uninstalling the extension or clearing browser configuration data instantly purges all localized variables and cached metrics from the client system.

Cloud Log Lifecycles: Centralized cloud log entries are preserved in accordance with the timelines established in our enterprise Master Services Agreements (MSAs), or as required for ongoing forensic auditing and threat analysis.

9. Children's Privacy

ViperShield is exclusively an enterprise-targeted application. It is not designed for, structured toward, or intended to interact with children under the age of 13. We do not knowingly compile or store records concerning minors.

10. Document Revisions

We reserve the right to issue amendments to this privacy sheet to align with new Chrome Core browser engine revisions, adjusted API permission structures, or updated state legal safe harbors. The “Last Updated” timestamp at the top of this notice indicates its formal operational lifecycle status.

11. Contact Information

For formal administrative inquiries or information regarding data processing compliance, direct communications to:

GoCloudIQ LLC

Houston, Texas, USA

Email: support@gocloudiq.com
Website: https://vipershield.net

Protect Your Organization Before Ransomware Starts

ViperShield helps mid-market organizations prevent phishing attacks, reduce credential compromise, and stop ransomware before it spreads across systems.

Twitter Tumblr Vimeo-v

Company

About

Use Cases

Industries

Blog

Resources

Security Insights

Documentation

FAQ

Case Studies

Product

Platform Overview

Phishing Protection

Credential Protection

Ransomware Prevention

© 2026 ViperShield. All rights reserved.