Privacy Policy
Last updated: March 10, 2026
Overview
SpiderShield is built with a local-first architecture. The open-source SDK processes all data locally on your machine. No scan results, tool calls, or audit logs are sent to our servers unless you explicitly opt in to SpiderShield Cloud.
Data We Collect
Open-Source SDK
No data collected. All processing is local. Scan results, audit logs, and guard decisions stay on your machine in SQLite and JSONL files.
SpiderShield Cloud (opt-in)
If you opt in, we collect: anonymized telemetry (tool call counts, decision distributions), account information (email, team name), and policy configurations. We never collect tool arguments, outputs, or raw audit data.
Website
Basic analytics (page views, referrers) via privacy-respecting analytics. No cookies, no tracking pixels, no third-party ad networks.
Data Storage
SDK data is stored locally at ~/.spidershield/. Cloud data is stored in encrypted databases in the EU (Frankfurt). We do not sell, share, or monetize your data.
Your Rights
You can delete all local data by removing the ~/.spidershield/ directory. For Cloud accounts, you can export or delete your data at any time from the dashboard, or by emailing privacy@spidershield.dev.
Third-Party Services
The LLM rewrite feature (spidershield rewrite) sends tool descriptions to your configured LLM provider (Anthropic, OpenAI, or Google). This is user-initiated and uses your own API key. We do not proxy or store these requests.
Contact
For privacy questions, email privacy@spidershield.dev.