Introduction
Gulf Shield Technologies LLC (“Gulf Shield Technologies,” “we,” “us,” or “our”) is a Florida limited liability company that builds and ships software products. This Privacy Policy explains how we collect, use, store, and protect information about you when you use any product we publish — currently Canopy, with more products planned — or when you interact with our website at gulfshieldtech.com.
This policy applies to all products in the Gulf Shield Technologies portfolio. Specific data collection details for each product are documented in the per-product section below.
Effective date: May 5, 2026. This policy applies to all data collected on or after that date.
How We Think About Data
We organize data into three tiers based on whether you can opt out:
The visual breakdown above is rendered by the page component beneath this heading; the categories are:
- Tier 1 — Required. Data the product cannot function without (e.g., a license key hash for a paid product). Cannot be opted out of without ceasing to use the product.
- Tier 2 — Product improvement. Anonymized usage telemetry that helps us prioritize features and find bugs. Opt-out via product settings.
- Tier 3 — Portfolio-level analytics. Aggregated cross-product metrics for understanding how our tools are used together. Opt-out via product settings.
We do not collect any data outside these three tiers. If a product needs new data, we update this policy first.
What We Don’t Collect
Across every product we ship, we never collect:
- Source code or file contents. Local-first products (like Canopy) parse code on your machine; nothing leaves it.
- Real-time location data. Florida is the only “location” we track, and that’s our office, not yours.
- Microphone, camera, or sensor data. None of our products request these permissions.
- Browsing history outside our products. We don’t run cross-site trackers.
Per-Product Data Collection
The table below lists every category of data each product collects, the tier it falls into, the purpose, and which third-party processors (if any) receive it. Products not listed here either collect no data or aren’t yet shipping.
How Long We Keep Data
- Tier 1 data is kept as long as your account or license is active, plus a retention window required by law (typically 7 years for tax / Stripe records).
- Tier 2 + 3 data is kept in aggregated form indefinitely; identifiable raw events are purged after 90 days.
Your Rights
You have the right to:
- Access. Request a copy of the data we hold about you.
- Correction. Ask us to fix anything that’s wrong.
- Deletion. Request that we delete your data, subject to retention obligations described above.
- Portability. Receive your data in a machine-readable format.
- Opt-out. Disable Tier 2 and Tier 3 collection through product settings at any time.
To exercise any of these rights, email privacy@gulfshieldtech.com. We aim to respond within thirty days.
Children
Our products are not directed to children under 13. We don’t knowingly collect personal information from anyone under 13. If you believe we have, please contact us and we’ll delete it.
Changes to This Policy
We may update this policy. Material changes (new data collection, new third-party processors, significant changes to retention) will be communicated via email to existing customers at least thirty days before they take effect, and the lastUpdated field at the top of this document will reflect the change.
Contact
Privacy questions, data requests, or anything else related to this policy:
For everything else, hello@gulfshieldtech.com.
Run the App
Data required for the app to function. Without this, you cannot use the service.
Authentication, data sync, subscription management, and crash reporting.
Examples
- Email address (for account creation and login)
- Authentication tokens (session management)
- Subscription status and purchase history (via RevenueCat)
- Core app data (habits, creature state, preferences)
- Crash logs and error reports (for stability)
Improve This App
Analytics that help us understand how you use the app so we can make it better.
Feature usage analytics, onboarding funnel analysis, and performance monitoring.
Examples
- Which features you use and how often
- Screen navigation patterns
- Onboarding completion steps
- Session duration and frequency
- Performance metrics (load times, frame rates)
Settings > Privacy > "Help improve [App Name]" toggle
Improve the Gulf Shield Technologies Portfolio
Anonymized, aggregated data that helps us build better apps across our portfolio.
Cross-app product intelligence to identify which types of tools help users most.
Examples
- Anonymized habit completion patterns
- Mood correlation trends (aggregated)
- Task decomposition usage patterns (aggregated)
- Feature adoption rates across app categories
Settings > Privacy > "Help improve future Gulf Shield Technologies apps" toggle
Per-App Data Collection
Canopy
Data Collected
| Data Type | Tier | Purpose | Shared With |
|---|---|---|---|
| License key hash (SHA-256) | Tier 1 | License validation and subscription status | Cloudflare D1 (Gulf Shield Technologies account) |
| Client version | Tier 1 | Compatibility checks and support diagnostics | Cloudflare D1 |
| Platform (e.g., linux-x86_64) | Tier 1 | Download recommendations and compatibility | Cloudflare D1 |
| Machine fingerprint hash | Tier 1 | Seat binding enforcement (per-seat machine limit) | Cloudflare D1 |
| Email address | Tier 1 | License delivery and support communication | Cloudflare D1, Resend (email delivery) |
| Stripe customer/subscription IDs | Tier 1 | Billing and refund processing | Stripe |
| Anonymous feature telemetry | Tier 2 | Feature prioritization (tool invocation counts, no code content) | Cloudflare D1 (aggregated only) |
Does Not Collect
- Source code or file contents
- File paths or directory structure
- Search queries or MCP tool call inputs/outputs
- Repository names or Git remote URLs
- IP addresses (beyond Cloudflare's transient DDoS logs)
- Location data
- Browsing history