We list what is true right now, and what is planned. No SOC 2 badge until the report is signed. Questions? Email hello@byshadow.ai.
The Shadow Capture SDK ships as a single bundle loaded by every visitor of a tenant's product. Passive capture runs for anonymous visitors; the author widget and recorder UI only execute after the tenant's team authenticates by calling identify() with a short-lived JWT your backend issues.
Per-site redaction rules match attributes (like data-sensitive), CSS selectors, and regex patterns. Matched values are masked in the browser before any data leaves the page. Tenants can expand the rule set at any time; rules are delivered to the SDK with the site configuration.
Shadow does not train foundation models on your captures. Third-party model inference calls use endpoints configured with no-retention and no-training flags where available. We disclose the provider categories we use in our privacy policy.
Ingest endpoints scope data by site public key. Dashboard sessions scope to a specific organization. The database enforces row-level tenant scoping on every read and write path. A single organization cannot see another organization's captures, tutorials, or metrics by design.
Export any workspace artifact — captures, storyboards, videos, and analytics rollups — at any time from the dashboard or by emailing us. Deletion requests are fulfilled within 30 days end-to-end, including backups.
We are preparing for SOC 2 Type II in 2026. Until the report is available, we do not display the badge. This page is the honest status.
We run on-call rotations, maintain an incident playbook, and notify affected tenants within 72 hours of a confirmed security incident. Status is posted on status.byshadow.ai.