Privacy Policy

SmartShield: AI-Powered Phishing Website Detector

Effective Date: March 2026

1. Introduction

SmartShield is an AI-powered phishing website detection system that utilizes ensemble machine learning and Explainable Artificial Intelligence (XAI) to classify websites as phishing or legitimate. This Privacy Policy outlines how data is processed, protected, and handled in compliance with the Data Privacy Act of 2012 (Republic Act No. 10173).

The system is designed with a privacy-first approach, ensuring transparency, accountability, and minimal data handling.

2. Scope of This Policy

This policy applies to all users interacting with SmartShield through:

  • Web Application Interface
  • Browser Extension Deployment

These platforms provide real-time phishing detection and analysis.

3. Nature of Data Processed

3.1 Input Data

SmartShield processes only technical and non-personal data, including:

  • Website URLs submitted or visited
  • Domain-based features (e.g., domain age, reputation)
  • Web-based features (e.g., HTML structure, URL patterns)
  • Third-party reputation indicators

These inputs are required for machine learning classification.

3.2 No Personal Data Collection

SmartShield strictly adheres to the following principles:

  • No collection of personally identifiable information (PII)
  • No storage of browsing history
  • No tracking of user identity or behavior

The system operates independently of user identity.

4. Purpose of Data Processing

All processed data is used exclusively for:

  • Real-time phishing detection
  • Classification of websites (phishing vs legitimate)
  • Generation of explainable outputs using XAI (LIME, SHAP)
  • Improving system accuracy and reliability

No data is used for marketing, profiling, or surveillance.

5. Data Processing Mechanism

SmartShield follows a local and secure processing model:

  • Data is analyzed through a stacking ensemble model (CNN, SVM, XGBoost + Logistic Regression meta-learner)
  • Feature extraction and classification occur in real-time
  • XAI techniques provide transparent explanations

All processing is aligned with ethical AI principles such as:

  • Transparency
  • Fairness
  • Accountability

6. Data Storage and Retention

SmartShield enforces a zero-retention policy:

  • No persistent storage of user-submitted data
  • All inputs are processed temporarily
  • Data is discarded immediately after classification

This ensures compliance with data minimization and proportionality principles.

7. Data Security Measures

To protect system integrity and user privacy:

  • Processing is performed locally whenever possible
  • No centralized database of user data is maintained
  • Secure handling of input URLs
  • Protection against unauthorized access

These safeguards align with national cybersecurity and privacy standards.

8. Third-Party Integration

SmartShield may utilize:

  • Public datasets
  • Threat intelligence sources
  • Domain reputation services

However:

  • No personal user data is transmitted
  • Only technical website-related data may be processed

9. User Rights

Users are entitled to:

  • Use the system anonymously
  • Be informed about how their data is processed
  • Discontinue use at any time

Since no personal data is stored, rights such as data access or deletion are inherently preserved.

10. Compliance with Law

SmartShield complies with:

  • Data Privacy Act of 2012 (RA 10173)
  • Principles of lawful, fair, and transparent processing
  • Philippine National Cybersecurity Plan alignment

11. Policy Updates

This Privacy Policy may be updated to reflect:

  • System improvements
  • Legal or regulatory changes
  • New features or integrations

12. Contact Information

For inquiries regarding privacy and data protection:

📧 smartshield.project@gmail.com