Sentinel

Privacy Policy

View in:

Effective date: 2025‑08‑12

Scope

This Privacy Policy explains how Sentinel (“we”, “us”) collects and processes data when you use our Services. We process Customer Data only under your instructions as processor/service provider unless otherwise stated.

Data We Process

  • Account: name, email, company, billing identifiers, login timestamps, IPs.
  • Operational logs: minimal logs for security, abuse prevention, and reliability (e.g., errors, rate limits).
  • Telemetry you send: security events, indicators, and artifacts for correlation and alerting.
  • Public‑source cache: copies of publicly available content to enable detection and historical analysis.
  • Payments: processed by third‑party providers; we do not store full card data.
  • Cookies: session/authentication; language preference (lang); analytics (if enabled).

Purposes

  • Provide and secure the Services (detect, prevent, and investigate abuse or incidents).
  • Operate features (alerting, dashboards, exports, APIs).
  • Comply with legal obligations and enforce Terms.
  • Improve the Service using aggregated/anonymous metrics.

Retention

We retain data for as long as necessary for the purposes above, then delete or anonymize. Customer‑configured retention settings control telemetry and cache windows where available.

Security

We apply industry‑standard technical and organizational measures. You control access on your side (SSO, 2FA, keys).

International Transfers

Where applicable, we rely on valid mechanisms (e.g., SCCs/EU, UK Addendum, adequacy decisions, or equivalent) to transfer data. Additional safeguards (encryption in transit/at rest; access controls) are applied.

Your Rights

We support data subject/consumer rights requests through administrative console or support: access, correction, deletion, portability, restriction, and objections where applicable by law.

Regional Addenda

United States (CPRA and State Laws)

  • We do not “sell” or “share” Customer Data for cross‑context behavioral advertising.
  • “Your Privacy Choices” link is available for opt‑out where applicable. We respect GPC signals.
  • Verification may be required to fulfill requests.

Brazil (LGPD)

  • We act as “operador(a)” for Customer Data; you are the “controlador(a)”.
  • When an incident may cause relevant risk or damage, the controller must notify ANPD and data subjects within legal deadlines.
  • Contact our DPO channel for rights (art. 18) and incident coordination.

EU/EEA/UK (GDPR/UK GDPR)

  • For controller‑provided data, lawful bases are defined by the controller; we process under Art. 28 terms.
  • Transfers: SCCs plus supplementary measures; UK Addendum for UK transfers.
  • We assist controllers in fulfilling Arts. 15–22 requests and breach notification duties.

Children

The Services are not intended for children under 13 (or higher age where required by local law). We do not knowingly collect data from them.

Do Not Track

We honor Global Privacy Control (GPC) signals for sale/share opt‑out where applicable by law.

Contact

Privacy/DPO and security contact details are available on the site. We will update this Policy as laws evolve.

Privacy Policy