Privacy Policy

Last updated: January 17, 2026

1. Introduction

Sentinel.ai is a compliance-scanning Software-as-a-Service (SaaS) platform that helps businesses identify potential privacy, accessibility, and regulatory compliance risks on their websites. We are committed to protecting the privacy and security of all information we collect. This Privacy Policy explains our data practices and your rights regarding your personal information.

Note: Sentinel is a B2B service intended for use by businesses and their authorized representatives. We do not knowingly collect personal information directly from consumers of our customers' websites through our scanning services.

2. Information We Collect

2.1 Account Information

When you register for an account, we collect:

• Registration Data: Email address, name, company name, password (stored using industry-standard bcrypt encryption)
• Profile Information: Company location, business type, job title (if provided)
• Communication Preferences: Email notification settings, marketing opt-in/opt-out choices

2.2 Payment and Billing Information

If you subscribe to a paid plan, we collect billing information through our payment processor, Stripe. We do not store complete credit card numbers on our servers. We may receive and store:

• Last four digits of payment card
• Card type (Visa, Mastercard, etc.)
• Billing name and address
• Transaction history and invoice records

2.3 Website Scan Data

When you use our scanning service, we collect and analyze:

• URL Information: Website URLs you submit for scanning
• Publicly Available Data: HTML content, cookies, JavaScript files, forms, images (alt text), and other publicly accessible elements from scanned websites
• Scan Results: Compliance findings, risk scores, risk levels, and detected issues
• Scan Metadata: Timestamps, scan duration, pages scanned, and error logs
• Scheduled Scan Settings: Frequency, timing, and notification preferences

2.4 Automatically Collected Information

When you access our Service, we automatically collect:

• Log Data: IP address, browser type, operating system, referring URLs, access times
• Device Information: Device type, screen resolution, unique device identifiers
• Usage Data: Pages viewed, features used, clicks, time spent on pages, navigation patterns
• Cookies and Similar Technologies: Session cookies, persistent cookies, and local storage (see our Cookie Policy)

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Service Delivery

• Provide, maintain, and improve our compliance scanning services
• Process and complete website scans
• Generate compliance reports and risk assessments
• Send scan results, alerts, and notifications
• Manage scheduled scans and monitoring

3.2 Account Management

• Create and manage your account
• Process payments and subscriptions
• Provide customer support
• Verify your identity when necessary

3.3 Service Improvement

• Analyze usage patterns to improve our Service
• Develop new features and functionality
• Train and improve our scanning algorithms (using aggregated, de-identified data)
• Conduct research and analytics

3.4 Communication

• Send transactional emails (scan results, account notifications)
• Send marketing communications (with your consent, where required)
• Respond to your inquiries and requests
• Provide important service updates

3.5 Security and Compliance

• Detect and prevent fraud, abuse, and security threats
• Enforce our Terms of Service and other policies
• Comply with legal obligations
• Protect our rights and the rights of others

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, our legal bases for processing your personal data include:

• Contract Performance: Processing necessary to provide you with the Service you requested
• Legitimate Interests: Processing necessary for our legitimate business interests, such as improving our Service, preventing fraud, and ensuring security, where these interests are not overridden by your rights
• Consent: Processing based on your explicit consent, such as for marketing communications
• Legal Obligations: Processing necessary to comply with applicable laws and regulations

5. Information Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties. We may share information in the following limited circumstances:

5.1 Service Providers

We share information with third-party service providers who perform services on our behalf:

5.2 Legal Requirements

We may disclose your information if required to do so by law or in response to:

• Subpoenas, court orders, or legal process
• Requests from government agencies or law enforcement
• Requirements under applicable laws or regulations

5.3 Protection of Rights

We may disclose information when we believe it is necessary to:

• Protect our rights, property, or safety
• Protect the rights, property, or safety of our users or others
• Investigate potential violations of our Terms of Service
• Detect, prevent, or address fraud, security, or technical issues

5.4 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your information.

5.5 With Your Consent

We may share your information for any other purpose with your explicit consent.

6. Data Retention

We retain your information for as long as necessary to fulfill the purposes described in this Privacy Policy:

• Account Data: Retained for the duration of your account plus 30 days after deletion, unless legal retention requirements apply
• Scan Data: Retained for the duration of your subscription. Upon cancellation or account deletion, scan data is deleted within 30 days
• Payment Records: Retained for 7 years after the transaction for legal, tax, and accounting purposes
• Log Data: Generally retained for 90 days, unless longer retention is required for security investigations
• Marketing Data: Retained until you unsubscribe or request deletion

You may request deletion of your personal data at any time (see Section 7). Certain data may be retained longer if required by law or necessary to establish, exercise, or defend legal claims.

7. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal information:

7.1 All Users

• Access: Request a copy of your personal data
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal data
• Data Export: Request your data in a portable, machine-readable format
• Marketing Opt-Out: Unsubscribe from marketing communications at any time

7.2 EEA/UK/Swiss Residents (GDPR)

In addition to the rights above, you have the right to:

• Restriction: Request restriction of processing in certain circumstances
• Objection: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent at any time where processing is based on consent
• Lodge Complaint: Lodge a complaint with your local data protection authority

7.3 California Residents (CCPA/CPRA)

California residents have the right to:

• Know what personal information we collect and how we use it
• Request deletion of personal information
• Opt-out of the sale or sharing of personal information (Note: We do not sell personal information)
• Non-discrimination for exercising your privacy rights

7.4 How to Exercise Your Rights

To exercise any of these rights, please contact us at sentinelservice00@gmail.com. We will respond to your request within 30 days (or as required by applicable law). We may need to verify your identity before processing your request.

8. Data Security

We implement comprehensive technical and organizational security measures to protect your information:

• Encryption in Transit: All data transmitted between your browser and our servers is encrypted using TLS/HTTPS
• Encryption at Rest: Sensitive data is encrypted at rest using AES-256 encryption
• Password Security: Passwords are hashed using bcrypt with appropriate salt rounds
• Access Controls: Strict access controls limit employee access to personal data
• Infrastructure Security: Hosted on secure cloud infrastructure with regular security updates
• Security Monitoring: Continuous monitoring for security threats and anomalies
• Regular Assessments: Periodic security reviews and vulnerability assessments

While we strive to protect your information, no method of transmission or storage is 100% secure. If you have reason to believe that your interaction with us is no longer secure, please contact us immediately.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have data protection laws that differ from those in your country.

When we transfer personal data from the EEA, UK, or Switzerland to other countries, we use appropriate safeguards to ensure your information remains protected, including:

• Standard Contractual Clauses approved by the European Commission
• Transfers to countries recognized as providing adequate data protection
• Other legally approved mechanisms

10. Children's Privacy

Our Service is a B2B platform intended for use by businesses and professionals. It is not directed at individuals under the age of 18, and we do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child under 18, please contact us immediately at sentinelservice00@gmail.com, and we will take steps to delete such information.

11. Third-Party Links

Our Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read the privacy policies of any third-party websites you visit.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. If we make material changes, we will:

• Post the updated policy on this page with a new "Last updated" date
• Notify you by email (for material changes affecting your rights)
• Provide notice through the Service where appropriate

Your continued use of the Service after any changes indicates your acceptance of the updated Privacy Policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

• Email: sentinelservice00@gmail.com
• Address: Sentinel.ai, 123 Legal Street, Suite 100, Wilmington, DE 19801, USA

For EEA/UK residents: If you have concerns about our data processing that we have not satisfactorily addressed, you have the right to lodge a complaint with your local data protection supervisory authority.