Privacy Policy

Effective: January 2025

1. Controller

Sentinel Security Platform
Email: info@sentinel-security.tech

The controller is responsible for processing personal data under the GDPR.

2. Collection and Storage of Personal Data

2.1 Registration and Account

When creating and managing an account, we process:

• Email address (required)
• Password (stored in encrypted/hashed form)
• Nickname / display name (optional)
• Registration date
• Subscription status and plan

2.2 Use of the Services

• Search queries and filter settings
• Created alerts, saved configurations, and monitoring preferences
• Export activity and usage logs

2.3 Payment Data

Payments are processed through Stripe. Your payment information is transmitted directly to Stripe and is not stored on our servers.

Stripe may process data in the United States (see Section 6).

3. Purpose of Processing

• Providing, maintaining, and improving our services
• User authentication and account management
• Subscription and payment processing
• Sending service-related notifications (e.g., alerts)
• Customer support
• Compliance with legal obligations

4. Legal Basis (GDPR)

• Art. 6(1)(b) – Contract performance
• Art. 6(1)(a) – Consent
• Art. 6(1)(f) – Legitimate interests

5. Data Disclosure

• Stripe (payments)
• Email service providers
• Hosting infrastructure providers
• Public authorities when legally required

We do not sell personal data.

6. International Data Transfers

Some service providers (e.g., Stripe) may process data outside the European Union, including the United States.

These transfers rely on:

• Adequacy decisions (Art. 45 GDPR)
• EU Standard Contractual Clauses (Art. 46 GDPR)

7. Cookies and Tracking

We use only essential cookies required for platform functionality. Session cookies expire on logout or browser close.

No analytics or marketing cookies are used without consent.

8. Data Security

• Secure password hashing (bcrypt)
• HTTPS/TLS encryption
• Regular security updates
• Rate limiting and brute-force protection
• Role-based access controls

9. Your Rights Under the GDPR

• Right of access (Art. 15)
• Right to rectification (Art. 16)
• Right to erasure (Art. 17)
• Right to restriction (Art. 18)
• Right to data portability (Art. 20)
• Right to object (Art. 21)
• Right to lodge a complaint (Art. 77)

Contact: info@sentinel-security.tech

10. Data Retention

• Account data: until deletion or inactivity cleanup
• Payment records: per statutory retention limits
• Log data: up to 90 days

11. Changes to This Policy

The current version of this policy is always available on this page.