Who we are

Sentinel labs, inc. operates the sentinel protocol, sdk, api, and dashboard. we are the data controller for personal data collected through the service. our registered address is 1209 orange street, wilmington, de 19801, usa. for all privacy matters, contact privacy@sentinel.dev.

What we collect

We collect only what is necessary to operate the service. this falls into three categories.

Account data: your name, email address, and organization name when you register. payment information is processed by our payment provider and never stored on our systems.

Usage metadata: timestamps, model identifiers, region codes, api call counts, latency measurements, and error rates. this metadata is used to generate verification hashes and to operate the audit ledger. we do not collect or store the semantic content of your prompts or model responses.

Technical data: ip addresses, browser type, operating system, and session tokens collected automatically when you use the dashboard. this data is used for security monitoring, fraud prevention, and service reliability.

What we do not collect

We do not read, store, index, or analyze the content of your prompts or model responses. the sealing process operates on a cryptographic representation of that content, not the content itself. we do not build profiles of your users. we do not use your data to train any model. we do not sell your data to any third party under any circumstance.

How we use your data

Account data is used to authenticate you, communicate service updates, and process payments. usage metadata is used to generate and anchor verification hashes, enforce plan limits, and produce the audit records you request. technical data is used to secure the service, detect abuse, and diagnose infrastructure issues. we do not use any of your data for advertising purposes.

Legal basis for processing

For users in the european union and united kingdom, our legal bases for processing are as follows. contract: processing account data and usage metadata is necessary to deliver the service you have contracted for. legitimate interests: processing technical data for security and fraud prevention serves our legitimate interest in maintaining a safe and reliable service. consent: where we send optional communications such as product updates or research reports, we rely on your explicit consent, which you may withdraw at any time.

Data retention

Account data is retained for the duration of your account and deleted within 30 days of account termination upon request. usage metadata is retained for 90 days to support audit replay and dispute resolution, then aggregated and anonymized. technical data such as access logs is retained for 30 days. verification hashes anchored to the ledger are permanent by design — this is a cryptographic property of the protocol and cannot be reversed. the hash contains no personal data.

Data sharing

We share your data only in the following circumstances. service providers: we use a small number of infrastructure and payment vendors who process data on our behalf under strict data processing agreements. legal requirements: we may disclose data if required by law, court order, or regulatory authority, and will notify you where legally permitted to do so. business transfers: in the event of a merger, acquisition, or sale of assets, your data may transfer to the successor entity under the same privacy protections. we do not share data with any other third parties.

International transfers

Sentinel operates edge regions across multiple countries including the united states, turkey, and japan. by using the service, your data may be processed in any of these regions. for transfers of data from the eu or uk to countries without an adequacy decision, we rely on standard contractual clauses approved by the european commission. a copy is available upon request at privacy@sentinel.dev.

Security

We implement technical and organizational measures appropriate to the risk, including encryption in transit and at rest, access controls, audit logging of internal data access, and regular third-party security assessments. sentinel holds soc 2 type ii certification and iso 27001 accreditation. despite these measures, no system is completely secure. if you discover a vulnerability, please disclose it responsibly to security@sentinel.dev.