Privacy Policy

At Sentinel, we prioritize the privacy and security of our users and their end-users. This Privacy Policy outlines how we handle data through the Sentinel Trust API and our associated services.

1. Data Philosophy

Sentinel is built on a "Stateless by Design" philosophy. We do not build long-term behavioral profiles of individuals. Our goal is to synthesize a trust decision in real-time and then discard granular data.

2. Information We Collect

When you use the Sentinel Trust API, we process the following technical signals:

• IP Address and Network Metadata (ASN, ISP, Geo-location at the city level).
• Browser and Device Fingerprints (User-Agent string, language settings).
• Behavioral Timing (Interaction velocity, mouse movement patterns for Turnstile).

3. How We Use Data

Data processed by Sentinel is used exclusively for:

• Calculating reputation scores and issuing Trust Tokens.
• Detecting and mitigating automated bot attacks.
• Preventing credential stuffing and account takeover fraud.
• Improving our autonomous decision engine.

4. Data Retention

Analytic signals are held in transient RAM cache for a maximum of 20 minutes to facilitate session-level defense. Forensic logs containing truncated IP addresses are retained for 30 days for security auditing before being permanently deleted.

5. GDPR & International Compliance

Sentinel is fully GDPR compliant. We act as a Data Processor for our customers. We provide Privacy Mode settings to redact granular geo-data and PII at the edge, ensuring compliance in strict regulatory environments.

6. Third-Party Sharing

We do not sell, rent, or trade your data. We may share processed metadata with our parent platform, RiskSignal Intelligence, to enhance global threat telemetry.