Trust Center
We are a privacy company. That means your trust is everything to us. Here is everything you need to know about how we operate.
What we collect
We collect the absolute minimum necessary to provide our service. That's it. No behavioral tracking, no interest profiling, no ad targeting.
Account information
Your email address and (optionally) phone number for account access and two-factor authentication.
Protected identities
Names, addresses, phone numbers, and emails you provide — used exclusively to search for and remove your data from brokers. Encrypted with AES-256.
Payment information
Processed by Stripe. We never see or store your full card number. Only the last 4 digits and expiry are stored for subscription management.
Service usage logs
Anonymized logs of which features you use, retained for 30 days. Used only to improve service reliability. No personal details.
What we NEVER do
These are hard rules. Non-negotiable. Never subject to business exceptions or partnerships.
How we protect your data
Encryption & Architecture
AES-256 Encryption at Rest
All personally identifiable information is encrypted with AES-256 before being written to our databases. Encryption keys are managed by AWS KMS with automatic rotation.
TLS 1.3 in Transit
All data transmitted between your browser and our servers uses TLS 1.3. We enforce HSTS and certificate pinning. No data travels over unencrypted connections.
Zero-Knowledge Architecture
Our processing pipeline is designed so that SENTINEL employees cannot read your protected identities in plain text. The encryption happens before data reaches our application servers.
Isolated Data Processing
Each user's data is processed in isolated, sandboxed environments. Your removal requests run separately from other users' data — there is no commingling.
Certifications & Audits
SOC 2 Type II
Independently audited annually by Schellman & Company. Our latest report covers the period Jan–Dec 2025.
Quarterly Penetration Tests
External pen tests by Cobalt Security, conducted every quarter. Critical findings resolved within 48 hours.
Bug Bounty Program
Public bug bounty via HackerOne. Rewards from $250 to $10,000 for responsible disclosures.
GDPR Article 32 Compliance
We implement all appropriate technical and organizational measures required under GDPR Article 32.
Your rights
You have complete control over your data. These rights are available to all users, regardless of where you live.
Right to Access
Download a complete export of all data we hold about you at any time from your Account Settings.
Right to Correction
Update any inaccurate information in your profile at any time. Changes take effect immediately.
Right to Deletion
Delete your entire account and all associated data with one click. We will permanently delete all data within 30 days of cancellation.
Right to Portability
Receive your data in a structured, machine-readable format (JSON or CSV) for transfer to another service.
Right to Object
Object to any specific processing of your data. Contact our DPO directly at dpo@sentinelprivacy.com.
Wipe everything
Permanently delete your SENTINEL account and all associated data. This includes your protected identities, removal history, and all personal information we hold. This action is irreversible.
Refund policy
30-Day Money-Back Guarantee
If you are not completely satisfied with SENTINEL within the first 30 days of your subscription, we will refund your payment in full. No questions asked. No hoops to jump through.
To request a refund, simply email refunds@sentinelprivacy.com or click the refund button in your account settings. Refunds are processed within 3–5 business days to your original payment method.
The refund applies to:
The refund does NOT apply to:
Data retention
Active account
Your protected identities and removal records are retained as long as your account is active.
After cancellation
We retain your data for 30 days in case you want to reactivate. After 30 days, all data is permanently deleted.
Government ID
If you upload an ID for escalation purposes, it is deleted within 90 days of the escalation being resolved.
Payment records
Payment transaction records are retained for 7 years as required by financial regulations. These contain no personal data beyond email and last 4 card digits.
Service logs
Anonymized service logs are retained for 30 days and then deleted.
Legal compliance
GDPR (EU General Data Protection Regulation)
GDPR Compliant- SENTINEL is a Data Controller under GDPR Article 4.
- Our Data Protection Officer (DPO) can be reached at dpo@sentinelprivacy.com.
- Legal basis for processing: Contract (GDPR Art. 6(1)(b)) — processing is necessary to deliver the service you've purchased.
- We do not transfer EU personal data outside the EEA without appropriate safeguards (Standard Contractual Clauses).
- Data Subject Requests are handled within 30 days (extendable to 90 days for complex cases).
CCPA (California Consumer Privacy Act)
CCPA Compliant- California residents have the right to know, delete, and opt-out of sale of their personal information.
- We do not sell personal information. This right is not applicable, but we honor all other CCPA rights.
- To submit a CCPA request: email privacy@sentinelprivacy.com or use the rights tools in your account.
- We do not discriminate against users who exercise their CCPA rights.
Questions about privacy?
Our Data Protection Officer is available to answer any questions about how we handle your data.