SentinelEU AI Act
Log inStart free audit
Legal · Privacy Policy

Your data, your rights.

We built Sentinel for teams that care about evidence and accountability. This policy reflects those same values — no hidden data use, no surprises.

GDPR Compliant
Last updated: 30 June 2026
Introduction

How we handle your personal data

Sentinel EU AI Act Compliance ("Sentinel", "we", "us", "our") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store and protect information about you when you use our services.

Sentinel is an evidence-oriented compliance assessment platform that analyses software repositories and technical artefacts to generate EU AI Act compliance assessments. This policy describes our data practices in full.

Privacy questions: office@gettingsentinel.com
Scope

What this policy covers

This Privacy Policy applies to:

The Sentinel website (gettingsentinel.com and subdomains)
The Sentinel web application and dashboard
The Sentinel API and CLI tools
All compliance assessment services provided by Sentinel
Communications between you and Sentinel

It does not apply to third-party services linked from our platform.

Data collection

Personal data we collect

Account Information
Full name and email address
Organisation name and role
Password (bcrypt hash — never plain text)
Billing Information
Company name and billing address
VAT number (EU business customers)
Payment processed by Lemon Squeezy only
Credit balance and transaction history
Technical & Usage Data
IP address and approximate location
Browser type, version and OS
Pages visited and features used
Session identifiers
API request logs
Audit Metadata
Repository URL submitted for scanning
Audit serial number and timestamps
Languages detected in repository
Compliance score and article-level results
Source code

Repository processing — what happens to your code

Your source code is the most sensitive thing you submit. Here is exactly what we do with it.
Source code is processed in an isolated, temporary environment for the duration of the scan
Raw source code is never permanently stored on Sentinel servers after the scan completes
Extracted evidence artefacts (signals, findings, coverage data) are retained as part of your audit record
Generated compliance reports, dossier documents and scan statistics are stored and linked to your account
Sentinel does not use your source code to train machine learning models
Sentinel does not share your source code with third parties
Access to scan results is restricted to members of your organisation

If your repository is private, credentials you provide (e.g. a personal access token) are used solely for the scan and are not retained thereafter.

Data use

How we use your data

Providing and operating the Sentinel compliance assessment service
Creating and managing your account and organisation
Processing credit purchases and maintaining your credit balance
Generating, storing and delivering compliance reports and dossier documents
Sending transactional emails (verification, password reset, scan notifications)
Responding to support requests
Detecting and preventing fraudulent or abusive use
Maintaining platform security and reliability
Complying with legal and regulatory obligations
We do not sell your personal data
We do not use your data for behavioural advertising
Automated processing

Automated Processing & AI Analysis

Sentinel performs automated static analysis of software repositories using its rule-based compliance engine. This involves deterministic pattern matching against EU AI Act article requirements, automated scoring, evidence classification and generation of compliance findings.

Technical assessment only. Sentinel outputs do not produce legally binding compliance decisions and do not replace legal advice, notified body assessment or regulatory certification.

You retain the right to request human review of any automated result. Contact: office@gettingsentinel.com

Retention

Data Retention — how long we keep data

Account dataDuration of account + 90 days after deletion
Audit records & reportsDuration of your account
Billing records7 years (EU accounting regulations)
Technical logs90 days
Cloned repositoriesDeleted immediately upon scan completion
Security

Security measures

All data in transit is encrypted using TLS 1.2 or higher
Passwords are stored using bcrypt hashing with individual salts
Database access is restricted to authenticated application processes
Audit outputs are access-controlled per organisation
Platform activity is logged for security monitoring
Payment processing is handled by Lemon Squeezy (PCI-DSS compliant)
International transfers

International transfers

Sentinel operates infrastructure within the European Economic Area. Where we use third-party providers that process data outside the EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission. A list of processors and their data locations is available upon request.

Third-party services

Third-Party services we use

Lemon Squeezy

Payment processing and credit purchase management

Vercel

Platform hosting and content delivery

Email provider

Transactional email delivery

We select processors that provide GDPR-adequate safeguards and enter into Data Processing Agreements where required.

Your rights

Your Rights under GDPR

Right of access

Obtain a copy of the personal data we hold about you

Right to rectification

Correct inaccurate or incomplete data

Right to erasure

Request deletion of your data (subject to legal retention obligations)

Right to portability

Receive your data in a structured, machine-readable format

Right to restriction

Limit the processing of your data in certain circumstances

Right to object

Object to processing based on legitimate interests

Withdraw consent

Where processing is based on consent

Lodge a complaint

With your national data protection supervisory authority

To exercise any right, contact office@gettingsentinel.com. We respond within 30 days.

Contact

Contact us

Sentinel EU AI Act Compliance

Updates

Updates to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify registered users by email and update the "Last updated" date at the top of this page. Continued use of Sentinel after notification constitutes acceptance of the updated policy.

Terms of Service →Security →office@gettingsentinel.com