How we handle your personal data
Sentinel EU AI Act Compliance ("Sentinel", "we", "us", "our") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store and protect information about you when you use our services.
Sentinel is an evidence-oriented compliance assessment platform that analyses software repositories and technical artefacts to generate EU AI Act compliance assessments. This policy describes our data practices in full.
What this policy covers
This Privacy Policy applies to:
It does not apply to third-party services linked from our platform.
Personal data we collect
Repository processing — what happens to your code
If your repository is private, credentials you provide (e.g. a personal access token) are used solely for the scan and are not retained thereafter.
Legal Bases under GDPR
Processing necessary to provide the Sentinel service — account management, scanning and report generation.
Improving service reliability, detecting abuse and security monitoring.
Retaining billing records as required by applicable accounting and tax law.
For non-essential cookies and optional communications only.
How we use your data
Automated Processing & AI Analysis
Sentinel performs automated static analysis of software repositories using its rule-based compliance engine. This involves deterministic pattern matching against EU AI Act article requirements, automated scoring, evidence classification and generation of compliance findings.
You retain the right to request human review of any automated result. Contact: office@gettingsentinel.com
Data Retention — how long we keep data
Security measures
International transfers
Sentinel operates infrastructure within the European Economic Area. Where we use third-party providers that process data outside the EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission. A list of processors and their data locations is available upon request.
Third-Party services we use
Lemon Squeezy
Payment processing and credit purchase management
Vercel
Platform hosting and content delivery
Email provider
Transactional email delivery
We select processors that provide GDPR-adequate safeguards and enter into Data Processing Agreements where required.
Your Rights under GDPR
Right of access
Obtain a copy of the personal data we hold about you
Right to rectification
Correct inaccurate or incomplete data
Right to erasure
Request deletion of your data (subject to legal retention obligations)
Right to portability
Receive your data in a structured, machine-readable format
Right to restriction
Limit the processing of your data in certain circumstances
Right to object
Object to processing based on legitimate interests
Withdraw consent
Where processing is based on consent
Lodge a complaint
With your national data protection supervisory authority
To exercise any right, contact office@gettingsentinel.com. We respond within 30 days.
Contact us
Sentinel EU AI Act Compliance
Updates to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify registered users by email and update the "Last updated" date at the top of this page. Continued use of Sentinel after notification constitutes acceptance of the updated policy.