SentinelEU AI Act
Log inStart free audit
Security & Data Protection

Your code is yours. Full stop.

Your source code contains trade secrets and proprietary architecture. Here is exactly how Sentinel handles it — statically, temporarily, and with cryptographic proof.

Never executed
Never permanently stored
Never used for training
Every output signed
Security architecture

Six commitments built into the architecture

These are not policies written after the fact — they are design constraints baked into how Sentinel operates.

Static Analysis Only

Sentinel never executes your code. Analysis is performed entirely through AST parsing, file reading and pattern matching — no runtime calls, no side effects, no network access from your repository.

Mode: Static · Execution: Zero · Side effects: None

No Persistent Code Storage

Your repository is cloned temporarily for the duration of the scan and discarded immediately after. Source code is never written to a permanent store. Only findings and artefacts are retained.

Retention: Scan duration only · Post-scan: Deleted

Deterministic Rule Engine

No large language models are used in the compliance assessment pipeline. Every finding is produced by a deterministic, versioned rule engine — the same input always produces the same output.

Engine: Rule-based · Output: Deterministic · LLM: Not used

Cryptographic Output Integrity

Every audit bundle is signed with RSA-PSS and includes a SHA-256 manifest of all output files. Any post-signature modification of the output is immediately detectable.

Signature: RSA-PSS · Hash: SHA-256 · Canonical: RFC 8785

No Training Use

Source code and all content you submit is never used to train, fine-tune or evaluate machine learning models. This is both a contractual and technical commitment.

ML training: Prohibited · Fine-tuning: Prohibited

EU Jurisdiction

Sentinel is operated within EU jurisdiction. Data processing is governed by GDPR. A Data Processing Agreement is available on request.

Jurisdiction: EU · Framework: GDPR · DPA: On request
Data flow

What happens to your code

Every step from submission to deletion, with no hidden stages.

Your repositorySentinel scanner
Read-only clone · no write access
ScannerAST parser
15 languages · no execution
AST parserRule engine
Deterministic · versioned methodology
Rule engineScoring engine
Weighted article scores
Scoring engineOutput artefacts
audit.json · SARIF · Annex IV
Output artefactsRSA-PSS signature
SHA-256 · RFC 8785 canonical
Source code🗑 Discarded
Immediately after scan completion
Compliance

Certifications & compliance

GDPR Compliance

ACTIVE

Regulation (EU) 2016/679

ISO/IEC 42001:2023

ALIGNED

AI Management Systems

EU AI Act Art. 9

COMPLIANT

Risk Management System

SOC 2 Type II

IN PROGRESS

Trust Services Criteria

ENISA AI Guidelines

ALIGNED

EU Agency Guidelines 2025

NIS2 Directive

ALIGNED

Network & Information Security

Security contact

Found a vulnerability?

Report it to our security team. We take every report seriously and respond promptly.