Privacy Policy

Last updated: June 2026 · Effective date: June 1, 2026

1. Information We Collect

Account Information

When you register for a Sentinel OS account, we collect information you provide directly, including:

• Name and email address
• Organization name and job title
• Billing information (processed securely via Stripe — we do not store full card numbers)
• Authentication credentials (passwords are hashed using bcrypt; we never store plaintext passwords)
• SSO identity tokens (when using Google, Microsoft, or Okta sign-in)

Usage Data

We automatically collect certain information when you interact with Sentinel OS:

• API request logs (endpoint, timestamp, response time, HTTP status codes)
• Dashboard page views, feature interactions, and session duration
• IP addresses and general geographic location (country/region level)
• Browser type, operating system, and device identifiers
• Referral URLs and search terms leading to our site

Sensor and Threat Intelligence Data

As part of operating Sentinel OS, we process operational data you submit or that is ingested on your behalf:

• Vessel tracking and AIS data feeds configured by your account
• Submarine cable monitoring telemetry and anomaly events
• BGP routing data and internet infrastructure alerts
• Custom sensor configurations and alert rules
• Threat event records, incident logs, and response action history

Cookies and Tracking Technologies

We use cookies and similar technologies to operate and improve Sentinel OS. See Section 8 for full details.

2. How We Use Your Information

Platform Operation

• Authenticate your identity and maintain secure sessions
• Provision and manage your Sentinel OS tenant environment
• Process API requests and return threat intelligence results
• Enforce subscription plan limits and API rate limits
• Bill and collect payment for subscription services

Threat Detection and Analytics

• Correlate sensor data across submarine cable, maritime, and cyber domains
• Generate real-time threat alerts and risk scores
• Train and improve our AI models for anomaly detection (using aggregated, anonymized data)
• Produce usage analytics for your account dashboard

Communication

• Send transactional emails (account confirmation, password reset, billing receipts)
• Deliver incident alerts and threat notifications you have subscribed to
• Provide product updates, security advisories, and release notes (opt-out available)
• Respond to support requests and technical inquiries

Legal and Safety

• Comply with applicable laws, regulations, and legal obligations
• Detect, prevent, and investigate fraud, abuse, or security incidents
• Enforce our Terms of Service and other policies

3. Data Sharing and Disclosure

Service Providers

We share information with trusted third-party vendors who help us operate Sentinel OS. These providers are contractually bound to use your data only as directed by us and in accordance with this policy. Current categories include:

• Cloud infrastructure providers (compute, storage, and CDN)
• Payment processors (Stripe) for billing and subscription management
• Email delivery providers for transactional and alert notifications
• Analytics providers for product usage insights (Google Analytics — see Section 8)
• Error monitoring and logging services for platform reliability

Law Enforcement and Legal Requirements

We may disclose your information when required to do so by law or in response to valid legal process (subpoena, court order, or government request). We will notify you of such requests where legally permitted.

Business Transfers

If SpaceTime Industries is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will provide notice before your personal data is subject to a different privacy policy.

With Your Consent

We may share your information in other ways if you have provided explicit consent.

4. Data Security

We take the security of your data seriously. Sentinel OS is built with security-first architecture:

• Encryption in transit: All data is transmitted over HTTPS/TLS 1.3. API connections enforce encrypted channels.
• Encryption at rest: Data stored in our systems is encrypted using AES-256. ZeroDB, our vector and document store, applies encryption at the storage layer.
• Role-Based Access Control (RBAC): Access to data is restricted to authorized personnel and enforced by tenant-level isolation.
• Audit logging: All access to sensitive data and administrative actions are logged with timestamps, user identities, and IP addresses.
• JWT RS256 authentication: API access is protected by signed tokens with short expiration windows.
• Multi-tenant isolation: Each customer tenant is logically isolated. Cross-tenant data access is prevented at the architecture level.

No method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee absolute security. In the event of a data breach that affects your rights, we will notify you in accordance with applicable law.

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you services. Specific retention periods by data type:

• Account data: Retained for the lifetime of your account plus 30 days after account closure (to allow reactivation).
• API and usage logs: Retained for 90 days for operational purposes, then aggregated and anonymized.
• Threat event data: Retained per your configured retention policy (default 12 months on Starter and Professional plans).
• Billing records: Retained for 7 years to comply with financial regulations.
• Audit logs: Retained for 1 year, or longer if required by law.

Upon written request, we will delete or anonymize your personal data within 30 days, subject to exceptions required by law (such as billing records).

6. Your Rights

Depending on your jurisdiction, you may have the following rights with respect to your personal data:

Access and Portability

You have the right to request a copy of the personal data we hold about you, in a portable, machine-readable format (JSON or CSV).

Correction

You may update or correct inaccurate personal data at any time through your account settings or by contacting us directly.

Deletion

You may request deletion of your account and associated personal data. We will fulfill deletion requests within 30 days, subject to legal retention requirements.

Opt-Out

You may opt out of marketing and product update emails at any time using the unsubscribe link in any email or by updating your notification preferences in your account settings. You cannot opt out of transactional emails required for account operation (e.g., billing receipts, security alerts).

Restriction and Objection

Under GDPR and similar laws, you may have rights to restrict processing of your data or object to certain processing activities. Contact us at legal@usesentinel.io to exercise these rights.

7. Cookies and Tracking

Essential Cookies

These cookies are necessary for Sentinel OS to function. They cannot be disabled.

• Session authentication tokens (JWT-based, HttpOnly, Secure)
• CSRF protection tokens
• User preference cookies (theme, language)

Analytics Cookies

We use Google Analytics (measurement ID: G-KE7HTK54R7) to understand how visitors interact with our website and product. Google Analytics collects anonymized usage data including page views, session duration, and referral sources. You can opt out of Google Analytics using the Google Analytics Opt-out Browser Add-on.

Managing Cookies

Most browsers allow you to control cookies through their settings. Disabling essential cookies may prevent Sentinel OS from functioning correctly. Our cookie consent banner (displayed on first visit) allows you to accept or decline non-essential cookies.

8. International Data Transfers

SpaceTime Industries, Inc. is headquartered in the United States. If you are accessing Sentinel OS from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate.

For users in the European Economic Area (EEA) or United Kingdom, we rely on appropriate legal mechanisms for cross-border data transfers, including Standard Contractual Clauses (SCCs) where applicable. Contact us for a copy of the relevant transfer mechanisms.

9. Children’s Privacy

Sentinel OS is a professional security and intelligence platform intended exclusively for business and government users. We do not knowingly collect personal information from individuals under the age of 18. If you believe a minor has provided us with personal information, please contact us immediately and we will delete that information.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

• Update the “Last updated” date at the top of this page
• Send an email notification to registered account holders
• Display a notice in the Sentinel OS dashboard for 30 days following the change

Continued use of Sentinel OS after the effective date of a revised policy constitutes your acceptance of the updated terms.

11. Contact Us

If you have questions, concerns, or requests related to this Privacy Policy or your personal data, please contact us: