SENTINEL

Privacy Policy

Effective Date: April 1, 2026

This Privacy Policy describes how Univerance Labs ("Company," "we," "us," or "our") collects, uses, stores, and shares information when you use the Sentinel platform at sentinel.univerancelabs.com and related services (the "Service"). By using the Service, you agree to the practices described in this Privacy Policy.

1. Information We Collect

1.1 Account Information

When you create an account, we collect your email address. Authentication is handled via passwordless magic link, so we do not collect or store passwords. If you subscribe to a paid plan, we collect your name and billing address as required by our payment processor.

1.2 Protected Account Metadata

When you add protected accounts for monitoring, we collect the identifiers you provide, such as email addresses, social media handles, domain names, device identifiers, and cloud service account names. We collect only the metadata necessary to perform security scans. We do not collect, access, or store your passwords, authentication credentials, private messages, files, or other content from your protected accounts.

1.3 Scan Results and Threat Data

We store the results of security scans performed on your protected accounts, including identified threats, risk scores, vulnerability assessments, and security recommendations generated by our AI analysis engines. This data is retained according to your subscription tier's retention policy (see Section 5).

1.4 Usage Information

We automatically collect information about how you interact with the Service, including pages visited, features used, scan frequency, timestamps, browser type, operating system, and IP address. This information helps us understand usage patterns and improve the Service.

1.5 Payment Information

Payment processing is handled entirely by Stripe. When you subscribe to a paid plan, your payment card details are collected and processed directly by Stripe. We do not receive, access, or store your full credit card number, debit card number, or bank account details. We receive only a limited set of information from Stripe, including the last four digits of your card, card brand, expiration date, billing address, and transaction status, which we use for billing records and customer support.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Provide the Service: Perform security scans, generate threat reports, deliver scan results, and send email alerts about detected threats
  • Account Management: Authenticate your identity, manage your subscription, and enforce plan limits
  • Billing: Process payments, manage subscriptions, and maintain billing records through Stripe
  • Service Improvement: Analyze aggregated, anonymized usage data to improve our AI detection engines, refine threat assessment accuracy, and enhance the user experience. We do not use your individual scan data or protected account information to train AI models.
  • Communications: Send transactional emails (scan results, security alerts, account notifications), and, with your consent, product updates and announcements
  • Security and Fraud Prevention: Detect and prevent abuse, unauthorized access, and fraudulent activity on our platform
  • Legal Compliance: Comply with applicable laws, legal processes, and law enforcement requests

3. AI Processing and Third-Party AI Services

Sentinel uses artificial intelligence to analyze your protected accounts and detect security threats. When a scan is initiated, relevant metadata about your protected accounts is sent to Anthropic's Claude API for analysis. This is essential to the core functionality of the Service.

What is sent to Anthropic:

  • Protected account identifiers (email addresses, domains, social handles, etc.)
  • Contextual information necessary for threat analysis (such as publicly available data about the target)
  • Scan parameters and engine configuration

What is NOT sent to Anthropic:

  • Your Sentinel account credentials or email magic links
  • Your payment information
  • Passwords or authentication tokens for your protected accounts

Anthropic processes API requests in accordance with their own Privacy Policy and Terms of Service. As of the effective date of this Privacy Policy, Anthropic states that data submitted via their API is not used to train their models. We encourage you to review Anthropic's policies directly for the most current information.

We do NOT use your individual data to train our own AI models. Any model improvement is performed using aggregated and anonymized datasets only.

4. Third-Party Services

We use the following third-party services to operate the Service. Each processes data in accordance with their own privacy policies:

Stripe

Payment processing. Handles credit card data, subscription billing, and payment records. We never receive or store your full card number.

stripe.com/privacy

Supabase

Database hosting. Stores your account data, protected account metadata, scan results, and application state. Data is encrypted at rest.

supabase.com/privacy

Resend

Email delivery. Sends authentication magic links, scan result notifications, and threat alert emails. Receives your email address for delivery purposes.

resend.com/legal/privacy-policy

Anthropic

AI analysis. Processes protected account metadata through the Claude API to perform security threat assessments. See Section 3 for details.

anthropic.com/policies/privacy

Fly.io

Application hosting. Runs the Sentinel application servers. Processes requests in transit but does not independently store user data.

fly.io/legal/privacy-policy

5. Data Retention

5.1 Scan Data Retention by Plan

Scan results and threat data are retained based on your subscription tier:

  • Free: 7 days from the date of the scan
  • Shield: 30 days from the date of the scan
  • Fortress: 365 days from the date of the scan

Scan data older than your plan's retention period is automatically and permanently deleted. If you downgrade your plan, data exceeding the new plan's retention window will be deleted at the start of your next billing cycle.

5.2 Account Data

Your account information (email address, plan details, protected account configuration) is retained for as long as your account is active.

5.3 Account Deletion

You may request deletion of your account and all associated data at any time by contacting us at privacy@univerancelabs.com. Upon receiving a deletion request, we will delete your account data, protected account metadata, and all scan results within 30 days. Some data may be retained longer if required by law or for legitimate business purposes (such as billing records for tax compliance), in which case we will inform you of the specific retention period and reason.

6. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption in Transit: All data transmitted between your browser and our servers is encrypted using TLS 1.3
  • Encryption at Rest: All stored data is encrypted using AES-256 encryption
  • Database Security: Row Level Security (RLS) policies are enforced in our Supabase database, ensuring that users can only access their own data
  • API Security: Database service role keys are used exclusively on the server side and are never exposed to client-side code
  • Access Controls: Internal access to production systems and user data is restricted to authorized personnel on a need-to-know basis
  • Authentication Security: Passwordless magic link authentication eliminates the risk of password-based attacks such as credential stuffing and brute force

While we take extensive measures to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security, and you acknowledge this inherent risk when using the Service.

7. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you, including scan results, protected account metadata, and usage data
  • Correction: Request correction of inaccurate or incomplete personal information
  • Deletion: Request deletion of your account and all associated data (see Section 5.3 for details)
  • Data Export: Request an export of your data in a commonly used, machine-readable format
  • Opt-Out of Communications: Unsubscribe from non-essential communications (product updates, announcements) at any time via the unsubscribe link in our emails. Note that you cannot opt out of transactional emails (security alerts, scan results, account notifications, billing receipts) as they are essential to the operation of the Service
  • Restrict Processing: Request that we limit processing of your personal data in certain circumstances

To exercise any of these rights, contact us at privacy@univerancelabs.com. We will respond to all legitimate requests within 30 days. We may ask you to verify your identity before processing your request.

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA). If you are a resident of the European Economic Area (EEA), you may have additional rights under the General Data Protection Regulation (GDPR). Contact us for more information about exercising these rights.

8. Cookies and Tracking Technologies

Sentinel uses only essential session cookies required for authentication and application functionality. These cookies are strictly necessary for the Service to operate and cannot be disabled.

Specifically, we use:

  • Session Cookies: Used to maintain your authenticated session after signing in via magic link. These cookies expire when you close your browser or after a set session duration.

We do not use:

  • Third-party tracking cookies
  • Advertising or remarketing cookies
  • Analytics cookies from third-party services (such as Google Analytics)
  • Cross-site tracking pixels or beacons

9. Children's Privacy

The Service is not intended for use by individuals under the age of 13 (or the minimum age of digital consent in your jurisdiction). We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information promptly. If you believe a child under 13 has provided us with personal information, please contact us at privacy@univerancelabs.com.

10. International Data Processing

The Service is operated from and data is processed in the United States. If you access the Service from outside the United States, your information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country of residence.

By using the Service, you consent to the transfer of your information to the United States and its processing as described in this Privacy Policy. If you are located in the EEA, UK, or other regions with data transfer regulations, we will ensure that appropriate safeguards are in place for any cross-border data transfers.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons.

For material changes that affect how we collect, use, or share your personal information, we will provide at least thirty (30) days' advance notice by sending an email to the address associated with your account and by posting the updated policy on the Service with a revised "Effective Date."

Your continued use of the Service after the effective date of any changes constitutes your acceptance of the revised Privacy Policy. If you do not agree with the changes, you should stop using the Service and request deletion of your account.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Univerance Labs

Email: privacy@univerancelabs.com

Website: sentinel.univerancelabs.com

For questions about our Terms of Service, please contact legal@univerancelabs.com.

← Back to Home