Privacy Notice

1. Who we are

Sentryline is operated by Dominic Trujillo, an individual sole proprietor. We act as the data controller for personal data processed through the Service. You can reach us at dominictrujillo12345@gmail.com.

2. Categories of personal data we collect

• Account information — name, email, company name, industry, hashed password.
• Uploaded documents — files you upload for compliance gap analysis.
• Generated reports — AI-generated findings, summaries, and action plans tied to your documents.
• Subscription and payment metadata — plan, status, customer and subscription IDs from our payment processor (we do not store full card numbers).
• Usage logs — actions you take in the Service, timestamps, error reports.
• Support messages — emails or messages you send us.
• Technical and device data — IP address, browser, operating system, basic device identifiers.

3. Why we use it (purposes and legal bases)

• Provide the Service — account creation, document analysis, report generation. Legal basis: contract performance.
• Billing and subscription management — process payments via our merchant of record. Contract performance / legal obligation.
• Security and fraud prevention — detect abuse, protect accounts, maintain logs. Legitimate interests.
• Product improvement and support — diagnose issues, respond to inquiries. Legitimate interests.
• Legal compliance — respond to lawful requests, retain records as required. Legal obligation.

4. Who we share data with

• Hosting and database providers — to store and serve your data.
• AI processing providers — your document content is sent to AI model providers for analysis. It is not used to train external models.
• Merchant of Record (Paddle) — for sale of the Service, subscription management, payments, tax compliance, and invoicing.
• Email and support tools — to deliver transactional and support emails.
• Professional advisers — legal or accounting advisers where reasonably required.
• Authorities — where required by law or to protect rights and safety.

5. International transfers

Some of our service providers may process data outside your country of residence. Where applicable, we rely on appropriate safeguards (such as Standard Contractual Clauses or adequacy decisions) for cross-border transfers.

6. Data retention

We keep personal data only as long as needed for the purposes above, to comply with legal obligations, or to resolve disputes. When data is no longer needed, we delete or anonymize it. You can request deletion of your account and associated data at any time.

7. Security

We apply appropriate technical and organisational measures to protect your data, including private document storage, access controls, row-level security on application data, and subscription-gated features. Data is encrypted in transit (TLS) and at rest by our underlying storage provider. No system is 100% secure; we do not claim HIPAA, SOC 2, ISO, or other formal certifications.

8. Your rights

Depending on where you live, you may have the right to access, correct, delete, restrict, or port your personal data; object to certain processing; or withdraw consent. You may also have the right to lodge a complaint with a data protection authority. To exercise any right, email dominictrujillo12345@gmail.com. We aim to respond within one month.

9. Cookies and similar technologies

We use a small number of strictly necessary cookies and local storage entries to keep you signed in and remember your preferences. We do not use advertising cookies. You can clear cookies and local storage at any time in your browser; doing so will sign you out.

10. Children

The Service is not directed to children under 16. We do not knowingly collect personal data from children. If you believe we have, contact us and we will delete it.

11. Changes to this notice

We may update this notice from time to time. Material changes will be communicated via the Service or by email.

12. Contact

Questions about your privacy? dominictrujillo12345@gmail.com.