Sentinel - Privacy Policy

Last updated: 19 March 2026 Version: 2.0

1. Who We Are

Sentinel is a product of Normtech Ltd, a company registered in England and Wales (company number: 17105378).

Registered office: Castle House, Silver Street, Wethersfield, Essex, CM7 4BP

Data protection contact: [email protected]

For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, Normtech Ltd is the data controller responsible for your personal data. This Privacy Policy is published at https://heysentinel.ai/privacy.

If you have questions about this Privacy Policy or wish to exercise your data protection rights, please contact us at the address above.

2. What Data We Collect

We collect and process the following categories of personal data:

2.1. Account and Identity Data

Email address (provided during registration via Clerk)
Display name (first and last name)
Authentication identifier (internal user ID)
Telegram user ID, chat ID, and username (when you link your Telegram account)

2.2. Subscription and Payment Data

Stripe customer ID and subscription ID
Subscription plan (Starter, Pro, or Max)
Subscription status and billing period
Payment method details are handled entirely by Stripe - we do not store your card number, CVV, or full payment details on our servers.

2.3. Messages and Conversation Data

Text messages you send to Sentinel via Telegram
Voice messages (audio files and transcriptions)
Photos, documents, stickers, and other media you send
Sentinel's responses to you
Message metadata (timestamps, message type, direction)

2.4. Integration Data

When you connect third-party services, we process:

Google Calendar: Calendar events, event details, and free/busy status (read and write access as authorised by you)
Telegram: Your messages, user profile information, and chat interactions

We may introduce additional integrations (such as Gmail, Notion, and others) in the future. When new integrations become available, this policy will be updated to reflect the data they process.

We store encrypted OAuth refresh tokens for Google integrations. These are encrypted using envelope encryption (AES-256-GCM with per-token data keys) and are never stored in plaintext.

2.5. Usage Data

Monthly message counts and token usage (input and output)
Model usage and associated costs (for internal billing calculations)
Task execution logs (scheduled task run times, durations, success/failure status)

2.6. Memories and Preferences

Extracted facts, preferences, and behavioural patterns that Sentinel learns from your conversations (stored as key-value pairs with categories like "preference", "fact", "relationship", "behaviour")
Structured settings and preferences you configure

2.7. Media Files

Photos, documents, voice messages, and other files you send are stored in DigitalOcean Spaces (S3-compatible object storage) with keys formatted as media/{userId}/{messageId}/{filename}
Voice messages are transcribed locally using whisper.cpp - the audio is processed entirely on our infrastructure and is not sent to any third-party transcription service

2.8. Web App Analytics

Our website (heysentinel.ai) uses Umami, a self-hosted, privacy-focused analytics platform
Umami does not use cookies, does not collect personally identifiable information, and anonymises all visitor data
We collect aggregated, anonymous data such as page views, section visibility, and referral sources
No data is shared with third-party analytics providers

2.9. Technical and Security Data

IP addresses (logged temporarily in server access logs)
OAuth security event logs (failed authentication attempts, state verification failures - logged for security monitoring without storing sensitive payload data)

3. How We Collect Your Data

We collect personal data in the following ways:

3.1. Directly from you

When you create an account through our web app (via Clerk authentication)
When you send messages, files, or voice notes to Sentinel via Telegram
When you configure settings, preferences, or scheduled tasks
When you connect third-party integrations (such as Google Calendar)

3.2. From third-party services

Clerk: Account creation and authentication data (email, name) via webhook
Stripe: Payment and subscription status updates via webhook
Telegram: Messages and media you send to the Sentinel bot
Google: Calendar events when you authorise access

3.3. Generated automatically

Usage metrics (token counts, message counts, costs) calculated as you use the Service
Memories and facts extracted from your conversations by the AI
Task execution logs generated when Scheduled Tasks run
Web analytics data collected by Umami when you visit our website

4. Legal Basis for Processing

Under Article 6 of the UK GDPR, we process your personal data on the following legal bases:

Account and identity data - Contract (Art. 6(1)(b)): Necessary to create and maintain your account and provide the Service.
Messages and conversation data - Contract (Art. 6(1)(b)): Necessary to deliver the core AI assistant functionality you have subscribed to.
Integration data (Google Calendar) - Consent (Art. 6(1)(a)): You explicitly authorise access when you connect each integration; you can revoke at any time.
Payment and subscription data - Contract (Art. 6(1)(b)): Necessary to process payments and manage your subscription.
Usage data and token counts - Legitimate interest (Art. 6(1)(f)): Necessary to enforce usage limits, calculate costs, and maintain service quality.
Memories and preferences - Contract (Art. 6(1)(b)): Necessary to personalise the Service and provide contextual assistance as part of the core product.
Media files - Contract (Art. 6(1)(b)): Necessary to process and respond to the content you send us.
Web analytics (Umami) - Legitimate interest (Art. 6(1)(f)): Necessary to understand website usage and improve the Service; minimal privacy impact as data is anonymous and aggregated.
Security logs - Legitimate interest (Art. 6(1)(f)): Necessary to detect and prevent fraud, abuse, and security threats.
Legal compliance - Legal obligation (Art. 6(1)(c)): Where required to comply with applicable law.

Where we rely on legitimate interest, we have conducted a balancing test and determined that our interests do not override your fundamental rights and freedoms, given the measures we take to protect your data.

5. How We Use Your Data

We use your personal data for the following purposes:

5.1. Providing the Service - Processing your messages, generating responses, executing Scheduled Tasks, managing Integrations, and delivering the AI assistant functionality.

5.2. Personalisation - Learning your preferences, remembering facts about you, and adapting responses to be more helpful over time.

5.3. Billing and account management - Processing payments, managing subscriptions, enforcing usage limits, and handling account lifecycle events.

5.4. Service improvement - Analysing aggregated, anonymised usage patterns to improve features, fix bugs, and develop new capabilities. We do not use your individual Content or Outputs for this purpose.

5.5. Security and abuse prevention - Monitoring for suspicious activity, preventing fraud, and enforcing our Acceptable Use Policy.

5.6. Communication - Sending you service-related notifications (e.g., subscription changes, security alerts, feature updates). We do not send marketing communications.

5.7. Legal compliance - Responding to lawful requests from authorities, complying with applicable law, and protecting our legal rights.

6. AI Processing Disclosure

6.1. How AI processing works. When you send a message to Sentinel, it is transmitted to Anthropic's Claude API for processing. Anthropic's AI models generate a response, which Sentinel then delivers to you via Telegram.

6.2. What is sent to Anthropic. Your message text, relevant conversation context, system instructions, and (where applicable) content from connected Integrations may be included in the prompt sent to Anthropic's API.

6.3. Anthropic's data handling. We use Anthropic's API under their Commercial Terms of Service. Under these terms:

Anthropic does not use API customer data to train or improve their models.
API data is retained by Anthropic for up to 7 days for safety and abuse monitoring, after which it is automatically deleted.
Anthropic may review flagged content for safety and abuse purposes as described in their Acceptable Use Policy.
Anthropic's Data Processing Addendum governs their processing of personal data on our behalf.

6.4. No automated decision-making. Sentinel does not make decisions that produce legal or similarly significant effects on you based solely on automated processing. The AI provides informational responses and suggestions that you are free to accept, modify, or ignore.

6.5. Voice transcription. Voice messages are transcribed locally on our infrastructure using whisper.cpp. Audio data is not sent to any third-party transcription service.

7. Third-Party Data Processors

We share your personal data with the following third-party service providers (data processors) who process data on our behalf (last reviewed: March 2026):

Processor	Purpose	Data Shared	Location
Anthropic (API)	AI model processing	Message content, conversation context	United States
DigitalOcean	Cloud infrastructure (database, Redis cache, compute, object storage)	All service data (encrypted at rest)	Frankfurt, Germany (EU)
Stripe	Payment processing	Email, payment method, subscription details	United States / EU
Clerk	Authentication and user management	Email, name, authentication tokens	United States
Telegram (Bot API)	Message delivery	Messages, media, user identifiers	Various (Telegram's infrastructure)
Google (Calendar API)	Integration features	Calendar events (as authorised by you)	Various (Google's infrastructure)

Each processor is bound by a data processing agreement or equivalent terms that require them to protect your data in accordance with applicable law.

We do not sell your personal data to any third party.

8. International Data Transfers

8.1. Our primary infrastructure is hosted in DigitalOcean's Frankfurt (Germany) data centre, within the European Economic Area.

8.2. Some of our processors are based in or process data in the United States, including Anthropic, Stripe, and Clerk.

8.3. Where personal data is transferred outside the UK, we ensure adequate protection through one or more of the following mechanisms:

UK/US Data Bridge (Data Privacy Framework): Where the recipient is certified under the UK Extension to the EU-US Data Privacy Framework.
UK International Data Transfer Agreement (IDTA): Or the UK Addendum to EU Standard Contractual Clauses, as approved by the ICO.
Adequacy decisions: Where the UK government has determined the destination country provides adequate data protection.

8.4. We have assessed the risks of these transfers and are satisfied that appropriate safeguards are in place to ensure your data receives a level of protection not materially lower than that provided under UK law.

8.5. You may request a copy of the relevant transfer safeguards by contacting us.

9. Data Retention

We retain your personal data for as long as necessary to fulfil the purposes for which it was collected, or as required by law.

Data Type	Retention Period
Account and identity data	Life of the account + 30 days after deletion
Messages and conversation history	Life of the account + 30 days after deletion
Media files (photos, documents, voice)	Life of the account + 30 days after deletion
Memories and preferences	Life of the account + 30 days after deletion
Usage data and token counts	Life of the account + 12 months after deletion (for billing reconciliation)
Payment data (Stripe)	As retained by Stripe under their data retention policy
OAuth tokens (encrypted)	Until you revoke the integration or delete your account
Task execution logs	90 days on a rolling basis
Server/security logs	30 days
Workspace backups	7 days (rolling)
Web analytics (Umami)	Aggregated indefinitely (no personal data)

After account deletion:

When you delete your Account, we mark it for deletion.
Your data is retained for 30 days to allow for account recovery or data export requests.
After 30 days, all personal data is permanently deleted from our database, including messages, memories, preferences, and usage data.
Media files are deleted from object storage.
Due to the nature of database backups, fragments of your data may persist in encrypted backup files for up to 7 additional days after the 30-day retention period.
Data held by third-party processors (Stripe, Clerk, Anthropic) is subject to their respective retention policies.

10. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

10.1. Right of access - You have the right to request a copy of the personal data we hold about you.

10.2. Right to rectification - You have the right to request correction of inaccurate or incomplete personal data.

10.3. Right to erasure ("right to be forgotten") - You have the right to request deletion of your personal data. We will comply unless we have a lawful reason to retain it.

10.4. Right to restriction of processing - You have the right to request that we restrict the processing of your personal data in certain circumstances.

10.5. Right to data portability - You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.

10.6. Right to object - You have the right to object to processing based on legitimate interest. We will stop processing unless we have compelling legitimate grounds that override your interests.

10.7. Right to withdraw consent - Where processing is based on consent (e.g., Integration access), you may withdraw consent at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

10.8. Rights related to automated decision-making - You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. As noted in Section 6.4, Sentinel does not make such decisions.

How to exercise your rights

To exercise any of these rights, please contact us at [email protected]. We will respond within one month of receiving your request. In complex cases, we may extend this by a further two months, in which case we will inform you of the extension and the reasons.

We may ask you to verify your identity before processing your request.

There is no fee for exercising your rights, unless your request is manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse the request.

Right to complain

If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Website: https://ico.org.uk/make-a-complaint/
Telephone: 0303 123 1113
Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

11. Cookies and Tracking

11.1. Web app (heysentinel.ai). Our website uses Umami, a self-hosted, open-source analytics platform. Umami is cookie-free and does not track individual users across sessions or websites.

11.2. What Umami collects. Page views, section visibility events, referral sources, browser type, screen size, and country (derived from anonymised IP). No personally identifiable information is collected or stored.

11.3. No third-party tracking. We do not use Google Analytics, Facebook Pixel, or any other third-party tracking scripts on our website.

11.4. Authentication cookies. Our web app uses Clerk for authentication, which sets strictly necessary session cookies to maintain your login state. These are essential for the Service to function and do not require consent under UK PECR (Privacy and Electronic Communications Regulations).

11.5. No cookie consent banner. Because we do not use non-essential cookies or tracking technologies, we do not display a cookie consent banner. If this changes in the future, we will update this policy and implement appropriate consent mechanisms.

12. Children's Data

12.1. Sentinel is not intended for use by anyone under the age of 18.

12.2. We do not knowingly collect personal data from children under 18. If we become aware that we have collected personal data from a child, we will take steps to delete that data promptly.

12.3. If you believe a child under 18 has provided us with personal data, please contact us at [email protected].

13. Data Security

We take the security of your personal data seriously and implement appropriate technical and organisational measures, including:

13.1. Encryption at rest. Database connections use TLS encryption. OAuth tokens are encrypted using envelope encryption (AES-256-GCM) with per-token data keys encrypted by a master key (HKDF-derived).

13.2. Encryption in transit. All communications between users, our servers, and third-party APIs use TLS/HTTPS.

13.3. Container isolation. Each user's AI assistant runs in an isolated container environment with restricted permissions, read-only system access, no privilege escalation, and dedicated persistent storage per user.

13.4. Database security. Our PostgreSQL database is a managed service on DigitalOcean with firewall rules restricting access to authorised services only. Row-level security (RLS) is used to ensure users can only access their own data.

13.5. Access controls. Internal API endpoints use shared secrets for authentication. Webhook endpoints verify signatures (Stripe, Clerk, Telegram) to prevent spoofing.

13.6. Security monitoring. OAuth security events (failed verifications, replay attempts, expired states) are logged for monitoring.

13.7. Backups. Workspace data is backed up daily with 7-day retention. Database backups are managed by DigitalOcean's managed database service.

13.8. Incident response. In the event of a personal data breach, we will notify the ICO within 72 hours where required by law and will notify affected users without undue delay where the breach is likely to result in a high risk to their rights and freedoms.

14. Changes to This Privacy Policy

14.1. We may update this Privacy Policy from time to time to reflect changes in our data practices, applicable law, or the Service.

14.2. We will notify you of material changes by email to the address associated with your Account and/or by a notice within the Service.

14.3. We encourage you to review this Privacy Policy periodically. The "Last updated" date at the top of this policy indicates when the most recent changes were made.

14.4. Your continued use of the Service after any changes to this Privacy Policy constitutes your acceptance of the updated policy.

15. Contact Us

If you have any questions about this Privacy Policy, your personal data, or wish to exercise your data protection rights, please contact us:

Normtech Ltd Castle House, Silver Street, Wethersfield, Essex, CM7 4BP Email: [email protected] Website: https://heysentinel.ai

You may also contact the Information Commissioner's Office (ICO) if you have concerns about how we handle your data:

Website: https://ico.org.uk
Telephone: 0303 123 1113