Privacy Policy
Last updated · June 6, 2026
SentrAI is an enterprise security product. We collect only the data needed to operate the service for your organization and meet our contractual and legal obligations.
Data we collect
- Account data: email address and authentication identifiers from your identity provider.
- Connection metadata: GitHub organization slugs you connect to SentrAI.
- Audit events: policy decisions (allow, warn, block) emitted by your repositories, with timestamps, repository names, actor handles, AI source, and SHA-256 evidence hashes.
- Pilot intake: email and optional company name you provide on our marketing site. We hash the requesting IP for abuse prevention.
- Operational logs: standard request logs retained for up to 30 days for security and reliability.
How we use it
Strictly to provide, secure, support, and improve the service for your tenant. We do not sell your data. We do not use customer code or audit content to train models.
Sub-processors
SentrAI runs on Lovable Cloud (Supabase, AWS-backed) and Cloudflare. A full sub-processor list is available on request to privacy@sentrai.dev.
Retention
Audit events are retained per tenant retention configuration (default 12 months). Pilot intake records are retained 24 months unless you ask us to delete them.
Your rights
You may request access, correction, export, or deletion of your data by emailing privacy@sentrai.dev. For GDPR / CCPA requests we respond within 30 days.
Contact
SentrAI · privacy@sentrai.dev
