privacy policy

Privacy Policy

Effective: 2026-05-22 · Last updated: 2026-05-22

Sentrely Inc. ("Sentrely", "we", "us") operates the Sentrely platform — a control plane for AI agents at sentrely.com and app.sentrely.com. This policy explains what data we collect, how we use it, who we share it with, and the rights you have over your data.

TL;DR: If you're a paying customer, we process the data you connect to Sentrely under your direction — we are the data processor; you are the data controller. We do not sell your data, do not use it to train AI models, and do not share it with third parties except for the subprocessors listed at sentrely.com/security/subprocessors. You can export or delete your data at any time.

1. Who we are

Sentrely Inc. is a Delaware corporation. Our business address and contact information are available on request via privacy@sentrely.com. The Data Protection Officer (DPO) function is held by our CTO; contact via the same address.

2. Data we collect

2.1 From website visitors (sentrely.com)

  • IP address and basic browser metadata (for security + analytics)
  • Page-view events (which pages, when, referrer)
  • Email address (if you sign up for the newsletter or contact us)
  • Information you voluntarily provide (form submissions, demo requests)

2.2 From customer accounts (app.sentrely.com)

  • Account information (email, name, organization, billing contact)
  • Workspace configuration (project setup, agent policies, integrations enabled)
  • Agent transcripts and audit logs (what your agents did, scoped to your workspace)
  • OAuth tokens and credentials you connect (Gmail, Slack, GHL, AWS, etc.) — encrypted at rest with per-workspace KMS keys
  • Usage telemetry (request rates, error rates, billing-relevant metrics)

2.3 What we do NOT collect

  • We do not collect special-category personal data (race, religion, health, etc.) unless you voluntarily input it
  • We do not collect children's data (Sentrely is not directed at users under 16)
  • We do not use device fingerprinting or cross-site tracking

3. How we use your data

  • Provide the service. Run your agents, store your audit logs, dispatch your notifications.
  • Bill you. Calculate usage; process payments via Stripe.
  • Support. Respond when you contact us; troubleshoot your reports.
  • Security. Detect fraud, abuse, and intrusion. Run audit logs.
  • Compliance. Meet legal obligations (tax, anti-money-laundering, lawful requests).
  • Product analytics. Understand aggregate usage patterns to improve the product. Aggregated, not individual-targeted.
  • Communications. Service announcements; opt-in marketing.

We do NOT:

  • Sell your data
  • Use your data to train AI models (yours or Sentrely's)
  • Share your data with advertisers
  • Cross-reference your data with other tenants on the platform

4. Subprocessors

We use a small number of third-party services to deliver Sentrely. Every subprocessor is risk-assessed annually, contractually bound, and reviewed quarterly. The current list — including what data each one sees and where they operate — is published at sentrely.com/security/subprocessors. We notify Pro+ customers 30+ days before adding a new Tier-1 subprocessor.

5. International transfers

Sentrely's primary infrastructure runs in AWS us-east-1 (Virginia, USA), with disaster-recovery replicas in us-west-2 (Oregon, USA). If you connect from outside the US (e.g. EU, UK), your data crosses borders to reach our infrastructure. We rely on Standard Contractual Clauses (SCCs) for these transfers per GDPR Chapter V. EU-specific data-residency requirements are met on a case-by-case basis via our Enterprise plan.

6. Retention

Per our internal data-retention policy (ISP-005):

  • Audit logs: 90 days in operational storage, then archived to AWS S3 Object Lock for up to 7 years (compliance retention)
  • Agent transcripts: 90 days by default; workspace admins can shorten (minimum 7 days) via the dashboard
  • Account PII: kept while your account is active + 30 days grace period after deletion; then hard-deleted
  • Backups: 35-day rolling window; expire automatically
  • Signed contracts: 7 years post-termination (legal hold)

7. Your rights

Depending on your jurisdiction, you have the right to:

  • Access — request a copy of the data we hold about you (GDPR Art. 15)
  • Rectify — correct inaccurate data (GDPR Art. 16)
  • Erase — request deletion of your data (GDPR Art. 17 / CCPA right-to-delete)
  • Portability — export your data in a machine-readable format (GDPR Art. 20)
  • Object — opt out of certain processing (GDPR Art. 21)
  • Withdraw consent — at any time, where consent was the legal basis
  • Lodge a complaint with your local data protection authority

To exercise any of these rights, email privacy@sentrely.com. We aim to respond within 30 days. For dashboard accounts, the workspace owner can export and delete data directly via Settings → Privacy.

8. Security

Detailed technical controls are at sentrely.com/security. Highlights: TLS 1.2+ in transit; AES-256 at rest via AWS KMS with per-workspace Customer Master Keys; Row-Level Security + workspace_id scoping for tenant isolation; audit logging on every privileged action; PII redaction chokepoint before storage; SOC 2 Type 2 audit in progress.

9. Children's privacy

Sentrely is not directed at children under 16. We do not knowingly collect data from children. If you believe a child has provided us data, contact us and we will delete it.

10. Changes to this policy

We may update this policy. Material changes are communicated via the dashboard and email to account billing contacts. The "Last updated" date at the top reflects the most recent change.

11. SMS / text messaging

If you provide your mobile number and opt in — for example, by checking the SMS consent box on a form at sentrely.com or on a Sentrely lead form — you agree to receive SMS text messages from Sentrely about your inquiry, your account, and (only if you separately opted into marketing) product updates. Message frequency varies. Message and data rates may apply. Reply STOP at any time to opt out, or HELP for help. See our Terms of Service for full messaging terms.

We do not sell, rent, or share your mobile information, phone number, or SMS opt-in/consent with any third parties or affiliates for marketing or promotional purposes. Phone numbers and consent status are disclosed only to the messaging providers (our CRM and telephony vendor) strictly to deliver the messages you requested. Opting out of SMS does not affect your ability to use our website or services.

12. Contact

General privacy questions: privacy@sentrely.com
Security disclosure: security@sentrely.com
General: jordan@sentrely.com

newsletter

AI agent stories, every 2 weeks

Real-world lessons on running AI agents in production — RBAC patterns, audit gotchas, approval workflows. No spam.

Unsubscribe anytime · No spam, ever

// talk-to-us

Tell us what you're building

We reply within one business day.

Platforms / tools you're using or evaluating *

Or email us directly at jordan@sentrely.com

get early access

Get early access

Leave your details and we'll reach out to get you set up.

No spam. We'll only use this to set up your access.