SentrAISentrAI

Privacy Policy

Last updated: 20 May 2026

SentrAI (“we”, “us”, “our”) is committed to protecting your personal data. This Privacy Policy explains how we collect, use, and protect information when you use our website security intelligence platform at sentrai.co.uk (the “Service”).

1. Data Controller

SentrAI is the data controller for personal data processed through the Service. Registered address: SentrAI, 71-75 Shelton Street, London, WC2H 9JQ. Contact us at: hello@sentrai.co.uk.

We do not currently have a Data Protection Officer (DPO) appointed. For all data protection enquiries, please contact hello@sentrai.co.uk.

2. What Data We Collect

Account data

When you create an account: name, email address, and authentication credentials (managed by Clerk).

Scan data

Domain names you submit for scanning, scan results, risk scores, findings, and AI-generated summaries. Scans only analyse publicly available information (DNS records, HTTP headers, SSL certificates, publicly loaded scripts).

Lead data

If you provide your email to unlock scan findings: email address, domain scanned, and consent record.

Outreach data (Article 14 — data not obtained directly from you)

We may scan publicly accessible websites and collect publicly available contact information for the purpose of sending B2B security assessment reports. Specifically, we may collect:

The lawful basis for this processing is legitimate interest (Article 6(1)(f) UK GDPR) — we have a documented Legitimate Interest Assessment available on request. You have the right to object to this processing at any time by contacting us at hello@sentrai.co.uk or using the unsubscribe link in any communication. Unsubscribe records are retained permanently to ensure we honour your opt-out preference.

Billing data

Payment information is processed by Stripe. We store your Stripe customer ID and subscription status but never your card details.

Usage data

IP addresses, browser user agent, pages visited, and actions taken (stored in audit logs for security purposes).

3. How We Use Your Data

We process your data for the following purposes and lawful bases:

4. Data Sharing

We share data with the following sub-processors to operate the Service:

Most of our sub-processors are based in the United States. Transfers are protected by Standard Contractual Clauses (SCCs) and, where applicable, the UK Extension to the EU-US Data Privacy Framework. Your data is not exclusively stored in the EU.

We do not sell your personal data to third parties.

5. Data Retention

6. Your Rights

Under UK GDPR, you have the right to:

To exercise any of these rights, email hello@sentrai.co.uk. We will respond within 30 days.

7. Cookies

We use strictly necessary cookies for authentication. Third-party services (Calendly) are only loaded after you consent via our cookie banner. See our Cookie Policy for details.

8. Automated Decision-Making

Our Service uses AI (Anthropic Claude) to interpret scan findings and generate risk scores. These scores are advisory only and do not have legal or similarly significant effects. The underlying scan data and evidence are always provided alongside AI-generated interpretations.

9. Security

We implement appropriate technical measures including encryption in transit (TLS), encrypted database connections, role-based access controls, and audit logging. Scans are passive and non-intrusive — we never attempt to exploit vulnerabilities.

10. Complaints

If you are unsatisfied with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

11. Changes to This Policy

We may update this policy from time to time. We will notify registered users by email of any material changes. The “last updated” date at the top indicates the most recent revision.