Sentivel

Privacy Policy

Last updated 23 June 2026

This policy explains how Sentivel Ltd (Sentivel) handles personal data when you use our website and product. We keep it plain on purpose. It covers the data we hold as a controller; data your team puts into Sentivel about your own users is handled under our Data Processing Agreement.

Who we are

Sentivel Ltd is the data controller for the personal data described here. Our registered office is 71–75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom. For any privacy question, email privacy@sentivel.com.

What this policy covers

There are two kinds of data to keep separate:

  • Your data, where we are the controller. Account and usage data about you and your team’s relationship with Sentivel. This policy covers it.
  • Your customers’ data, where we are the processor. Anything your team enters into Sentivel about your own end users, for example a status-page subscriber’s email. We process that only on your instructions, under our DPA.

What we collect

Account data

Your name, email address, and an optional phone number you add so we can page you. Passwords are handled by our authentication provider and stored only as a secure hash: we never see them in the clear. We also hold the workspaces, roles and settings you create.

Technical and usage data

When you use the Service we collect basic technical data such as IP address, device and browser type, and timestamps, plus error and performance diagnostics. We use this to operate, secure and improve the Service.

What we don’t do

We don’t run advertising trackers or sell your data, and we don’t build advertising profiles. Secrets you store (such as request credentials for a monitor) are encrypted at rest.

How we use it, and our legal bases

  • To provide the Service: creating your account, running checks, sending alerts and rendering your status page. Legal basis: performance of our contract with you.
  • To keep it secure and working: diagnostics, abuse and fraud prevention, and rate-limiting. Legal basis: our legitimate interests in a safe, reliable service.
  • To communicate with you: service messages, and product news only where you’ve asked for it. Legal basis: legitimate interests, or your consent for marketing.
  • To meet legal obligations: for example tax, accounting and responding to lawful requests. Legal basis: legal obligation.

Status-page email subscriptions

If a visitor subscribes to a status page for updates, we use a double opt-in: we email a confirmation link and only ever send updates to a confirmed address. Every update includes a one-click unsubscribe, and a subscriber can leave at any time. We don’t use these addresses for anything other than the updates they asked for.

Cookies

We use a small number of strictly necessary cookies: to keep you signed in and to remember which workspace you’re viewing. We don’t use advertising or cross-site tracking cookies. Because our cookies are essential to the Service, they don’t require consent, but you can clear or block cookies in your browser (some features won’t work without the essential ones).

Sharing and sub-processors

We share personal data only with the service providers that help us run Sentivel, each under a data-processing contract, and where the law requires it (for example a valid legal request). We don’t sell personal data. Our current sub-processors are:

SupabasePrivacy notice ↗

Managed Postgres database, authentication and realtime: the primary data store.

Location
European Union (Ireland, eu-west-1)
Transfers
Processed within the EEA: no restricted transfer.
VercelPrivacy notice ↗

Application hosting and content delivery; compute pinned to Dublin.

Location
Compute in the EEA (Dublin); vendor is US-based.
Transfers
EU SCCs + UK Addendum.
ResendPrivacy notice ↗

Transactional and notification email (sign-in links, alerts, status-page subscriber updates).

Location
United States
Transfers
EU SCCs + UK Addendum.
TelnyxPrivacy notice ↗

SMS and voice-call delivery for incident alerting.

Location
United States
Transfers
EU SCCs + UK Addendum.
SentryPrivacy notice ↗

Application error and performance monitoring (configured with personal data collection disabled).

Location
United States
Transfers
EU SCCs + UK Addendum.
AnthropicPrivacy notice ↗

AI-assisted drafting of incident updates: only when the feature is enabled, and only on the text you ask it to draft. Inputs are not used to train its models.

Location
United States
Transfers
EU SCCs + UK Addendum.

International transfers

Your data is stored primarily in the European Economic Area (our database is in the EU and our application compute is pinned to Dublin). Some of our providers are based in the United States. Where personal data is transferred outside the UK or EEA, we rely on appropriate safeguards: the EU Standard Contractual Clauses together with the UK Addendum (and the Data Privacy Framework where a provider is certified), so it keeps an equivalent level of protection.

How long we keep data

We keep personal data only as long as we need it for the purposes above: for the life of your account, and for a limited period afterwards where we have a legal reason (such as tax records) or a legitimate need (such as security logs). When you delete your account we delete or anonymise your personal data, except where we must keep some of it by law.

How we protect data

We use appropriate technical and organisational measures: encryption in transit and at rest for stored secrets, hashed credentials and API tokens, strict tenant isolation between workspaces, optional two-factor authentication, access controls and monitoring, and a hosting region pinned close to our database. No system is perfectly secure, but we take this seriously and will notify you and the regulator of a personal-data breach where the law requires.

Your rights

Under UK and EU GDPR you have the right to access your personal data, to have it corrected or deleted, to restrict or object to processing, to data portability, and to withdraw consent where we rely on it. To exercise any of these, email privacy@sentivel.com. We may need to verify your identity, and we’ll respond within the time the law allows.

Children

Sentivel is a tool for professionals and isn’t directed at children. We don’t knowingly collect personal data from anyone under 16. If you believe a child has given us data, contact us and we’ll delete it.

Changes to this policy

We may update this policy as the Service or the law changes. We’ll update the “last updated” date and, for material changes, give you notice where we can. The current version always lives at this page.

Contact and complaints

Email privacy@sentivel.com with any privacy question. If you’re in the UK and think we’ve mishandled your data, you can also complain to the Information Commissioner's Office (ICO), though we’d appreciate the chance to put things right first.