سياسة الخصوصية

The data controller responsible for processing your personal data on this site is:

Because the controller is a sole proprietorship (Kleingewerbe) operating from Germany, the General Data Protection Regulation (Regulation (EU) 2016/679, “GDPR”) and the German Federal Data Protection Act (BDSG) apply.

We collect only the personal data we need to operate the SentinelEra platform and to communicate with you.

• Account data — the email address, full name, and password hash you provide when registering.
• Tenant configuration — workspace name, roles you assign, integration secrets you choose to store (encrypted at rest with Fernet authenticated encryption, AES-128-CBC + HMAC-SHA256 over a per-deployment key distinct from the PII pseudonymisation salt).
• Telemetry the platform receives from your agents — security events, alerts, endpoint metadata you instruct your endpoints to forward.
• Usage data — request logs (IP address, user-agent, timestamp, path) retained briefly for security and abuse investigation.
• Cookies — see Section 9.

We do not collect special-category personal data (Art. 9 GDPR), and we do not buy or sell personal data.

The SentinelEra endpoint agent is a collection-only shim around the Wazuh open-source security toolkit. It runs locally on your devices to read standardised host events (process create, file integrity, authentication, network connections) and forward those events as structured metadata to the SentinelEra platform over TLS 1.3.

The agent does not:

• Read the contents of your files, documents, screenshots, clipboard, or webcam.
• Run on-device machine-learning inference or any other form of automated decision-making about the data subject (Art. 22 GDPR).
• Open any inbound listening port. The agent only initiates outbound TCP 443 connections; it cannot be reached unsolicited from the network.
• Transmit binary file payloads. Where a security event references a file, the agent ships the file path, filename, and (where Wazuh has computed it locally) the file’s SHA-256 fingerprint — never the file’s contents.

The agent does ship: process names, command-line arguments (truncated to a bounded length to prevent over-collection), parent / child process identifiers, source and destination IP addresses where relevant to the security event, and the standardised Wazuh rule identifier that fired the event. The SentinelEra server-side pipeline pseudonymises email addresses, usernames, and IP addresses at the audit-write boundary via HMAC-SHA256 over a salt distinct from the application encryption key, before any cross-tenant analytics rollup is computed.

Article 5(1)(c) GDPR requires that personal data we process is adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed. We implement Article 5(1)(c) through the following closed-vocabulary controls inside the platform:

• Closed event taxonomy. The agent emits events drawn from a closed Wazuh rule catalog. Free-form telemetry payloads are not accepted by the ingest endpoint; an event that does not match the closed taxonomy is rejected with HTTP 422 and never persisted.
• Server-side PII pseudonymisation. Emails, usernames, IPv4 and IPv6 addresses, and MAC addresses are HMAC-SHA256-hashed at the audit-write boundary. Hashes are truncated to sixteen hexadecimal characters — sufficient to deduplicate across rollups without retaining the raw identifier in the long-tail audit table.
• Bounded retention. Security event rows carry a ninety-day TTL by default; audit log rows carry a twelve-month TTL; payment records are retained for ten years in line with German tax law (§ 147 AO). The ninety-day window is configurable downward but not upward without an explicit data-protection-impact assessment on the controller side.
• No agent-side autonomous action. Destructive responses (host quarantine, IP block, process termination) require operator approval through the dashboard, gated by step-up multi-factor authentication. The agent does not act autonomously on your endpoints; it forwards events and acknowledges commands the operator dispatches.
• AI residency policy. Operator-tenants can elect to skip the optional Anthropic Claude enrichment step entirely by setting the closed ai_residency_policy field on their workspace to rules_only. The platform’s deterministic rule-engine fallback produces an equivalent enrichment shape (severity, incident type, MITRE technique, plain-English summary) inside the operator’s configured region, without any data leaving the deployment boundary.

Operator-tenants exercising the right of access under Art. 15 GDPR receive a ZIP archive of CSV exports through the dashboard’s Data Privacy panel. The archive contains the operator’s own tenant-scoped audit log, security log, endpoint inventory, user list, and playbook configuration. Cross-tenant personal data is excluded by construction.

We process your personal data for the following purposes, each with a defined legal basis under Art. 6(1) GDPR:

• Providing the service you requested — Art. 6(1)(b): performance of the contract with you.
• Securing the platform and detecting abuse — Art. 6(1)(f): legitimate interest in keeping the service safe and reliable.
• Complying with legal obligations — Art. 6(1)(c): tax, accounting, and security-incident disclosure where required.
• Sending optional product updates — Art. 6(1)(a): your explicit consent, withdrawable at any time without effect on prior processing.

We disclose personal data only to the following categories of recipients, each bound by a Data Processing Agreement under Art. 28 GDPR:

• Hosting and infrastructure providers operating in the European Economic Area.
• Payment processors that handle subscription billing.
• Sub-processors strictly necessary for delivering the platform features you have enabled (for example, third-party threat-intelligence APIs you opted in to).
• Public authorities, where disclosure is legally required.

A current list of sub-processors is available on request to support@sentinelera.com.

Where processing involves a transfer of personal data outside the European Economic Area, we rely on the following lawful transfer bases, in order of preference:

• Adequacy decision (Art. 45 GDPR) where one exists for the destination country. Where the operator has elected a United Kingdom deployment region, transfers from the EEA rely on the European Commission’s Adequacy Decision for the United Kingdom (Commission Implementing Decision (EU) 2021/1772 of 28 June 2021). No supplementary safeguards beyond the adequacy decision are required.
• Standard Contractual Clauses (Art. 46 GDPR) in the form adopted by the European Commission on 4 June 2021, supplemented by encryption in transit (TLS 1.3) and at rest (Fernet authenticated encryption), server-side PII pseudonymisation, and the closed-vocabulary audit log.
• Anthropic Claude API (United States) is our optional Frontier-LLM sub-processor. Anthropic self-certifies under the EU-US Data Privacy Framework and the UK-US Data Bridge. Operator-tenants that prefer to keep data inside the configured region elect rules_only as their ai_residency_policy; the platform’s deterministic fallback runs in-region and no event metadata leaves the deployment boundary.

We monitor adequacy-decision sunset reviews and will publish an SCC fallback runbook to operator-tenants if any relied-upon adequacy decision is not renewed. The EU-UK Adequacy Decision is subject to a sunset review scheduled for 27 June 2025.

We retain personal data only as long as necessary for the purposes for which it was collected:

• Account data — for the lifetime of your account, plus 90 days after deletion to allow account recovery, then irreversibly purged.
• Telemetry from your agents — by default 90 days; you control retention via the dashboard.
• Audit logs — 12 months for security and compliance investigations.
• Billing records — 10 years, in line with German tax law (§ 147 AO).

You have the following rights with respect to your personal data:

• Right of access (Art. 15 GDPR).
• Right to rectification (Art. 16 GDPR).
• Right to erasure / “to be forgotten” (Art. 17 GDPR).
• Right to restriction of processing (Art. 18 GDPR).
• Right to data portability (Art. 20 GDPR).
• Right to object to processing based on legitimate interests (Art. 21 GDPR).
• Right to withdraw consent at any time, where processing is based on Art. 6(1)(a).

To exercise any of these rights, write to support@sentinelera.com. We will respond within 30 days (extendable to 90 days for complex requests, with prior notice).

If you are a California resident, the California Consumer Privacy Act and California Privacy Rights Act grant you additional rights, summarised below.

• Right to know what personal information we collect, use, disclose, and (if applicable) sell.
• Right to delete personal information collected from you, subject to legal exceptions.
• Right to correct inaccurate personal information.
• Right to opt out of the sale or sharing of personal information. We do not sell or share personal information for cross-context behavioural advertising, so this right is satisfied by default.
• Right to non-discrimination for exercising any CCPA right.

To exercise these rights, contact support@sentinelera.com with the subject line “CCPA request”.

We use a small number of cookies and similar storage technologies. The full breakdown — categories, providers, lifetimes, and how to withdraw consent — lives in our Cookie Policy. Non-essential cookies are blocked until you opt in via the consent banner.

We protect your personal data with appropriate technical and organisational measures, including TLS 1.2+ for all network traffic, AES-256-GCM encryption of secrets at rest, role-based access control, multi-factor authentication for all admin roles, time-limited credentials, and continuous security monitoring. Despite these measures, no internet- connected service is perfectly secure; you remain responsible for protecting your account credentials.

The SentinelEra platform is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently done so, contact us and we will delete the data.

We may update this Privacy Policy from time to time. The “Last updated” date at the top of this page shows when the latest revision took effect. Material changes will be communicated by email to active account holders at least 30 days in advance.

You have the right to lodge a complaint with a data protection supervisory authority. The competent authority for the controller is:

Residents of other EU/EEA countries may instead complain to the supervisory authority where they live or work.