Legal

Privacy Policy

Last updated: May 2026

1. The 2026 AI Clause

We do not use customer-uploaded commercial data or proprietary trade documents to train foundation AI models. All customer data is siloed per organization. Model inference happens on a per-tenant context, and no document, invoice, entry summary, or derived classification is pooled across customers for model training.

2. Data security

All uploaded invoices and supporting trade documents are encrypted at rest with AES-256, and encrypted in transit with TLS 1.2 or higher. Access to raw customer documents is gated behind role-based access controls and is logged for audit.

3. Subprocessors

The Sentinel Flow relies on the following named subprocessors:

• Supabase — primary application database, file storage, and authentication.
• Stripe — subscription billing and payment processing.
• Resend — transactional email (statute-of-limitations alerts, account email).
• Global Trade Alert (GTA) — tariff schedule and policy-change data feed.

4. Data retention

Customer documents are retained while the workspace is active and for up to 90 days after cancellation, after which they are permanently deleted. You may request earlier deletion at any time by emailing support@thesentinelflow.com.

5. Your rights

You may request access, correction, export, or deletion of your data at any time. We respond to verified requests within 30 days.

6. Contact

Questions about this policy can be sent to support@thesentinelflow.com.