LegalPrivacy Policy

Privacy Policy

Effective Date: February 25, 2026 Last Updated: February 25, 2026

Sentinacle Security Labs (“we,” “us,” or “our”) operates the Sentinacle platform (“the Service”). This Privacy Policy describes how we collect, use, store, and protect your information when you use our Service, in strict compliance with the General Data Protection Regulation (GDPR) and applicable data protection laws.

1. Information We Collect

1.1 Personal Data You Provide

  • Email Address: If you register via email, we store your email to manage your account and subscription.
  • Payment Information: Fiat payments are processed through Stripe. We do not store credit card numbers, CVVs, or bank details on our servers. Stripe handles all payment data under their own Privacy Policy.

1.2 Pseudonymous Personal Data (Collected Automatically)

  • Wallet Address: When you connect your cryptocurrency wallet, we collect your public address. Under the GDPR and similar regulations, a wallet address is considered pseudonymous personal data when it can be linked to an email or a specific user’s usage history. We use this to identify your account, manage your subscription tier, and correlate your scan history.
  • Scan History & Usage Data: We log the contract addresses you scan, the network identifiers, and your interaction patterns within the platform. Given that this is linked to your wallet address or email, it is treated as personal data until it is irreversibly anonymized.

1.3 What We Do NOT Collect

  • Private Keys: We never have access to your wallet’s private keys or seed phrases.
  • Financial Portfolio Data: We do not access or store information about your token holdings, balances, or transaction history beyond the specific contracts you submit for analysis.
  • Personal Identity Documents (KYC): We operate exclusively as a software analytics tool. We do not perform fiat custody, exchange, or intermediation services that would classify us as a Virtual Asset Service Provider (VASP) requiring Know Your Customer (KYC) verification under current AML frameworks. We continuously monitor regulatory developments (such as MiCA) to ensure this classification remains accurate.

2. How We Use Your Information

We process your personal and pseudonymous data based on contractual necessity (to provide the Service) and legitimate interest (to secure and improve the platform), specifically to:

  • Provide, maintain, and secure your account and subscription.
  • Deliver scan results and forensic reports.
  • Communicate service updates or security alerts (if you provided an email).
  • Prevent fraud, abuse, and automated system scraping.

3. Data Storage, Security, and Third-Party Processors

Your data is stored and processed using industry-standard cloud infrastructure. We act as the Data Controller, while our partners act as Data Processors:

  • Supabase (Database & Auth): Hosted on AWS (Amazon Web Services). Our primary database instances are located in the AWS Frankfurt (eu-central-1) region to ensure European data sovereignty.
  • Stripe (Payments): A US-based entity processing fiat payment subscriptions.

3.1 International Data Transfers

When data processing involves transferring personal data outside the European Economic Area (EEA) or the UK (for instance, to infrastructure operated by Stripe in the US), we ensure that these transfers are strictly safeguarded. We rely on Standard Contractual Clauses (SCCs) approved by the European Commission and the EU-U.S. Data Privacy Framework to guarantee that your data receives an equivalent level of protection as it does within Europe.

4. Data Retention and Anonymization

We strictly adhere to the principle of storage limitation:

  • Account Data: Retained for as long as your account is active. Upon account deletion, your email, wallet association, and profile data are permanently deleted from our primary databases within 30 days.
  • Scan History (Irreversible Anonymization): The history of which contracts were analyzed is highly valuable for improving our threat intelligence algorithms. When you delete your account, or request deletion under your “Right to be Forgotten,” we execute an irreversible anonymization protocol. We permanently sever and delete the cryptographic link and any correlative metadata between your user ID/wallet address and the scan logs. The remaining scan data becomes completely aggregated and anonymous, making it technically impossible to re-identify you.
  • Payment Records: Retained solely for the duration required by applicable tax and financial transparency regulations (typically 5 to 7 years).

5. Your Rights (GDPR / CCPA)

You have full control over your data. Depending on your jurisdiction, you have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate data.
  • Deletion (“Right to be Forgotten”): Request the permanent deletion of your account, email, and wallet linkage.
  • Portability: Request your data in a machine-readable format.
  • Objection & Restriction: Object to certain processing or request we restrict how we use your data.

To exercise any of these rights, contact us via our Discord Community. We are committed to processing your request within 30 days.

6. Cookies and Tracking

The Service uses essential session cookies and local storage tokens strictly necessary for authentication, security, and maintaining your login state. We do not use third-party advertising cookies, cross-site trackers, or behavioral profiling scripts.

7. Children’s Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from minors. If we discover that we have inadvertently collected data from a minor, we will delete it immediately.

8. Consent and Policy Changes

We require your explicit, active consent (e.g., checking a box during signup or accepting a consent prompt when connecting a wallet) before processing your personal and pseudonymous data under this Policy.

If we make material changes to this Privacy Policy—particularly regarding how we process wallet addresses, international transfers, or our retention protocols—we will require you to actively review and accept the new terms before continuing to use the Service.

9. Contact and Data Protection Officer (DPO)

For any privacy-related inquiries, data subject requests, or to contact our Data Protection Officer / EU Representative, please reach out to:

If you believe we have not adequately resolved your privacy concerns, you have the right to lodge a complaint with your local Data Protection Authority (for example, the AEPD in Spain).

Terms of Service