AISentinel

Privacy Policy

Effective Date: October 24, 2025 | Last Updated: October 24, 2025

1. Introduction

AISentinel Inc. ("AISentinel," "we," "us," or "our") is committed to protecting your privacy and ensuring the security of your data. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use the AISentinel Platform, including our AI governance and observability services.

Our Core Privacy Commitment: Your strategic business information remains yours.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, company name, role, and authentication credentials
  • Customer Data: Any data you upload or input for processing by our governance platform
  • Communication Data: Support requests, feedback, and correspondence with our team
  • Payment Information: Processed by our third-party payment providers (we do not store credit card details)

2.2 Automatically Collected Information

  • Usage Data: Features used, governance patterns, and interaction metrics
  • Technical Data: IP address, browser type, device information, and access times
  • Performance Data: System performance metrics and error logs
  • AI Interaction Logs: Agent governance patterns and execution traces (without content details)
  • Analytics Data: Page views, click events, and feature engagement metrics

2.3 Information from Third-Party Integrations

When you connect external services (e.g., GitHub, cloud providers), we may receive:

  • Authentication tokens
  • Metadata about connected resources
  • Activity logs related to Platform operations

3. How We Use Your Information

3.1 Primary Purposes

  • Service Delivery: Operating the Platform and executing governance workflows
  • Account Management: Authentication, authorization, and user support
  • Performance Optimization: Improving Platform reliability and efficiency
  • Security: Detecting and preventing fraudulent or malicious activities

3.2 AI-Specific Uses

  • Governance Enforcement: Coordinating checks to ensure compliance and safety
  • Observability Framework Application: Ensuring quality and alignment of AI operations
  • Workflow Optimization: Improving governance patterns (using anonymized metadata only)

3.3 Restricted Uses

We do NOT use your Customer Data for:

  • Competitive intelligence or market analysis
  • Advertising or marketing to third parties
  • Any purpose beyond providing our Services

4. Data Processing in Governance Systems

4.1 Governance Communication

  • Inter-system data flows are encrypted using TLS 1.3 minimum
  • Each component operates under data minimization principles
  • Temporary processing data is automatically deleted after task completion

4.2 Data Segregation

  • Hierarchical access controls ensure components only access necessary data
  • Multi-tenant isolation prevents cross-contamination between accounts
  • Automated conflict detection for users accessing multiple client accounts

4.3 Audit Trails

We maintain logs of:

  • Governance activation and task assignments
  • Data access patterns (metadata only)
  • System performance and errors
  • Security-relevant events

5. Legal Basis for Processing (GDPR)

We process personal data based on:

  • Contract Performance: To provide the Services you've requested
  • Legitimate Interests: For security, fraud prevention, and service improvement
  • Legal Compliance: When required by law or regulation
  • Consent: For optional features like marketing

6. Data Sharing and Disclosure

6.1 Sub-Processors

We use the following sub-processors:

  • Fly.io: Hosting and deployment services
  • Stripe: Payment processing
  • GitHub: Code repository and integration services
  • Sentry: Error tracking and performance monitoring

6.2 Business Transfers

In case of merger, acquisition, or asset sale, your information may be transferred with appropriate privacy protections.

6.3 Legal Disclosure

We may disclose information when required by:

  • Court orders or legal process
  • Government requests (with transparency when permitted)
  • Protection of rights, property, or safety

6.4 Aggregate Information

We may share anonymized, aggregate data that cannot identify individuals.

7. International Data Transfers

7.1 Transfer Mechanisms

We use the following for international transfers:

  • Standard Contractual Clauses (EU/UK approved)
  • Adequacy decisions where applicable
  • Your explicit consent for specific transfers

7.2 Data Residency Options

Enterprise customers may choose:

  • Cloud Deployment: Data processed in secure cloud regions
  • EU Deployment: GDPR-compliant EU data centers

8. Data Security

8.1 Technical Measures

  • AES-256 encryption at rest
  • TLS 1.3 for data in transit
  • Multi-factor authentication
  • Role-based access controls
  • Regular security audits and penetration testing

8.2 Organizational Measures

  • Employee privacy training
  • Access on need-to-know basis
  • Incident response procedures
  • Security best practices

8.3 Breach Notification

We will notify affected users within 72 hours of discovering a data breach, as required by law.

9. Your Privacy Rights

9.1 Access and Portability

You can request a copy of your personal data in a machine-readable format.

9.2 Correction

You may update inaccurate or incomplete information through your account settings or by contacting us.

9.3 Deletion

You can request deletion of your personal data with digital proof of deletion, subject to legal retention requirements.

9.4 Restriction and Objection

You may request we limit processing or object to certain uses of your data.

10. California Privacy Rights (CCPA)

California residents have additional rights:

  • Right to Know: Categories and specific pieces of personal information collected
  • Right to Delete: Request deletion of personal information
  • Right to Opt-Out: Of the "sale" of personal information (we do not sell personal information)
  • Non-Discrimination: For exercising privacy rights

11. AI-Specific Privacy Protections

11.1 Governance Framework Privacy

Our Governance Framework operates as server-side intelligence without exposing proprietary methodologies to users or competitors.

12. Data Retention

12.1 Retention Periods

  • Active Account Data: Duration of service + 30 days
  • Backup Data: 90 days in secure cold storage
  • Security Logs: 2 years
  • Legal/Compliance Records: 7 years
  • AI Interaction Logs: 90 days (unless flagged for safety)

12.2 Deletion Process

Upon account termination or deletion request:

  • Immediate removal from production systems
  • Backup deletion within 90 days
  • Retention only as legally required

13. Privacy by Design

13.1 Development Practices

  • Privacy impact assessments for new features
  • Data minimization in system design
  • Privacy-preserving analytics
  • Regular privacy audits

14. Changes to Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. Material changes will be notified:

  • Via email to registered users
  • Through Platform notifications
  • With 30 days notice before effectiveness

15. Jurisdiction-Specific Provisions

15.1 European Union (GDPR)

  • Data Controller: AISentinel Inc.
  • EU Representative: [To be appointed as we scale]
  • DPO Contact: team@aisentinel.info

15.2 United States

We comply with applicable state privacy laws including CCPA, Virginia CDPA, and Colorado CPA.

16. Contact Information

Email: team@aisentinel.info

Last Review Date: October 24, 2025
Version: 1.0