Sentinely
Sign Up

Privacy Policy

Our privacy policy and how we use your data

Last updated: December 9, 2024

1. Introduction

Sentinely ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our server monitoring service (the "Service").

By using our Service, you consent to the data practices described in this policy. If you do not agree with our policies and practices, please do not use our Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect your email address and any profile information you choose to provide. If you sign up using Google OAuth, we receive your name and email address from Google.

2.2 Server Metrics Data

Our monitoring agent collects server performance data from servers where you install it, including:

  • CPU usage and load averages
  • Memory and swap utilization
  • Disk space and I/O statistics
  • Network traffic and bandwidth
  • System uptime and process information
  • Operating system and hostname information

This data is associated with your account and used solely to provide monitoring services. We do not collect the content of files, user data stored on your servers, or any application-level data.

2.3 Payment Information

We use Razorpay to process payments. Payment data is processed in accordance with the Digital Personal Data Protection Act, 2023 (DPDPA) and RBI guidelines. Razorpay collects and processes:

  • Card details (encrypted and tokenized by Razorpay)
  • UPI ID (if using UPI payments)
  • Net banking credentials (processed directly by your bank)
  • Billing address and contact information

We do not store your full payment credentials. Razorpay provides us with limited information such as the last four digits of your card and transaction status for record-keeping purposes.

2.4 Usage Data

We automatically collect information about how you interact with our Service, including pages visited, features used, browser type, IP address, and device information.

3. How We Use Your Information

We use the collected information to:

  • Provide and maintain our monitoring service
  • Send alerts and notifications about your servers
  • Generate reports and analytics dashboards
  • Process payments and manage subscriptions
  • Improve our Service and develop new features
  • Communicate with you about your account and updates
  • Detect and prevent fraud or abuse
  • Comply with legal obligations

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process your data based on:

  • Contract: Processing necessary to provide the Service you requested
  • Legitimate Interest: Improving our Service, preventing fraud, and ensuring security
  • Consent: For optional features like marketing communications
  • Legal Obligation: Compliance with applicable laws

5. Data Sharing and Third Parties

We share your data with the following third-party services:

  • Supabase: Database and authentication services (USA)
  • InfluxDB Cloud: Time-series metrics storage (USA)
  • Razorpay: Payment processing and subscription management (India). Subject to RBI Payment Aggregator regulations and DPDPA compliance.
  • Google: OAuth authentication (if you choose Google sign-in)
  • Vercel: Application hosting (USA)

We do not sell your personal information to third parties. We may disclose information if required by law, court order, or to protect our rights.

6. International Data Transfers

Your data may be transferred to and processed in the United States, where our service providers are located. For EEA users, we rely on Standard Contractual Clauses and other appropriate safeguards for international transfers.

7. Data Retention

  • Server Metrics: Retained according to your subscription plan (30 days to 1 year)
  • Account Information: Retained until you delete your account
  • Payment Records: Retained for 7 years for tax and legal compliance
  • Usage Logs: Retained for up to 90 days

After account deletion, we may retain anonymized or aggregated data for analytics purposes.

8. Data Security

We implement industry-standard security measures including:

  • TLS 1.3 encryption for all data in transit
  • Encryption at rest for stored data
  • Secure API authentication using unique API keys
  • Regular security audits and vulnerability assessments
  • Access controls and authentication requirements

While we strive to protect your data, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

9. Your Rights

9.1 All Users

You have the right to:

  • Access your personal data through your account dashboard
  • Correct inaccurate information
  • Delete your account and associated data
  • Export your data in a portable format
  • Opt out of marketing communications

9.2 EEA Users (GDPR)

If you are in the EEA, you also have the right to:

  • Object to processing based on legitimate interests
  • Restrict processing in certain circumstances
  • Withdraw consent at any time (where processing is based on consent)
  • Lodge a complaint with your local data protection authority

9.3 California Users (CCPA)

California residents have additional rights under the CCPA:

  • Right to know what personal information is collected
  • Right to know if personal information is sold or disclosed
  • Right to opt out of the sale of personal information (we do not sell your data)
  • Right to non-discrimination for exercising your rights

9.4 Indian Users (DPDPA)

Users in India have rights under the Digital Personal Data Protection Act, 2023:

  • Right to access your personal data
  • Right to correction and erasure of personal data
  • Right to grievance redressal
  • Right to nominate another person to exercise rights

For payment-related grievances, Razorpay will acknowledge complaints within 2 working days and resolve within 10 business days. Unresolved complaints may be escalated to the Data Protection Board of India.

10. Data Breach Notification

In the event of a data breach that affects your personal information, we will notify you via email within 72 hours of becoming aware of the breach, as required by applicable law including GDPR and DPDPA. We will also notify relevant regulatory authorities including the Data Protection Board of India where required.

11. Children's Privacy

Our Service is not directed to children under 16 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through our Service. Your continued use of the Service after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us at support@sentinely.app.

For GDPR-related inquiries, you may also contact your local data protection authority.