Privacy Policy

Status: January 2025

1. Responsible Party

Responsible for data processing on this website is:

Sentinel Security Platform
E-Mail: info@sentinel-security.tech

2. Collection and Storage of Personal Data

2.1 Registration and User Account

When registering on our platform, we collect and store the following data:

  • Email address (required)
  • Password (stored encrypted)
  • Nickname/Display Name (optional)
  • Registration Date
  • Subscription Status and Plan

2.2 Use of Services

When using our Vulnerability Management Platform, the following data is processed:

  • Search queries and filter settings
  • Created alerts and alert configurations
  • Export operations

2.3 Payment Data

For subscriptions, we use Stripe as a payment service provider. Payment data is transmitted directly to Stripe and is not stored on our servers.

3. Purpose of Data Processing

We process your personal data for the following purposes:

  • Provision and improvement of our services
  • Authentication and management of user accounts
  • Processing of subscriptions and payments
  • Sending email notifications (e.g. CVE alerts)
  • Customer support and communication
  • Compliance with legal obligations

4. Legal Basis

The processing of your personal data is based on the GDPR:

  • Art. 6 Para. 1 lit. b GDPR – Performance of a contract or pre-contractual measures
  • Art. 6 Para. 1 lit. a GDPR – Consent (e.g. for newsletter)
  • Art. 6 Para. 1 lit. f GDPR – Legitimate interest (e.g. improvement of services)

5. Data Transfer

Your personal data will generally not be passed on to third parties, except in the following cases:

  • Stripe: For payment processing
  • Email Services: For sending notifications
  • Hosting Provider: For providing the infrastructure
  • Legal Requirements: In case of legal requirements

6. Cookies and Tracking

We use technically necessary cookies for the functionality of the website. These are required for the operation of the site and cannot be deactivated.

For session management, we use Django session cookies, which are deleted after logging out or closing the browser.

7. Data Security

We implement technical and organizational measures to protect your data against unauthorized access, loss, or destruction:

  • Encryption of passwords (bcrypt/hashing)
  • HTTPS encryption for all transmissions
  • Regular security updates
  • Rate limiting to protect against brute force attacks
  • Access controls and authentication

8. Your Rights

You have the following rights regarding your personal data:

  • Right of access (Art. 15 GDPR) – You can request information about your stored data
  • Right to rectification (Art. 16 GDPR) – You can request the correction of incorrect data
  • Right to erasure (Art. 17 GDPR) – You can request the deletion of your data
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR)
  • Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

To exercise your rights, please contact us at: info@sentinel-security.tech

9. Storage Duration

We store your personal data only as long as necessary for the respective purposes or as long as legal retention periods exist.

  • User accounts: Until deletion by you or deletion after inactivity
  • Payment data: According to legal retention obligations
  • Log data: Maximum 90 days

10. Changes to this Privacy Policy

We reserve the right to adapt this privacy policy to reflect changes in legal situations or services. The current version can always be found on this page.