This Cookie Policy explains how Sentinel Edge Networks LTD ("Sentinel", "we", "us") uses cookies and similar tracking technologies on sntlhq.com and any associated subdomains ("the Website"). This policy complies with the EU ePrivacy Directive, the General Data Protection Regulation (GDPR), and applicable UK law.
1. What Are Cookies?
Cookies are small text files placed on your device when you visit a website. Similar technologies include browser local storage, session storage, and JavaScript-based signals used for security purposes. We use a minimal set of these technologies — only what is strictly necessary to operate the platform securely.
2. Storage We Use
2.1 Strictly Necessary (localStorage)
We use browser localStorage (not traditional cookies) to keep you logged in and remember your preferences. This does not require consent under the ePrivacy Directive as it is essential to the service you requested.
| Key (localStorage) | Purpose | Duration | Type |
|---|---|---|---|
sentinel_token |
Stores your JWT authentication token to keep you logged into the dashboard. Cleared on logout. | 24 hours / until logout | Essential |
cookie_consent |
Remembers your cookie consent choice so we don't show the banner again. | 12 months | Essential |
2.2 Security & Fraud Prevention
We use proprietary security SDKs on our signup, login, contact, and dashboard pages. These SDKs collect network-layer signals (IP address, connection type, VPN/proxy status) and device-level signals (browser fingerprint, tampering detection, bot detection) to protect our platform from bot abuse, account takeover, antidetect browsers, and fraudulent signups.
This processing is based on our Legitimate Interest under GDPR Article 6(1)(f) to protect the platform and its users from fraud, abuse, and security threats. These SDKs do not set persistent cookies. They use in-memory session data and device signals for real-time threat assessment only.
We also check passwords against the Have I Been Pwned breach database during signup and password reset. Only a partial hash of the password is sent (k-anonymity) — your actual password is never transmitted.
If you wish to object to this processing under GDPR Article 21, please contact us at [email protected]. Note that objecting may prevent you from using certain features of the platform.
2.3 Performance & Analytics
We do not use Google Analytics or similar audience-measurement analytics. We do not set persistent analytics cookies of our own.
2.4 Conversion Tracking (Google Ads)
We load Google Ads (gtag.js) on a deferred basis (after first user interaction or browser idle) for conversion tracking on our paid campaigns. This may set first-party cookies set by Google such as _gcl_au and _gcl_aw. The script does not run before you interact with the page. To opt out, install Google's opt-out browser add-on or use your browser's "Block third-party cookies" setting.
2.5 Marketing & Retargeting
We do not run ad retargeting pixels (Meta Pixel, LinkedIn Insight, X Pixel, etc.) on this Website.
3. Third-Party Services
The following third-party services are integrated and may process data from your device:
| Provider | Purpose | Data Processed | Privacy Policy |
|---|---|---|---|
| Spur (Monocle & Context API) | Network-layer fraud detection: VPN, residential proxy, datacenter, and Tor exit detection. Powers the core /v1/evaluate endpoint. |
IP address, ASN, encrypted SDK token from your browser | spur.us/privacy-policy |
| Fingerprint Pro | Device-layer intelligence: browser tampering, antidetect detection, bot/automation, emulator/VM, incognito. Loaded from fa.sntlhq.com (our CNAME) with a fallback to fpjscdn.net. |
Browser/device fingerprint, IP address, anonymized signals | fingerprint.com/privacy-policy |
| Cloudflare | CDN, DDoS protection, and DNS for sntlhq.com. Cloudflare may set __cf_bm (bot management) and cf_clearance as essential session cookies. |
IP address, request metadata, TLS handshake fingerprint | cloudflare.com/privacypolicy |
| Railway | Application hosting and runtime infrastructure. | Server logs, IP address | railway.app/legal/privacy |
| Turso | Managed cloud database (libSQL). Stores account records, API keys, and aggregated lookup metadata. | Server-side data only — does not interact with your browser | turso.tech/privacy |
| Resend | Transactional email delivery (OTP codes, password resets, contact-form receipts). | Email address, IP address | resend.com/privacy |
| Google Sign-In (OAuth) | Optional "Sign in with Google" authentication. | Email, name, Google account ID | policies.google.com/privacy |
| Google Ads (gtag.js) | Deferred conversion tracking for paid acquisition campaigns. Loaded after first interaction. | Click ID, IP, conversion event metadata | policies.google.com/privacy |
| Google Fonts | Serving web fonts (Space Grotesk, DM Mono). | IP address (per Google's CDN logging) | policies.google.com/privacy |
| Have I Been Pwned | Password breach check during signup and password reset using k-anonymity. We send only the first 5 characters of the SHA-1 hash; your password and the rest of the hash never leave your device. | Partial password hash prefix only | haveibeenpwned.com/Privacy |
4. How to Control Storage
4.1 Our Cookie Banner
When you first visit the Website, a consent banner is shown. You can accept or decline non-essential storage at that time. To update your preferences, clear your browser's localStorage for sntlhq.com and reload the page.
4.2 Browser Settings
You can clear localStorage and cookies via your browser's developer tools or settings. Note that clearing sentinel_token will log you out of the dashboard. Instructions for major browsers:
5. International Transfers
Some third-party providers (Resend, Railway, Google) may process data outside the UK and European Economic Area (EEA). Where this occurs, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs), UK International Data Transfer Agreements, or adequacy decisions.
6. Your GDPR Rights
As an EU/EEA resident, you have the following rights regarding your personal data:
- Right of Access — request a copy of data we hold about you.
- Right to Rectification — request correction of inaccurate data.
- Right to Erasure — request deletion of your data ("right to be forgotten").
- Right to Restrict Processing — request that we limit how we use your data.
- Right to Object — object to processing based on legitimate interests.
- Right to Data Portability — receive your data in a structured, machine-readable format.
To exercise any of these rights, email [email protected]. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ico.org.uk) or another supervisory authority in your country of residence. We will respond to all requests within 30 days.
7. Changes to This Policy
We may update this Cookie Policy periodically. Material changes will be notified via a banner on the Website and by email. The "Last Updated" date at the top reflects the most recent revision.
8. Contact
134a West Hendon Broadway, London, NW9 7AA, United Kingdom · Company number: 17150600