Sentinel Edge Networks ("Sentinel", "we", "our", or "us") provides bot detection, fraud prevention, and API security services to enterprise customers worldwide. We prioritize privacy, utilizing data minimization and advanced anonymization techniques to secure endpoints without compromising end-user privacy.
This Privacy Policy explains how we collect, use, and process data when individuals ("End-Users") visit websites, applications, or APIs operated by our Customers, as well as how we handle data from visitors to our own website.
1. Data We Collect on Behalf of Customers
When an End-User interacts with a Customer's platform protected by the Sentinel Edge SDK or API, we act as a Data Processor. We collect specific technical information required to determine whether a request originates from a legitimate human user, an automated bot, or a malicious actor. This data includes:
- Network Data: IP addresses, Autonomous System Numbers (ASN), proxy/VPN detection signals, and TCP/IP connection characteristics.
- Device & Browser Telemetry: User-Agent strings, browser version, screen resolution, language settings, hardware concurrency, canvas and WebGL fingerprints, and browser tampering indicators (antidetect browser detection).
- Behavioral Signals: Anomalous interaction patterns (e.g., highly rigid mouse movements or automated scrolling indicative of scripted bot activity).
- Device Intelligence: Incognito/private mode detection, virtual machine detection, emulator detection, and bot classification signals.
We strictly do NOT collect: Passwords, credit card numbers, personal emails, names, or physical addresses of our Customers' end-users. Our analysis operates entirely on network and device layer metadata.
2. How We Use the Data
The metadata collected is used exclusively for the purpose of securing our Customers' applications. Specifically, we use it to:
- Detect and block account takeovers (ATO), credential stuffing, scraping bots, and antidetect browser abuse.
- Identify high-risk infrastructure such as commercial residential proxies, TOR exit nodes, anonymous datacenters, and spoofed devices.
- Generate an abstract, mathematical "Risk Score" and device intelligence assessment returned to our Customer's API.
- Verify password safety against known breach databases using k-anonymity (partial hash only — actual passwords are never transmitted).
3. Data Retention and Anonymization
We believe in strict data minimization. End-user IP addresses and device fingerprints are temporarily stored in volatile memory at the edge for real-time analysis.
Logs retained for diagnostic and threat-intelligence purposes undergo one-way cryptographic hashing (e.g., SHA-256) within 7 days. We do not store raw PII longer than is absolutely necessary to verify and mitigate an active cybersecurity threat.
4. Global Privacy Compliance (GDPR & CCPA)
Sentinel operates in full compliance with the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR), and the California Consumer Privacy Act (CCPA). Because we process data for the explicit purpose of network and information security, our processing relies on the Legitimate Interest basis under GDPR Article 6(1)(f).
If you are an End-User of one of our Customers and wish to exercise your rights to access, rectify, or delete your data, please contact the Customer (the website operator) directly. As a Data Processor, Sentinel will fully comply with all verified deletion requests forwarded by our Customers.
5. Sub-processors and Security
We do not sell data to third parties. We may share data with trusted sub-processors (such as our hosting provider Railway and email provider Resend) strictly to provide our service. All sub-processors are bound by Data Processing Agreements (DPAs) and follow industry-standard security practices.
We implement automated bot detection and rate limiting to protect our platform. Automated or excessive access may be restricted. Data is stored securely in a cloud database (Turso) with encryption in transit.
6. Contact Us
If you have any questions regarding our data practices, compliance, or this Privacy Policy, please contact our Data Protection Officer:
134a West Hendon Broadway, London, NW9 7AA, United Kingdom · Company number: 17150600