Privacy & Data Processing Policy

Sentinel Edge Networks ("Sentinel", "we", "our", or "us") provides bot detection, fraud prevention, and API security services to enterprise customers worldwide. We prioritize privacy, utilizing data minimization and advanced anonymization techniques to secure endpoints without compromising end-user privacy.

This Privacy Policy explains how we collect, use, and process data when individuals ("End-Users") visit websites, applications, or APIs operated by our Customers, as well as how we handle data from visitors to our own website.

1. Data We Collect on Behalf of Customers

When an End-User interacts with a Customer's platform protected by the Sentinel Edge SDK or API, we act as a Data Processor. We collect specific technical information required to determine whether a request originates from a legitimate human user, an automated bot, or a malicious actor. This data includes:

• Network Data: IP addresses, Autonomous System Numbers (ASN), proxy/VPN detection signals, and TCP/IP connection characteristics.
• Device & Browser Telemetry: User-Agent strings, browser version, screen resolution, language settings, and hardware concurrency limits.
• Behavioral Signals: Anomalous interaction patterns (e.g., highly rigid mouse movements or automated scrolling indicative of scripted bot activity).

We strictly do NOT collect: Passwords, credit card numbers, personal emails, names, or physical addresses of our Customers' end-users. Our analysis operates entirely on network and device layer metadata.

2. How We Use the Data

The metadata collected is used exclusively for the purpose of securing our Customers' applications. Specifically, we use it to:

• Detect and block account takeovers (ATO), credential stuffing, and scraping bots.
• Identify high-risk infrastructure such as commercial residential proxies, TOR exit nodes, and anonymous datacenters.
• Generate an abstract, mathematical "Risk Score" returned to our Customer's API.
• Train and refine our internal threat intelligence machine learning models using purely anonymized and aggregated network data.

3. Data Retention and Anonymization

We believe in strict data minimization. End-user IP addresses and device fingerprints are temporarily stored in volatile memory at the edge for real-time analysis.

Logs retained for diagnostic and threat-intelligence purposes undergo one-way cryptographic hashing (e.g., SHA-256) within 7 days. We do not store raw PII longer than is absolutely necessary to verify and mitigate an active cybersecurity threat.

4. Global Privacy Compliance (GDPR & CCPA)

Sentinel operates in full compliance with the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). Because we process data for the explicit purpose of network and information security, our processing relies on the Legitimate Interest basis under GDPR Article 6(1)(f).

If you are an End-User of one of our Customers and wish to exercise your rights to access, rectify, or delete your data, please contact the Customer (the website operator) directly. As a Data Processor, Sentinel will fully comply with all verified deletion requests forwarded by our Customers.

5. Sub-processors and Security

We do not sell data to third parties. We may share data with trusted sub-processors (such as global edge-compute providers like AWS or Cloudflare) strictly to provide our service. All sub-processors are bound by stringent Data Processing Agreements (DPAs) and enterprise-grade security standards (SOC 2 Type II, ISO 27001).

6. Contact Us

If you have any questions regarding our data practices, compliance, or this Privacy Policy, please contact our Data Protection Officer: