Privacy Policy — Sentinel

Plain-language summary: Sentinel scans your inbox metadata to produce a security report and submits only that report. No message content is ever read, copied, downloaded, or transmitted to any server. No action is taken on any message.

1. What we collect

When you create a Sentinel account, we collect the following information:

Your name and email address, used to identify your account.
An encrypted OAuth refresh token, which allows Sentinel to maintain read-only Gmail access across sessions.
Aggregate scan statistics (total messages scanned, threat counts) included in your security report.
Standard server access logs (IP address, user agent, timestamp) for security and abuse prevention.

We do not collect the content, subject lines, sender addresses, or body text of any email messages.

2. How we use your Gmail access

Sentinel connects to Gmail using Google OAuth with the read-only scope (gmail.readonly). This access is used exclusively to:

Count and enumerate message metadata (message IDs, date ranges) to determine scan scope.
Analyse message header fields — From, To, Reply-To, Received, SPF results, DKIM signatures, and DMARC policy — for authentication and spoofing indicators.
Inspect attachment MIME type metadata (filename, content type, size) for malware pattern matching.
Extract and evaluate hyperlink URLs for redirect chains and domain reputation signals.

At no point does Sentinel read, reproduce, copy, store, transmit, display, or process the text body or HTML content of any email. Message content is never accessed by any Sentinel system or personnel.

3. Data storage and retention

Account data (name, email address, encrypted token) is stored in an encrypted database on our servers. Scan report results are stored temporarily and associated with your account for up to 30 days.

Access logs are retained for up to 90 days for security purposes, after which they are permanently deleted.

You may request deletion of all your account data at any time. Upon deletion, all associated records including your token and scan history are permanently removed.

4. Third-party sharing

Sentinel does not sell, rent, or share your personal data with any third parties for marketing or commercial purposes.

We may share anonymised, aggregate statistics (e.g. "X% of scanned inboxes contained phishing indicators") for research and product improvement purposes. These statistics contain no personally identifiable information.

We may disclose account information where required by applicable law, court order, or governmental authority.

5. Your rights and controls

Revoke Gmail access at any time from myaccount.google.com/permissions. Revoking access stops all future scans immediately.
Request account deletion by contacting us. All data is permanently deleted within 7 days.
Access your data — you may request a copy of all personal data we hold about you.
Correct inaccuracies — you may request correction of any inaccurate account data.

6. Contact

For privacy enquiries, data deletion requests, or questions about this policy, please use the account settings page or contact our support team.

This policy may be updated periodically. Continued use of Sentinel after a policy update constitutes acceptance of the revised terms.