Privacy & Data Protection

Sentry Mandate LLC ("SentryMandate") collects only the minimum data necessary to operate the Platform and deliver our services. We process your information solely for the purposes described in this Policy.

We do not sell, rent, or trade your personal information to third parties. We do not use your data for advertising, behavioral profiling, or AI model training.

You retain full ownership of your operational data, mandate configurations, and governance parameters. SentryMandate acts as a data processor—not a data controller—of your proprietary information.

No Data Sales

We never sell, rent, or trade personal data to third parties.

Encrypted at Rest & In Transit

TLS 1.2+ for all connections. AES-256-GCM for sensitive stored data.

No AI Training

We do not train AI models on your mandate or operational data.

You Own Your Data

You are the data controller. We process solely to provide the Platform.

Effective Date: February 24, 2026 · Last Updated: February 24, 2026

Introduction

Sentry Mandate LLC ("SentryMandate," "we," "us," or "our") operates the SentryMandate platform, including the website at sentrymandate.com, the dashboard application, API endpoints, and all related services (collectively, the "Platform").

This Privacy & Data Protection Policy ("Policy") explains how we collect, use, store, share, and protect information when you access or use the Platform. It applies to all users, whether you interact through the dashboard, API, or any other interface.

Scope of Application

This Policy applies to:

All visitors to sentrymandate.com
Registered users of the SentryMandate platform
Organizations and teams whose agents interact with our API
Recipients of communications from SentryMandate

Key Definitions

Term	Definition
Personal Data	Information that identifies or could reasonably identify a natural person (e.g., name, email address, IP address).
Operational Data	Data generated through Platform use that relates to your agent workflows, spending patterns, and system behavior — not directly identifying.
Mandate Data	Configuration, policies, budgets, rules, and governance parameters you define within the Platform.
Execution Logs	Records of agent runs, spend checks, approvals, interventions, and related events processed by the Platform.
Account Data	Information provided during registration or account management (email, name, billing details).

Relationship to Terms of Service

This Policy is part of and subject to our Terms of Service. In the event of a conflict between this Policy and the Terms of Service, the Terms of Service shall prevail to the extent permitted by applicable law.

Early Access Disclosure

SentryMandate is currently in an early access phase. During this period, features, data handling procedures, and infrastructure may evolve. We will notify users of material changes to this Policy. By using the Platform during early access, you acknowledge that the service is under active development and that non-material adjustments to data processing may occur as the Platform matures.

A. Data You Provide Directly

Category	Examples
Account Information	Name, email address, password (stored as an irreversible Argon2 hash — we never store your plaintext password).
Billing Data	Subscription plan selection, billing period. Payment card details are processed exclusively by Stripe and never touch our servers.
Mandate Configuration	Budget limits, spending policies, approval rules, model allowlists, tool permissions, loop detection thresholds, and audit settings.
API Keys	Keys you create for agent authentication. Stored as irreversible Argon2 hashes with a SHA-256 fast-lookup index. Plaintext keys are shown once at creation and never stored.
Vendor Keys	Third-party provider API keys (OpenAI, Anthropic, etc.) you optionally store for agent use. Encrypted at rest using AES-256-GCM with HKDF-derived keys.
Contact Submissions	Email address, message category, and message content submitted through our contact form.

B. Data Collected Automatically

Category	Purpose
IP Address	Rate limiting, abuse prevention, and login security. Used for contact form rate limiting and login attempt tracking. Not used for advertising or profiling.
Request Metadata	HTTP method, path, response status, and timing — collected via structured server logs for operational monitoring and debugging.
Correlation IDs	A unique identifier (UUID) attached to each API request for distributed tracing and support diagnostics.
Session Data	JWT tokens with time-limited validity (24 hours). Tokens contain a unique identifier (JTI) for revocation capability. No persistent cookies are used.
Security Signals	Failed login attempts, rate limit triggers, and kill switch activations — monitored for platform security.

C. Operational & Governance Data

The core value of SentryMandate lies in processing your operational data to enforce governance. This includes:

Spend Records — Amount, provider, category, status, and timestamps for each agent spending request.
Run Events — Sequence data, event types, token counts, and cost records for active agent runs.
Loop Signals — Computed anomaly scores (repeat, error cycle, cost velocity, progress deficit) used by the Loop Guardian to protect against runaway agents.
Interventions — Records of automated or manual actions taken to pause, throttle, or stop agent runs.
Approval Decisions — Timestamped records of approved, denied, or escalated spend requests.
Audit Logs — Immutable records of governance actions for compliance and accountability.

Processor, not owner. We process Operational & Governance Data solely to provide the Platform's functionality. We do not claim ownership of your mandate configurations, spend data, or execution logs. You remain the data controller.

D. AI & Automation Processing

SentryMandate's Loop Guardian uses deterministic signal-processing algorithms (weighted scoring of four behavioral signals) to detect anomalous agent behavior. This is not machine learning or AI model inference.

We do not train AI models on your data.
We do not use your mandate or operational data to train, fine-tune, or improve any machine learning system.
We do not send your operational data to third-party AI providers for processing. Vendor keys you store are used by your own agents — not by us.
Anomaly detection is performed entirely within our infrastructure using deterministic algorithms with configurable thresholds that you control.

Processing Purposes

Purpose	Data Used	Lawful Basis (GDPR)
Service Provision	Account, Mandate, Operational, and Execution data	Contractual necessity
Authentication & Access Control	Email, password hash, JWT tokens, API key hashes	Contractual necessity
Billing & Payments	Subscription plan, usage metrics, Stripe customer ID	Contractual necessity
Security & Abuse Prevention	IP addresses, login attempts, rate limit counters, kill switch states	Legitimate interest
Platform Monitoring	Request logs, correlation IDs, error traces	Legitimate interest
Product Improvement	Aggregated, anonymized usage patterns (never individual operational data)	Legitimate interest
Communications	Email address (contact form, waitlist)	Consent
Legal Compliance	Any data required by applicable law	Legal obligation

What We Never Do

Sell, rent, or trade personal data to third parties.
Use your operational data for advertising or profiling.
Train AI or ML models on your mandate data, spend records, or execution logs.
Share your data with other SentryMandate customers.
Access your vendor API keys (encrypted at rest; we cannot read them).

We share data only in the following limited circumstances:

Service Providers (Subprocessors)

Provider	Purpose	Data Shared
Stripe	Payment processing	Billing information, subscription status. Card details are processed directly by Stripe and never touch our servers.
Railway	Infrastructure hosting	Application runtime, server logs, database storage. All data remains within Railway's infrastructure.
Resend	Transactional email delivery	Email address, message content (contact form responses only).

Each subprocessor is contractually bound to process data only as directed by us and to maintain appropriate security measures.

Legal & Safety Disclosures

We may disclose data if required to:

Comply with a legal obligation, valid legal process, or enforceable government request.
Protect the rights, property, or safety of SentryMandate, our users, or the public.
Detect, prevent, or address fraud, security, or technical issues.

If legally permitted, we will notify affected users before such disclosure.

Business Transfers

In the event of a merger, acquisition, or asset sale, user data may be transferred as a business asset. We will provide notice before data is transferred and becomes subject to a different privacy policy.

Data Category	Retention Period
Account Data	Duration of account plus 30 days after deletion request.
Authentication Tokens	24 hours (JWT validity). Blacklisted tokens cleaned periodically.
Spend Records & Approvals	Duration of account. Expired/stale spends cleaned automatically (30-minute approval window, 60-minute pending window).
Run Events & Loop Signals	Duration of account. Configurable via mandate audit settings (default: 90 days).
Idempotency Records	24 hours (automatic cleanup).
Login Attempt Logs	15 minutes (rolling window for rate limiting).
Server Logs	30 days (rolling).
Billing Records	As required by applicable tax and financial regulations.
Contact & Waitlist Submissions	Until purpose is fulfilled or deletion is requested.

Deletion

When you delete your account, we initiate removal of your personal data within 30 days. Some data may be retained in encrypted backups for a limited period or as required by law. Aggregated, anonymized data that cannot identify you may be retained indefinitely for product improvement.

Early Access & Backup Disclaimer

During the early access period, we recommend users maintain independent backups of critical mandate configurations and operational data. While we implement reasonable measures to protect data integrity, the Platform is under active development and data loss — while unlikely — cannot be guaranteed against.

We implement security measures appropriate to the sensitivity of the data we process:

Encryption

In Transit — All connections use TLS 1.2 or higher. HSTS headers enforce HTTPS with a one-year max-age.
At Rest — Vendor API keys encrypted using AES-256-GCM with keys derived via HKDF-SHA256. Passwords stored as irreversible Argon2 hashes.

Application Security

Content Security Policy (CSP), X-Frame-Options, X-Content-Type-Options, and Referrer-Policy headers on all responses.
CORS restricted to authorized origins. Localhost origins filtered in production.
Request body limits (1 MB), concurrency limits (256 concurrent), and request timeouts (30s) to prevent abuse.
Idempotency protection on mutating operations (SHA-256 deduplication, 24-hour TTL).
Rate limiting on authentication (login attempts per IP and email) and API key usage (120 spend checks per minute per key).

Access Control

JWT-based authentication with mandatory JTI (token identifier) for revocation capability.
API keys authenticated via SHA-256 fast index followed by Argon2 verification.
Kill switch capability for immediate, user-initiated freeze of all agent spending.

Limitations

No system is perfectly secure. While we implement industry-standard protections, we cannot guarantee absolute security against all threats. Users are responsible for safeguarding their own credentials, API keys, and access tokens. If you believe your account has been compromised, contact us immediately.

Depending on your jurisdiction, you may have the following rights regarding your personal data:

Right	Description
Access	Request a copy of the personal data we hold about you.
Correction	Request correction of inaccurate or incomplete personal data.
Deletion	Request deletion of your personal data, subject to legal retention requirements.
Data Portability	Request your data in a structured, machine-readable format (JSON).
Restriction	Request that we limit processing of your data in certain circumstances.
Objection	Object to processing based on legitimate interest.
Withdraw Consent	Where processing is based on consent, withdraw it at any time without affecting prior processing.

How to Exercise Your Rights

Submit requests via our contact form. We will respond within 30 days. If we need additional time (up to 60 days for complex requests), we will inform you of the extension and the reasons.

Appeal Mechanism

If you are unsatisfied with our response to your request, you may appeal by contacting us with additional details. You also have the right to lodge a complaint with your local data protection authority.

Children's Privacy

SentryMandate is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will delete it promptly.

Do Not Track

SentryMandate does not use tracking cookies, advertising pixels, or behavioral profiling. We honor Do Not Track signals by default because we do not track users across third-party websites.

California Residents (CCPA/CPRA)

If you are a California resident, you have the right to:

Know what personal information is collected and how it is used.
Request deletion of your personal information.
Opt out of the sale of personal information. We do not sell personal information.
Not be discriminated against for exercising your privacy rights.

International Users

SentryMandate is operated from the United States. If you access the Platform from outside the US, your data may be transferred to and processed in the United States. By using the Platform, you consent to this transfer. We rely on appropriate safeguards (including contractual protections with our subprocessors) to ensure your data is protected in accordance with this Policy.

You retain full ownership of your mandate configurations, budget parameters, approval policies, execution logs, and all governance data created within the Platform.

To be explicit:

You are the data controller. You decide what mandates to create, what budgets to set, and what governance rules to enforce. We execute your instructions.
We are the data processor. We process your Mandate and Operational Data solely to provide the Platform's services as instructed by you.
We claim no rights to your strategic configurations, spending policies, agent architectures, or any intellectual property embedded in your mandate definitions.
Logging for service integrity only. We may retain minimal execution metadata (timestamps, aggregate counts, error states) for debugging, security monitoring, and service reliability. This is never used for competitive purposes.

If you delete your account, your mandate data and execution logs are removed in accordance with our retention policy. We do not retain copies for our own use.

We may update this Policy from time to time. When we make material changes:

We will update the "Last Updated" date at the top of this page.
For significant changes, we will notify registered users via email or an in-platform notification.
Continued use of the Platform after notification constitutes acceptance of the updated Policy.

We encourage you to review this Policy periodically. Previous versions are available upon request.

Privacy Questions?

For privacy-related inquiries, data access requests, or concerns:

Sentry Mandate LLC · United States