What We Collect
- Account data — Email address, organization name, and admin role (provided during signup)
- Transaction metadata — Vendor names, amounts, categories, and policy decisions processed through the gate API
- Audit logs — Actor identifiers, actions, timestamps, IP addresses, and user-agent strings
- Pilot inquiry data — Name, company, email, and message submitted via contact/pilot request forms
What We Do NOT Collect
- We do not store raw API keys — only peppered, irreversible hashes
- We do not access, store, or process actual payment card numbers or bank account details
- We do not use tracking cookies or third-party analytics on the service
How We Store Data
- All data is stored in Supabase (PostgreSQL) with AES-256 encryption at rest
- Data is isolated per organization using
org_id foreign keys and Row Level Security policies - Admin passwords are stored as bcrypt hashes (cost factor ≥ 12)
Data Retention
- Audit logs and gate events are retained for the duration of the customer contract
- Admin session tokens expire after 8 hours and can be revoked at any time
- Customers may request data export or deletion by contacting us
Contact
For privacy inquiries: hello@sentinelfinancehq.com