LEGAL

Privacy Notice

This notice explains what information Sentinel collects, how we use it, and what controls you have. If you have questions not answered here, contact us directly.

Last updated: May 2026

Information we collect

  • We collect information you provide directly when submitting demo requests or access forms, including name, work email, company name, and role.
  • We collect usage data necessary to deliver the service: scan results, asset records, agent telemetry, policy configurations, and access logs. This data is scoped to your organisation's tenant.
  • We collect standard infrastructure logs for security monitoring, availability, and debugging purposes.

How we use your information

  • To provide, operate, and maintain the Sentinel platform and its core functionality.
  • To respond to support requests, security incidents, and account inquiries.
  • To communicate product updates, security notices, and billing information relevant to your account.
  • To improve reliability and performance through aggregated, anonymised usage analysis.

What we do not do

  • We do not sell your data to third parties.
  • We do not use your environment's security findings or asset data for any purpose outside of delivering your service.
  • We do not store raw AI prompt content. The eBPF DLP monitor classifies content locally on the endpoint. Only redacted metadata is transmitted to our platform.

Sharing and disclosure

  • We may share data with infrastructure and service providers — including cloud hosting, analytics, and communications tools — under contractual confidentiality and security obligations.
  • We may disclose data when required by law, regulation, or valid legal process, and will notify affected customers where permitted to do so.
  • We do not share data between customer tenants under any circumstances.

Data retention

  • We retain your data for as long as your account is active and for a defined period following account closure to satisfy legal and operational obligations.
  • Discovery history, asset records, and scan data retention windows are configurable within the platform for Growth and Enterprise plans.
  • You may request deletion of your account data by contacting our team.

Security

  • We apply encryption in transit (TLS 1.2+) and at rest (AES-256) across all data we store and transmit.
  • Access to customer data within our systems is restricted by role and subject to audit logging.
  • We maintain an incident response plan with defined notification timelines in the event of a confirmed data security event.

Contact

  • For privacy questions, data access requests, or deletion requests, contact our team through the access form at rogueaisecurity.com/get-access.
  • Include your organisation name and a description of your request. We respond to privacy inquiries within five business days.

Questions about this notice? Contact our team or review our Terms of Service.