1. What Data We Collect
Sentinel collects the following data to provide its life-tracking features:
- Account information: email address, display name, timezone
- Daily life metrics: sleep, meals, water intake, workouts, mood, energy, check-ins, learning sessions, life admin tasks
- Financial data (optional, via Plaid): institution name, account type, last four digits, transaction merchant names, amounts, categories, and dates
- AI conversations: messages exchanged with the AI advisor feature
- Push notification subscriptions: browser push endpoints for sending reminders
- NFC tag registrations: tag labels, action configurations, and scan logs
2. How Your Data Is Stored
- Database: Supabase (PostgreSQL) with Row Level Security (RLS) ensuring each user can only access their own data
- Encryption in transit: all connections use HTTPS/TLS
- Encryption at rest: Plaid access tokens are encrypted with AES-256-GCM before storage
- Access control: Plaid tokens are excluded from client-side database queries via column-level security policies
- Hosting: application hosted on Vercel with enterprise-grade infrastructure security
3. How Your Data Is Used
- Computing daily scores and streaks to help you track life habits
- Categorizing and displaying financial transactions for expense awareness
- Powering the AI advisor with context about your daily activities
- Sending push notification reminders (only if enabled by you)
- Generating weekly review summaries
We do not sell, rent, or share your personal data with third parties for marketing purposes.
4. Third-Party Services
Sentinel integrates with the following third-party services:
- Plaid: financial data aggregation (connects to your bank to fetch transactions). Subject to Plaid's Privacy Policy
- Supabase: database and authentication hosting
- Vercel: application hosting and serverless functions
- Anthropic (Claude): AI advisor feature processing
- Resend: transactional email delivery (login codes, feedback notifications)
5. Data Retention
- Financial entries (Plaid-synced): retained for 24 months, then automatically deleted
- Financial entries (manual): retained indefinitely
- AI conversations: retained for 12 months, then automatically deleted
- Daily scores and streaks: retained indefinitely (aggregated data)
- Disconnected bank accounts: records purged 30 days after disconnection
- Account deletion: all data is permanently deleted via cascading delete when you delete your account
6. Your Rights
- Disconnect bank accounts: revoke Plaid access at any time from Settings. The access token is immediately invalidated and removed.
- Delete your account: all associated data is permanently deleted (cascading delete across all tables)
- Data portability: you can request an export of your data by contacting us
- Opt out of AI: the AI advisor is optional and can be unused without affecting core functionality
- Notification control: push notifications can be enabled or disabled at any time from Settings
7. Cookies & Local Storage
Sentinel uses:
- Authentication cookies: Supabase session tokens for maintaining your login
- localStorage: theme preferences, timer state, and service worker registration
We do not use third-party tracking cookies or analytics.
8. Security
We implement the following security measures:
- Passwordless authentication (OTP via email). No passwords stored
- Row Level Security (RLS) on all database tables
- AES-256-GCM encryption for sensitive tokens
- Timing-safe comparison for server-side secrets
- Input validation and sanitization on all API endpoints
- Content Security Policy, HSTS, and other security headers
- Rate limiting on sensitive endpoints
9. Contact
For questions about this privacy policy or to request data deletion/export, contact:
mirohizu@gmail.com
10. Changes to This Policy
We may update this policy from time to time. Changes will be posted on this page with an updated effective date. Continued use of Sentinel after changes constitutes acceptance of the updated policy.