Skip to main content

Last updated:

Privacy Policy

This policy explains what personal data Sentro processes, why, and how to exercise your rights. It applies to the marketing site and the dashboard product.

1. Who we are

Sentro, Inc. ("Sentro", "we", "us") is the data controller for the personal data processed via sentrodb.com and the Sentro dashboard. Registered office: 2261 Market St, Suite 5500, San Francisco, CA 94114, USA. Contact: hello@sentrodb.com.

2. Data we collect

We collect three categories of personal data:

  • Account data — name, work email, organization, hashed password (or SSO identifier), role.
  • Usage data — request logs, page views, feature interactions, error traces. Aggregated where possible.
  • Billing data — billing email, address, last four digits and brand of the payment instrument. Card numbers are processed by Stripe and Dodo Payments and never touch our servers.

3. Why we process it

We process personal data to operate the service (contractual necessity), to send essential transactional email (legitimate interest), to detect and prevent abuse and fraud (legitimate interest), and to comply with legal obligations such as tax and accounting retention.

4. Customer database content

Sentro connects to your database to show its contents inside the dashboard. We do not copy that data into our own datastores beyond the in-memory query cache that backs the table editor, which is held for the duration of a session and discarded. Customer data is processed under the Data Processing Addendum at /legal/dpa.

5. Retention

Account data is retained for as long as your organization is active and for 90 days after deletion to satisfy refund and audit windows. Webhook delivery logs follow the retention windows in your plan (7 / 30 / 365 days). Aggregated, non-identifying analytics are kept for up to 24 months.

6. Sharing

We share data with the subprocessors listed at /legal/subprocessors. Each subprocessor is bound by a written agreement that flows down the protections in this policy. We do not sell personal data, and we do not share it for cross-context behavioral advertising.

7. International transfers

Data may be processed in the United States and the European Union. Where required, transfers rely on the European Commission's Standard Contractual Clauses and the UK International Data Transfer Addendum, plus appropriate supplementary measures.

8. Your rights

Subject to applicable law (including GDPR Articles 15–22 and the CCPA/CPRA), you may request access, correction, deletion, portability, restriction, or objection. To exercise these rights, email hello@sentrodb.com with the subject "Data rights request". We will respond within 30 days. You may also lodge a complaint with your local supervisory authority.

9. Security

We use TLS 1.2+ in transit and AES-256 at rest, scoped service accounts, mandatory MFA for employees, and quarterly access reviews. The full security overview lives at /legal/security.

10. Children

Sentro is a B2B tool and is not directed to anyone under 16. We do not knowingly collect personal data from children. If you believe a child has provided us data, contact hello@sentrodb.com.

11. Changes

We will post material changes here and notify account owners by email at least 30 days before they take effect.