Privacy Policy — Senthex

This policy explains how Senthex collects, uses, and protects your data. Senthex is committed to GDPR compliance and EU AI Act readiness.

1. Data We Collect

We collect account information (email, organization name), billing data (processed by Stripe), and metadata from proxied requests (timestamps, shield results, provider name, token counts). We do not store LLM request or response content by default.

2. How We Use Your Data

Account data is used to provide the service and send product updates. Request metadata is used to populate your dashboard and generate audit trails. We never sell your data to third parties.

3. Data Retention

Metadata logs are retained for 7 days (Free), 30 days (Pro), 90 days (Business), or unlimited (Enterprise). Account data is retained until you delete your account.

4. Your Rights (GDPR)

You have the right to access, rectify, erase, and port your data. To exercise these rights, contact privacy@senthex.com.

5. Sub-processors

We use Stripe (payments), Fly.io or Railway (infrastructure), and Resend (transactional email). All sub-processors are GDPR compliant.