The controller responsible for data processing on this website is:
Tim von Sachs
Leonhard-Frank-Straße 1
80796 München, Germany
Email: timvonsachs@gmail.com
2. What Data We Collect
When you use Sentinel AI, we may collect the following data:
Email address — provided when you sign up for an API key or join the waitlist.
OpenAI API key — provided when you sign up for the proxy service. Stored encrypted. Used solely to forward your API calls to OpenAI on your behalf.
API request metadata — timestamps, model used, token counts, latency, routing decisions, and cost calculations. We do NOT store the content of your prompts or AI responses.
Usage data — number of API calls, savings metrics, and feature usage for billing and product improvement.
Server logs — IP addresses, browser type, and access timestamps for security and abuse prevention. Automatically deleted after 30 days.
3. What We Do NOT Collect
We take privacy seriously. We explicitly do NOT collect or store:
The content of your prompts or messages sent through the proxy.
The content of AI responses received through the proxy.
Any personal data of your end users.
Cookies for tracking or advertising purposes.
4. Why We Process Your Data
We process your data for the following purposes:
Service delivery — to route your API calls, calculate savings, and provide the dashboard (legal basis: contract performance, Art. 6(1)(b) GDPR).
Billing — to track usage and process payments (legal basis: contract performance, Art. 6(1)(b) GDPR).
Security — to prevent abuse, detect attacks, and ensure service availability (legal basis: legitimate interest, Art. 6(1)(f) GDPR).
Product improvement — to understand aggregate usage patterns and improve routing accuracy (legal basis: legitimate interest, Art. 6(1)(f) GDPR). All data used for this purpose is aggregated and anonymized.
5. Data Storage and Security
Your data is stored on servers located in the European Union (Germany). API keys are stored encrypted at rest. We use HTTPS for all data transmission. Access to personal data is restricted to the controller.
6. Data Sharing
We do not sell your data. We share data only in the following cases:
LLM providers — your API calls are forwarded to OpenAI, Anthropic, or other providers you configure. These calls contain your API key and request data. Each provider's own privacy policy applies.
Hosting provider — our infrastructure provider processes data on our behalf under a data processing agreement.
Legal obligations — if required by law or court order.
7. Data Retention
Account data (email, encrypted API key): retained until you delete your account.
Usage metrics: retained for 12 months, then aggregated and anonymized.
Server logs: automatically deleted after 30 days.
8. Your Rights (GDPR)
Under the General Data Protection Regulation, you have the right to:
Access — request a copy of all data we hold about you.
Rectification — correct inaccurate data.
Erasure — request deletion of your data ("right to be forgotten").
Restriction — restrict the processing of your data.
Portability — receive your data in a machine-readable format.
Objection — object to processing based on legitimate interest.
Complaint — file a complaint with the Bavarian Data Protection Authority (BayLDA), Promenade 18, 91522 Ansbach, Germany.
This website does not use cookies for tracking or advertising. We may use strictly necessary cookies for session management if you create an account. No consent banner is required as we do not use non-essential cookies.
10. Changes
We may update this privacy policy from time to time. Changes will be posted on this page with an updated date. Continued use of the service after changes constitutes acceptance.