Identity of the Data Controller
1.1EaseTech Ltd. ("EaseTech", "we", "us", or "our") is the data controller responsible for personal data collected through the Sentinely platform.
1.2Company details:
NameEaseTech Ltd.Company number517186268JurisdictionState of IsraelEmailsupport@sentinely.aiWebsitehttps://sentinely.ai
1.3For all privacy-related inquiries, requests, or complaints, contact us at support@sentinely.ai. We will respond within 30 days.
1.4EaseTech is registered as a database holder under the Israeli Privacy Protection Law 5741-1981 and its regulations, to the extent required by law.
Scope of This Policy
2.1This Privacy Policy applies to all personal data collected by EaseTech through:
(a)The Sentinely website at sentinely.ai and all subdomains including app.sentinely.ai;
(b)The Sentinely API at api.sentinely.ai;
(c)The Sentinely Python and Node.js SDKs;
(d)Email communications with EaseTech;
(e)Any other interaction with EaseTech or the Service.
2.2This Policy does not apply to third-party websites, services, or applications that may link to or integrate with the Service. EaseTech is not responsible for the privacy practices of third parties.
2.3If you are a Customer using Sentinely to process data belonging to your own end users, you are the data controller for that data and EaseTech processes it as your data processor, subject to a separate Data Processing Agreement available upon request.
Information We Collect
3.1Account and Identity Information. When you create an account, we collect:
(a)Full name and company name (if provided);
(b)Email address;
(c)Hashed password (we never store plaintext passwords);
(d)Plan type and subscription status;
(e)Account creation date and last login timestamp;
(f)Email verification status.
3.2Payment and Billing Information. When you subscribe to a paid plan, we collect:We do not store raw credit card numbers or full payment card data. Payment processing is handled by PCI-DSS compliant third-party payment processors.
(a)Billing contact information;
(b)Payment transaction records;
(c)Subscription history and invoices.
3.3Agent Behavioral Event Data. When you use the Sentinely SDK, we collect data transmitted by your AI agents, including:This data is used solely to provide the security analysis and monitoring features of the Service.
(a)Agent identifiers and session identifiers;
(b)Tool names and call parameters;
(c)Risk scores, threat classifications, and decisions;
(d)Action chain sequences;
(e)Timestamps and latency measurements;
(f)Original task descriptions provided by you.
3.4Technical and Usage Data. We automatically collect:
(a)IP addresses and approximate geolocation (country and city level only);
(b)Browser type, version, and operating system;
(c)Device type and screen resolution;
(d)Pages visited, features used, and time spent;
(e)API request logs including endpoints, methods, response codes, and timestamps;
(f)SDK version and programming language;
(g)Error logs and crash reports;
(h)Referral source and marketing attribution data.
3.5Communications Data. If you contact us, we collect:
(a)The content of your messages and emails;
(b)Your email address and any contact details provided;
(c)Support ticket history and resolution records.
3.6Notification Preferences. We collect:
(a)Slack webhook URLs (if provided);
(b)PagerDuty routing keys (if provided);
(c)Email notification preferences;
(d)Alert threshold configurations.
3.7Cookies and Tracking Technologies. We use the following technologies:We do not use advertising or cross-site tracking cookies.
(a)Essential cookies: required for login sessions and dashboard authentication;
(b)Preference cookies: remember your settings;
(c)Analytics cookies: understand how the Service is used (may be disabled without affecting core functionality);
(d)Security tokens: protect against CSRF and session hijacking.
3.8Data We Do Not Collect. We do not intentionally collect:If you inadvertently submit such data, notify us immediately at support@sentinely.ai.
(a)Government ID numbers or national identification;
(b)Raw financial account or payment card data;
(c)Biometric data;
(d)Special categories of personal data under GDPR Article 9, unless explicitly submitted by you;
(e)Data from persons under 16 years of age.
How We Use Your Information
4.1To Provide the Service. We use your data to:
(a)Create and manage your account;
(b)Process and score AI agent events in real time;
(c)Generate security alerts, reports, and dashboards;
(d)Enforce your plan limits and usage quotas;
(e)Send operational notifications relevant to the Service;
(f)Process payments and manage subscriptions;
(g)Respond to your support requests.
4.2To Improve the Service. We use anonymized and aggregated data to:
(a)Improve the accuracy of our behavioral scoring engine;
(b)Detect new attack patterns and threat vectors;
(c)Develop new features and product capabilities;
(d)Conduct internal research and analysis;
(e)Generate industry threat intelligence reports (never identifying individual customers).
4.3To Communicate with You. We use your email address to send:
(a)Transactional emails: account verification, API key issuance, payment receipts, plan changes;
(b)Security alerts: triggered by your own configuration;
(c)Usage alerts: when you approach plan limits;
(d)Product updates: material changes to the Service;
(e)Marketing emails: only with your explicit consent, which you may withdraw at any time.
4.4To Ensure Security and Prevent Abuse. We use data to:
(a)Detect and prevent fraudulent or unauthorized use;
(b)Monitor for API abuse, rate limit violations, and suspicious access patterns;
(c)Enforce our Terms of Use;
(d)Protect the integrity and availability of the Service.
4.5To Comply with Legal Obligations. We use data to:
(a)Comply with applicable laws and regulations;
(b)Respond to lawful requests from government authorities;
(c)Establish, exercise, or defend legal claims;
(d)Fulfill our obligations under applicable tax law.
4.6We will never:
(a)Sell your personal data to third parties;
(b)Use your Customer Data to train AI models that will be sold to or used by other customers;
(c)Share your personal data with advertisers;
(d)Use your data for purposes incompatible with those stated in this Policy without your consent.
Legal Basis for Processing (GDPR)
5.1For Users in the European Economic Area (EEA), United Kingdom, or other GDPR-equivalent jurisdictions, we process personal data on the following legal bases:
(a)Performance of a Contract (Article 6(1)(b)): Processing necessary to provide the Service, manage your account, process payments, and fulfill our contractual obligations to you.
(b)Legitimate Interests (Article 6(1)(f)): Processing for product improvement, security monitoring, fraud prevention, and direct marketing to existing customers, where our interests are not overridden by your rights and freedoms.
(c)Legal Obligation (Article 6(1)(c)): Processing required to comply with applicable law, including tax obligations and law enforcement requests.
(d)Consent (Article 6(1)(a)): Processing for marketing communications to non-customers, non-essential cookies, and any other processing where consent is the stated basis. You may withdraw consent at any time without affecting prior processing.
5.2Where we rely on legitimate interests, you may object to such processing at any time. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests.
Data Sharing and Third Parties
6.1We Never Sell Your Data. EaseTech does not and will never sell, rent, trade, or license your personal data to any third party for commercial purposes.
6.2Service Providers. We share limited data with trusted third-party providers that help us operate the Service, including:All service providers are contractually bound to process data only on our instructions, implement appropriate security measures, and not use data for their own purposes.
(a)Cloud infrastructure providers (hosting, storage, databases) — bound by data processing agreements;
(b)Payment processors — PCI-DSS certified;
(c)Email delivery services — for transactional email;
(d)Analytics providers — using anonymized data only;
(e)Customer support tooling — as necessary.
6.3AI Scoring Infrastructure. The behavioral scoring engine powering Sentinely uses third-party AI infrastructure. When your agent events are scored, limited event data is transmitted to this infrastructure solely to produce the security score. This data is:
(a)Not used to train models for other customers;
(b)Not retained beyond what is necessary for scoring;
(c)Processed under strict data processing agreements.
6.4Business Transfers. If EaseTech undergoes a merger, acquisition, asset sale, or insolvency proceeding, your data may be transferred to the acquiring entity. We will provide 30 days notice via email before any such transfer, and your rights under this Policy will be maintained.
6.5Legal Disclosures. We may disclose your personal data if required to do so by:Where legally permitted, we will notify you of such requests before complying.
(a)Applicable law, regulation, or legal process;
(b)A valid order from a competent court or authority;
(c)To protect the rights, property, or safety of EaseTech, our users, or the public.
6.6Aggregated Data. We may share anonymized, aggregated, de-identified data (from which you cannot be identified) with third parties for research, marketing, or commercial purposes. This is not personal data and is not subject to this Policy.
6.7No Cross-Customer Data Sharing. Your Customer Data, event logs, and agent data are never shared with or made visible to other Sentinely customers.
International Data Transfers
7.1EaseTech is based in Israel. The European Commission has recognized Israel as providing an adequate level of data protection for personal data transferred from the EEA (Commission Decision 2011/61/EU). Transfers from the EEA to EaseTech are therefore lawful without additional safeguards.
7.2Where we transfer personal data to sub-processors outside Israel and the EEA in countries without an adequacy decision, we implement appropriate safeguards, including:
(a)Standard Contractual Clauses (SCCs) approved by the European Commission;
(b)Binding Corporate Rules where applicable;
(c)Other lawful transfer mechanisms.
7.3You may request a copy of the safeguards we use for international transfers by contacting support@sentinely.ai.
Data Retention
8.1Account Data. We retain your account information for the duration of your account and for 3 years after account termination, for legal and business purposes including resolving disputes and enforcing agreements.
8.2Agent Event Data. We retain behavioral event data in accordance with your plan's retention policy:Data older than your retention period is automatically and permanently deleted.
Trial7 days
Starter7 days
Pro30 days
Team90 days
EnterpriseCustom (up to 365 days)
8.3Payment Records. We retain payment and transaction records for 7 years to comply with Israeli tax and accounting law.
8.4Communications. Support and email communications are retained for 3 years from the date of the last interaction.
8.5Security Logs. API access logs and security logs are retained for 90 days for security and fraud prevention purposes.
8.6Legal Hold. Notwithstanding the above, we may retain data for longer periods where required by applicable law or where necessary for pending or threatened legal proceedings.
8.7Deletion Process. When we delete data, we use secure deletion methods to ensure data is not recoverable from our active systems. Residual copies in backups are overwritten within 30 days of backup rotation cycles.
Your Privacy Rights
9.1Rights Under Israeli Law. Under the Israeli Privacy Protection Law 5741-1981, you have the right to inspect personal data we hold about you and request correction of inaccurate data by contacting us at support@sentinely.ai.
9.2Rights Under GDPR. If you are located in the EEA or UK, you have the following rights regarding your personal data:
(a)Right of Access (Article 15): Request a copy of all personal data we hold about you and information about how we process it.
(b)Right to Rectification (Article 16): Request correction of inaccurate or incomplete personal data without undue delay.
(c)Right to Erasure / Right to Be Forgotten (Article 17): Request deletion of your personal data where it is no longer necessary for the purposes collected, you withdraw consent, or processing is unlawful. This right is subject to legal retention obligations.
(d)Right to Restriction of Processing (Article 18): Request that we restrict processing of your data while the accuracy or lawfulness of processing is disputed.
(e)Right to Data Portability (Article 20): Receive your personal data in a structured, commonly used, machine-readable format, and transmit it to another controller.
(f)Right to Object (Article 21): Object to processing based on legitimate interests or for direct marketing purposes. We will cease processing unless compelling legitimate grounds override your interests.
(g)Rights Related to Automated Decision-Making (Article 22): Not be subject to decisions based solely on automated processing that produce significant legal or similarly significant effects. Our risk scoring is intended to assist human security review, not to replace it.
9.3Rights Under CCPA (California Residents). If you are a California resident, you have the right to know what personal information we collect and how it is used, the right to delete your personal information, the right to opt-out of sale of personal information (we do not sell personal information), and the right to non-discrimination for exercising your privacy rights.
9.4Other US State Privacy Laws. If you are a resident of Virginia, Colorado, Connecticut, Texas, or any other US state with applicable privacy legislation, you may have additional rights regarding your personal data. EaseTech honors privacy rights requests from all US residents regardless of state. Contact support@sentinely.ai to exercise any such rights.
9.5Exercising Your Rights. To exercise any of the above rights:
(a)Email us at support@sentinely.ai with the subject line "Privacy Rights Request";
(b)Specify clearly which right you are exercising and provide sufficient information to verify your identity;
(c)We will respond within 30 days. Complex requests may require up to 60 days with notice to you.
9.6Identity Verification. We may require verification of your identity before processing privacy rights requests. We will not charge a fee for reasonable requests but may charge a reasonable fee for manifestly unfounded or excessive requests.
9.7Right to Lodge a Complaint. You have the right to lodge a complaint with:
(a)The Israeli Privacy Protection Authority (PPA) at https://www.gov.il/en/departments/the_privacy_protection_authority;
(b)Your local EU supervisory authority if you are in the EEA.
Security Measures
10.1Technical Safeguards. EaseTech implements industry-standard security measures including:
(a)TLS/SSL encryption for all data in transit;
(b)Encryption at rest for sensitive data including passwords (bcrypt hashing), API keys (hashed), and database contents;
(c)Access controls and role-based permissions limiting data access to authorized personnel;
(d)API authentication using secure bearer tokens;
(e)Rate limiting and abuse detection;
(f)Regular security dependency updates;
(g)Infrastructure hosted in SOC2-certified data centers.
10.2Organizational Safeguards. We implement:
(a)Confidentiality obligations for all personnel with access to personal data;
(b)Minimum necessary access principles;
(c)Security training for relevant staff;
(d)Incident response procedures.
10.3No Absolute Security. Despite our efforts, no security system is impenetrable. EaseTech cannot guarantee that unauthorized parties will never defeat our security measures. You transmit data to us at your own risk. Upon becoming aware of a security breach, we will notify affected users in accordance with applicable law.
10.4Breach Notification. In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify you and relevant authorities in accordance with applicable law, including within 72 hours for GDPR-regulated breaches where required.
10.5Responsible Disclosure. If you discover a security vulnerability in the Service, please report it responsibly to support@sentinely.ai. We will investigate all reports and respond within 5 business days. We do not pursue legal action against good-faith security researchers.
Children's Privacy
11.1The Service is intended solely for use by businesses and professional developers. The Service is not directed at individuals under the age of 16.
11.2We do not knowingly collect personal data from persons under 16. If we discover that we have inadvertently collected personal data from a minor, we will promptly delete it.
11.3If you believe a minor has submitted personal data to us, contact us immediately at support@sentinely.ai.
Cookies Policy
12.1We use the following cookies:
12.2We do not use:
—Advertising cookies
—Cross-site tracking cookies
—Social media tracking pixels
—Third-party behavioral profiling cookies
12.3Managing Cookies. You may disable non-essential cookies through your browser settings. Disabling essential cookies will prevent you from logging in and using the Service.
12.4We will ask for your consent before setting non-essential cookies where required by applicable law.
Data Processing Agreement (DPA)
13.1If you use Sentinely to process personal data of your own end users, EaseTech acts as a data processor on your behalf and you act as the data controller.
13.2In such cases, a Data Processing Agreement (DPA) governs EaseTech's processing of such data. Our standard DPA is available upon request by emailing support@sentinely.ai.
13.3The DPA includes:
(a)Obligations of EaseTech as data processor;
(b)Sub-processor list and notification procedures;
(c)Technical and organizational security measures;
(d)Data subject rights assistance procedures;
(e)Breach notification procedures;
(f)Data deletion and return provisions;
(g)Standard Contractual Clauses where applicable.
13.4By using the Service to process personal data of third parties without a signed DPA, you represent that the processing is lawful under applicable law and that you bear sole responsibility for such processing.
Third-Party Links and Integrations
14.1The Service may contain links to third-party websites or integrate with third-party services (such as Slack and PagerDuty). EaseTech is not responsible for the privacy practices of any third party.
14.2When you configure third-party integrations (e.g., providing a Slack webhook URL), you acknowledge that data transmitted to those services is governed by their respective privacy policies.
14.3We recommend reviewing the privacy policies of all third-party services you integrate with.
Changes to This Privacy Policy
15.1We reserve the right to update this Privacy Policy at any time. We will notify you of material changes by:
(a)Sending an email to your registered address at least 14 days before the change takes effect;
(b)Posting the updated Policy at sentinely.ai/privacy with a revised "Last Updated" date;
(c)Where required by law, requesting renewed consent.
15.2Your continued use of the Service after the effective date of any updated Policy constitutes your acceptance of the updated Policy.
15.3If you disagree with any changes to this Policy, you must stop using the Service and may request deletion of your personal data pursuant to Section 9.
15.4We maintain an archive of prior versions of this Policy. To request a prior version, contact support@sentinely.ai.
Contact and Complaints
16.1For all privacy-related matters, contact us at:
CompanyEaseTech Ltd.Company Number517186268JurisdictionState of IsraelEmailsupport@sentinely.aiWebsitehttps://sentinely.ai
16.2We are committed to resolving privacy complaints directly. Please contact us first before escalating to a regulatory authority. We will respond within 30 days.
16.3If you are not satisfied with our response, you may escalate to:
(a)The Israeli Privacy Protection Authority (PPA): https://www.gov.il/en/departments/the_privacy_protection_authority
(b)Your local EU/EEA data protection supervisory authority if you are located in the EEA.
— End of Privacy Policy —
By using the Service, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and processing of your information as described herein.
© 2026 EaseTech Ltd. All rights reserved.