Sentinel Security Agent

Home   API

Privacy Policy

Sentinel Security Agent

Last updated: April 30, 2026

1. Introduction

Sentinel Security Agent ("Sentinel," "we," "us") provides automated smart contract security auditing services. This Privacy Policy describes how we collect, use, and protect information when you use our API, web dashboard, desktop application, or CLI tool (collectively, the "Service").

2. Information We Collect

2.1 Source Code Submissions

How long we hold source code depends on the audit tier:

  • Free scans (the basic `/audit` endpoint and the home-page free-tier scan) — source code is processed in-memory only and is discarded once the response is returned. We do not write it to disk and we do not retain it after the request completes.
  • Paid audits (Basic Det, AI Basic, Full AI, and Pro tiers) — to power the in-report explainer chat and to let you re-download or re-render the report, we store the submitted source code alongside the audit result in our payments database. This storage is associated with the wallet address that paid for the audit and persists until you ask us to delete it (see Section 7) or it ages out per the retention table in Section 5.

    • Source code is never sold, shared, or distributed to third parties. AI-enhanced analysis sends source excerpts to the Anthropic Claude API for processing; see Section 4 for that flow and how to opt out.

    2.2 API Keys

    We issue API keys for authentication. API keys are stored as salted hashes. We do not collect personally identifiable information (PII) beyond what you voluntarily provide when requesting an API key.

    2.3 Request Metadata

    We log the following operational metadata for security and reliability purposes:

  • IP address hash (one-way hash) in our application database. Used for rate-limit accounting and incident-response correlation. The original IP is not retrievable from the hash.
  • Raw IP address in our hosting provider's infrastructure logs (Fly.io). We don't write raw IPs to our application database, but our hosting provider retains them in standard request logs as part of normal operation. We use this only to investigate security incidents (DoS, credential abuse, attempted account takeovers) and have no automation that exposes raw IPs to the application surface or to other customers. These logs are retained per Fly.io's standard log policy and are not shared with third parties.
  • Timestamps of requests.
  • Contract hash (SHA-256 of submitted source code; not the source itself).
  • Request duration and verdict (pass/fail).
  • Chain identifier submitted with the request.

    • We do not log source code content in our application logs.

    2.4 Wallet-Keyed Audit History (Publicly Readable)

    Audit history is keyed by the paying wallet address. The endpoints `GET /audit/history/{wallet}`, `GET /audit/token/history/{wallet}`, and `GET /api/v1/subscriptions/{wallet}` return a wallet's audit list and subscription status to anyone who knows the wallet address — no Bearer token, API key, or wallet signature is required to read them. This is the same on-chain transparency model as a block explorer: anyone with your wallet address can already see the on-chain payment for an audit, and the corresponding audit metadata (contract address, tier, verdict, audit ID) is exposed at the matching API endpoints.

    What is publicly readable: the list of audits attached to a wallet, including contract addresses, tier names, verdicts, scores, and audit IDs.

    What is NOT publicly readable: the report PDF itself (paid audits issue a one-shot bearer token to the paying wallet at the time of payment, and downloads require it), the full source code submitted, the explainer chat content, and any account-level configuration. These require either the bearer issued at payment time or a wallet-signature claim.

    If you would prefer your audit history not be enumerable by your wallet address, contact us via Twitter DM at @SentinelEngine and we'll process an early deletion under Section 7.

    2.5 Cookies and Local Storage

    The Sentinel API itself does not use cookies. However, the home page and the web dashboard at `/app` use your browser's `localStorage` to remember the following between sessions:

  • Wallet address you connected (so you don't have to reconnect on every visit).
  • Free-scan history cache (results of free scans you have run from this browser, retained client-side only).
  • Language preference for the interface.
  • Chat-access bearer token (issued once per paid audit so the in-report explainer chat can authenticate you on subsequent visits without asking you to re-sign).
  • Admin operator key, if you are an operator who has signed in to the admin dashboard.

    • These values live entirely in your browser and never leave your device unless you explicitly trigger an action that uses them (sending an audit, opening a report). To clear them, sign out from the dashboard or clear site data for `sentinel-security-api.fly.dev` in your browser settings.

    3. How We Use Information

  • Audit processing: Source code is analyzed by our detection engine. For free scans it is discarded from memory after the response; for paid audits it is stored alongside the result so you can re-open the report and use the explainer chat.
  • Audit history: Paid audits (findings, verdict, score, metadata, and source) are linked to your wallet address so you can review past audits. See Section 5 for retention details and Section 7 to request deletion.
  • Service improvement: Aggregated, anonymized statistics (e.g., detection rates, request volume) may be used to improve the engine. This never includes raw source code or wallet-address-keyed records.
  • Security: Request metadata and hosting provider logs are used to detect abuse, enforce rate limits, and investigate incidents.

    • 4. Third-Party Data Sharing

    Source code submitted for audit is processed locally within our infrastructure (on-premises or within our Docker deployment). It is not sent to third-party services by default.

    AI-Assisted Analysis: Audits performed via the website include AI-enhanced analysis by default, where source code excerpts (up to 12,000 characters per specialist) are sent to the Anthropic Claude API for deeper vulnerability detection. When using the API directly, this feature can be toggled via the `ai_brain` parameter (`true` by default, set to `false` to disable). AI analysis results are advisory and generated by language models that may produce errors. Anthropic's data handling is governed by their own privacy policy.

    We do not sell, rent, or trade any user data to third parties.

    5. Data Retention

    |---|---|

    You may request deletion of any stored data at any time (see Section 7). Deletion removes the audit-history record, the stored source, and the explainer-chat history for that audit.

    6. Data Security

  • API keys are stored as salted hashes and are never logged in plaintext.
  • All API communication should be conducted over HTTPS (TLS 1.2+).
  • The service runs in isolated Docker containers with non-root execution.
  • Rate limiting and security headers (CSP, HSTS, X-Content-Type-Options) are enforced.

    • 7. Your Rights (GDPR and Global Privacy)

    7.1 Lawful Basis for Processing (GDPR)

    We process data under the following lawful bases:

  • Legitimate interest (Article 6(1)(f)): Processing source code for security analysis is in the legitimate interest of both the user and the broader smart contract ecosystem. We perform this analysis solely at the user's request.
  • Contractual necessity (Article 6(1)(b)): Processing payment data and delivering audit results is necessary to fulfill the service contract.
  • Consent (Article 6(1)(a)): AI-enhanced analysis involving third-party processing (Anthropic API) is performed with user consent, which can be withdrawn by setting `ai_brain=false` on API requests.

    • 7.2 Your Rights

    Regardless of your location, we provide the following rights:

  • Right to Access: Request a copy of any data we hold about you.
  • Right to Deletion: Request deletion of your audit history, API keys, and associated metadata.
  • Right to Data Portability: Request your audit history in a machine-readable JSON format.
  • Right to Rectification: Request correction of inaccurate data.
  • Right to Restrict Processing: Request that we limit how we process your data.
  • Right to Object: Object to processing based on legitimate interest.
  • No Profiling: We do not perform automated profiling or decision-making based on your data.

    • To exercise any of these rights, contact us at the address in Section 9. We will respond within 30 days.

    7.3 Data Protection Contact

    For GDPR-related inquiries, contact us via Twitter DM at @SentinelEngine. A formal Data Protection Officer (DPO) will be designated upon incorporation.

    7.4 Cross-Border Data Transfers

    Your source code may be processed by the Anthropic Claude API (US-based) when AI-enhanced analysis is enabled. This transfer is covered under Standard Contractual Clauses (SCCs) as provided by Anthropic. You may disable AI-enhanced analysis at any time to ensure all processing occurs within our infrastructure.

    8. Changes to This Policy

    We may update this Privacy Policy from time to time. Material changes will be communicated via our API changelog or dashboard notification at least 14 days before taking effect.

    9. Contact

    For privacy-related inquiries or data requests:

    Twitter: @SentinelEngine

    Sentinel Security Agent. All rights reserved.

    Data TypeRetention Period
    Free-scan source codeDiscarded immediately after the response
    Paid-audit source code + results (in our database)Retained until you request deletion (see Section 7)
    Free-scan deduplication cache (keyed by source hash, not contents)24 hours
    API keysUntil revoked or expired (TTL-based)
    Application metadata logs (hashed IP, contract hash, timestamps)90 days
    Hosting provider request logs (raw IPs, kept by Fly.io for incident response)Per Fly.io's standard log retention policy