Privacy Policy

This policy describes how Ephemeral Sentinel collects and uses information.

Information Collected

We may collect:

• email addresses provided at signup
• organisation and contact details entered during account creation
• billing information processed through Stripe
• anonymised, metadata-only analysis event records (verdict, score, timestamp — no email content)

Use of Information

Collected information is used to:

• provision and operate your Ephemeral Sentinel account
• deliver API credentials and onboarding materials
• communicate service updates and respond to support requests
• improve the platform and calibrate analysis accuracy

What We Do Not Store

Ephemeral Sentinel is designed to be privacy-first by architecture. The analysis pipeline never stores email body content, subject lines, sender or recipient addresses, attachment content, or raw URLs. Only metadata — verdict, score, signal identifiers, and timestamps — is retained, hashed where necessary, and subject to configurable retention limits.

Data Storage

Account and billing records are stored for the duration of your subscription. Analysis event metadata is retained according to the retention policy configured by your administrator and purged automatically when it expires.

Third-Party Services

Payment processing is handled by Stripe. Hosting infrastructure is provided by third-party cloud or on-premise providers selected by your organisation. No email content is shared with any third party.

Data Security

Reasonable administrative and technical safeguards are applied to all stored data. PII-adjacent fields are hashed using HMAC-SHA256 with a per-tenant salt.

Changes

This policy may be updated periodically. Continued use of the service constitutes acceptance of the current policy.

Contact

For privacy-related enquiries contact info-sentinel@arcforgelabs.com.