Data Loss Prevention Policy

Last updated: March 3, 2026

1. Purpose

This policy defines the controls and practices Sentinel uses to prevent unauthorized access, exfiltration, or loss of customer data, including personally identifiable information (PII) obtained through Shopify and other platform integrations.

2. Data Classification

ClassificationExamplesControls
ConfidentialCustomer names, email addresses, order data, OAuth tokens, API credentialsEncrypted at rest, access-controlled, audit-logged
InternalKPI snapshots, alert configurations, brand settings, AI recommendationsAccess-controlled per brand ownership
PublicPlatform names, supported features, documentationNo special controls required

3. Encryption Controls

3.1 Data at Rest

3.2 Data in Transit

4. Access Controls

4.1 Authentication

4.2 Authorization

4.3 Staff Access

5. Data Retention & Deletion

6. Data Loss Prevention Controls

6.1 Exfiltration Prevention

6.2 PII Scrubbing

6.3 Backup Integrity

7. Monitoring & Auditing

8. Policy Review

This policy is reviewed and updated at least annually, or whenever significant changes are made to data handling practices or system architecture.

9. Contact

For data protection inquiries, contact: privacy@trysignal.co