Privacy Policy
Last updated: March 11, 2026
What Sentinel does
Sentinel is an attribution, reporting, and ad performance monitoring platform for merchants and agencies. It connects to advertising platforms, commerce platforms, and payment processors to import campaign data, order data, and tracking events — then delivers alerts, dashboards, and AI-powered recommendations.
Data we collect
Account & onboarding information
- Email address, password (bcrypt-hashed), and brand name provided at registration.
- Onboarding survey responses: your role, monthly ad spend range, revenue range, advertising platforms used, primary revenue source, goals, and brand name.
Advertising platform data
- Meta (Facebook / Instagram): Campaign metrics, ad set performance, ad-level spend and results, and account insights via the Meta Marketing API.
- Google Ads: Campaign, ad group, and ad-level metrics via the Google Ads API.
- TikTok Ads: Campaign, ad group, and ad-level metrics via the TikTok Marketing API.
- AppLovin / Axon: Campaign and ad-level performance data via the AppLovin Reporting API.
- Blended attribution sources: Ad platform and attribution metrics from connected third-party attribution providers.
Commerce & revenue data
- Shopify: Orders, customer records, product details, and financial status via the Shopify Admin API and webhooks (
orders/create,orders/updated). Customer order history (including pre-Sentinel orders) is used to determine new vs. returning customer status. - Guesty: Reservation data, guest details, listing information, and booking revenue via the Guesty API.
- Amazon: Orders, product catalog data, and seller metrics via the Amazon Selling Partner (SP-API).
Payment webhook data
- Stripe, PayPal, Square, WooCommerce: When you configure a webhook integration, Sentinel receives payment event payloads (transaction amount, customer email, order reference) to attribute conversions. Webhook signing secrets are stored encrypted.
- Generic webhooks: Custom HTTP payloads you send to Sentinel for attribution matching.
Attribution & tracking data
- Landing page URLs, UTM parameters, click identifiers (
fbclid,gclid,ttclid), HTTP referrers, and pixel/postback events. - First-party cookies: Sentinel sets
_stl_vid(visitor ID) and_stl_cid(click ID) on merchant storefronts to maintain visitor continuity and deduplicate conversion events across sessions. - Device & browser signals: IP address, user agent, screen resolution, and browser language may be collected as part of the tracking script to support cross-device identity resolution and attribution accuracy.
Customer identifiers
- Email addresses, phone numbers, names, order numbers, and reservation metadata that merchants send or that are received via connected platform APIs and webhooks. These identifiers are used for attribution matching and conversion deduplication.
Credentials & tokens
- OAuth tokens, API keys, and webhook signing secrets are stored using Fernet symmetric encryption and used only to access the platforms you explicitly connect.
How we use data
- To display ad performance metrics, multi-touch attribution reports, and KPI dashboards.
- To detect anomalies and send threshold-based alerts to Slack or email.
- To attribute orders, bookings, and payments to advertising touchpoints across channels using multiple attribution models (first touch, last click, linear, time decay, position-based).
- To calculate new customer metrics, customer lifetime value (LTV), and return-on-ad-spend (ROAS) using historical order data.
- To generate AI-powered recommendations for budget allocation, creative decisions, and campaign optimization.
- To send server-side conversion data back to advertising platforms (see "Server-side conversions" below).
- To build and sync Custom Audiences on advertising platforms when requested by the merchant.
- To export reports and data to Google Drive or Google Sheets when you connect those services.
- To install and operate tracking scripts, webhooks, and conversion integrations requested by the merchant.
- To send registration reminder emails to users who have not completed account setup.
- To provide support, diagnose issues, and maintain service reliability and security.
Server-side conversions (CAPI)
When you enable server-side conversion tracking, Sentinel sends purchase and conversion events to advertising platforms through their server-side APIs:
- Meta Conversions API (CAPI): Purchase events including hashed email, hashed phone number, IP address, user agent, click ID (
fbclid/fbc), browser ID (fbp), and transaction value. - Google Enhanced Conversions: Purchase events including hashed email, hashed phone number, transaction value, and
gclid. - TikTok Events API: Purchase events including hashed email, hashed phone number, IP address, user agent,
ttclid, and transaction value.
All personally identifiable information (email addresses, phone numbers) is SHA-256 hashed before transmission to advertising platforms. IP addresses and user agents are sent unhashed as required by platform specifications. This data is sent solely to report conversions back to the platforms where the merchant's ads run, enabling the platforms to optimize ad delivery.
Custom Audiences
When you use the Custom Audiences feature, Sentinel uploads hashed customer email lists to Meta (or other supported platforms) to create audience segments for ad targeting. Email addresses are SHA-256 hashed before upload. You are responsible for ensuring you have the necessary consent or legal basis to use customer data for advertising purposes. You may delete Custom Audiences at any time through Sentinel or directly on the advertising platform.
Meta platform data
Sentinel uses the Meta Marketing API to read advertising performance data and send conversion events on behalf of connected ad accounts. Sentinel does not use Meta data to build independent consumer profiles or serve its own advertising. Meta data accessed through the API is used only to provide the reporting, alerting, attribution, and conversion tracking features described in this policy, and is not shared with third parties except as required to operate the service (e.g., AI inference for recommendations).
By connecting your Meta ad account, you authorize Sentinel to access your advertising data and send conversion events under the permissions you grant during the OAuth connection flow. You may disconnect your Meta account at any time from the Sentinel Integrations page, which will stop all future API access.
Cookies and tracking
Sentinel sets the following first-party cookies on merchant storefronts where the tracking script is installed:
_stl_vid— A unique visitor identifier used to link browsing sessions to conversion events for attribution._stl_cid— A click identifier that captures the ad click ID (e.g.,fbclid,gclid) from the landing page URL.
Additionally, device and browser signals (IP address, user agent, screen resolution) may be collected by the tracking script to support identity resolution across devices and sessions.
Merchants are responsible for implementing any cookie consent banners, privacy notices, or opt-out mechanisms required by applicable law (e.g., GDPR, ePrivacy Directive, CCPA) on their storefronts.
AI processing
Sentinel uses Anthropic's Claude AI to generate campaign recommendations, alert summaries, and optimization suggestions. Data sent to the AI may include aggregated campaign metrics, order counts, revenue figures, and performance trends. Personally identifiable customer information (names, emails, phone numbers) is not sent to the AI provider. Anthropic processes this data under its commercial terms and does not use it to train AI models.
Third-party integrations
- Slack: Alert notifications and daily digests are delivered to Slack channels you configure. Sentinel accesses only the channels and permissions you authorize via OAuth.
- Google Drive / Google Sheets: When connected, Sentinel can export reports and data to your Google Drive. Sentinel accesses only the files and folders it creates.
- Klaviyo: When connected, Sentinel can sync customer and order data with your Klaviyo account for email marketing automation.
Sharing and subprocessors
Sentinel processes data through the following categories of service providers:
- Hosting: Railway (application hosting and database).
- AI inference: Anthropic (campaign recommendations and alert analysis).
- Advertising platforms: Meta, Google, TikTok, AppLovin (conversion data sent back via server-side APIs when enabled by the merchant).
- Communication: Slack (alert delivery), SMTP providers (password reset and reminder emails).
Sentinel does not sell merchant or customer personal information to any third party.
Retention and deletion
We retain data for as long as your account is active and as needed to provide the service, meet contractual obligations, and maintain auditability of attribution records. Specifically:
- Ad performance snapshots and attribution records are retained for the lifetime of your account.
- OAuth tokens are deleted when you disconnect a platform.
- Hashed PII sent to advertising platforms via CAPI is subject to each platform's own retention policies.
Merchants may request deletion or export of their data by contacting us at the address below. Upon account deletion, all associated data (orders, attribution records, credentials, and customer identifiers) will be permanently removed within 30 days.
Privacy-related requests received from Shopify compliance webhooks (customers/redact, shop/redact, customers/data_request) are processed in accordance with Shopify's requirements.
Your rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you.
- Correction: Request correction of inaccurate personal data.
- Deletion: Request deletion of your personal data, subject to legal retention obligations.
- Portability: Request an export of your data in a structured, machine-readable format.
- Opt-out of sale: Sentinel does not sell personal information. No opt-out action is required.
To exercise any of these rights, contact us at the address below. We will respond within 30 days (or sooner if required by applicable law).
Security
Sentinel uses access controls, encrypted credential storage (Fernet symmetric encryption), webhook signature verification, PII scrubbing in logs, and operational logging to protect stored data and connected platform credentials. OAuth tokens are never logged or exposed in plaintext. All server-side PII transmissions use SHA-256 hashing. Passwords are hashed with bcrypt and are never stored or transmitted in plaintext.
Contact
For privacy questions, data deletion requests, or concerns about how your data is handled, contact us at: