Sentinel

Privacy Policy

Last updated: March 11, 2026

What Sentinel does

Sentinel is an attribution, reporting, and ad performance monitoring platform for merchants and agencies. It connects to advertising platforms, commerce platforms, and payment processors to import campaign data, order data, and tracking events — then delivers alerts, dashboards, and AI-powered recommendations.

Data we collect

Account & onboarding information

Advertising platform data

Commerce & revenue data

Payment webhook data

Attribution & tracking data

Customer identifiers

Credentials & tokens

How we use data

Server-side conversions (CAPI)

When you enable server-side conversion tracking, Sentinel sends purchase and conversion events to advertising platforms through their server-side APIs:

All personally identifiable information (email addresses, phone numbers) is SHA-256 hashed before transmission to advertising platforms. IP addresses and user agents are sent unhashed as required by platform specifications. This data is sent solely to report conversions back to the platforms where the merchant's ads run, enabling the platforms to optimize ad delivery.

Custom Audiences

When you use the Custom Audiences feature, Sentinel uploads hashed customer email lists to Meta (or other supported platforms) to create audience segments for ad targeting. Email addresses are SHA-256 hashed before upload. You are responsible for ensuring you have the necessary consent or legal basis to use customer data for advertising purposes. You may delete Custom Audiences at any time through Sentinel or directly on the advertising platform.

Meta platform data

Sentinel uses the Meta Marketing API to read advertising performance data and send conversion events on behalf of connected ad accounts. Sentinel does not use Meta data to build independent consumer profiles or serve its own advertising. Meta data accessed through the API is used only to provide the reporting, alerting, attribution, and conversion tracking features described in this policy, and is not shared with third parties except as required to operate the service (e.g., AI inference for recommendations).

By connecting your Meta ad account, you authorize Sentinel to access your advertising data and send conversion events under the permissions you grant during the OAuth connection flow. You may disconnect your Meta account at any time from the Sentinel Integrations page, which will stop all future API access.

Cookies and tracking

Sentinel sets the following first-party cookies on merchant storefronts where the tracking script is installed:

Additionally, device and browser signals (IP address, user agent, screen resolution) may be collected by the tracking script to support identity resolution across devices and sessions.

Merchants are responsible for implementing any cookie consent banners, privacy notices, or opt-out mechanisms required by applicable law (e.g., GDPR, ePrivacy Directive, CCPA) on their storefronts.

AI processing

Sentinel uses Anthropic's Claude AI to generate campaign recommendations, alert summaries, and optimization suggestions. Data sent to the AI may include aggregated campaign metrics, order counts, revenue figures, and performance trends. Personally identifiable customer information (names, emails, phone numbers) is not sent to the AI provider. Anthropic processes this data under its commercial terms and does not use it to train AI models.

Third-party integrations

Sharing and subprocessors

Sentinel processes data through the following categories of service providers:

Sentinel does not sell merchant or customer personal information to any third party.

Retention and deletion

We retain data for as long as your account is active and as needed to provide the service, meet contractual obligations, and maintain auditability of attribution records. Specifically:

Merchants may request deletion or export of their data by contacting us at the address below. Upon account deletion, all associated data (orders, attribution records, credentials, and customer identifiers) will be permanently removed within 30 days.

Privacy-related requests received from Shopify compliance webhooks (customers/redact, shop/redact, customers/data_request) are processed in accordance with Shopify's requirements.

Your rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

To exercise any of these rights, contact us at the address below. We will respond within 30 days (or sooner if required by applicable law).

Security

Sentinel uses access controls, encrypted credential storage (Fernet symmetric encryption), webhook signature verification, PII scrubbing in logs, and operational logging to protect stored data and connected platform credentials. OAuth tokens are never logged or exposed in plaintext. All server-side PII transmissions use SHA-256 hashing. Passwords are hashed with bcrypt and are never stored or transmitted in plaintext.

Contact

For privacy questions, data deletion requests, or concerns about how your data is handled, contact us at:

collabs@roirockstars.com