Privacy

Privacy policy.

Last updated: May 2026 · Effective from: v1 launch

Short version: we don't ask for accounts, we don't sell your data, we cache the address you searched so we don't have to look it up again, and we count page views in aggregate so we know what's popular.

What we collect

If you only use the website (anonymous)

• The address you search for. Stored hashed (we don't know which person searched it; we only know an address was searched).
• Aggregate page view counters. "Address X has been looked up N times" — no link to who did the looking up.
• Standard web server logs. IP, user-agent, requested URL, timestamp. Retained 30 days for security troubleshooting then deleted.
• Cookies set by Cloudflare (our CDN) for DDoS protection and bot detection.

If you opt in to email notifications

• Your email address. Used only to send the notifications you signed up for. You can unsubscribe at any time via the link in every email.
• The address you want notifications about. Stored linked to your email.
• Notification preferences (which hazard types).

That's it. No name, no demographics, no profile.

If you create an account (when this feature launches)

• Email, optional display name
• Your saved events, AOIs, uploaded layers
• Subscription/billing details (handled by Stripe; we never see your card number)

Cookies and tracking

SENTINEL itself uses one cookie set: a session token for logged-in users. We don't use third-party analytics that track you across sites (no Google Analytics, no Facebook Pixel).

Advertising is served by a network partner. That network may set cookies. We require the partner to use the EU/UK/AU consent management standards. You'll see a consent banner before any tracking cookies are set.

What we don't do

• We don't sell your data
• We don't share your data with third parties (except as required by law or by you using the service — geocoding goes through Nominatim, but only the address text, not who searched it)
• We don't store data outside Australia
• We don't use your data to train any AI/ML model

Your rights under the Privacy Act 1988

If you've given us personal information (email, account data), you have the right to:

• See what we hold about you
• Correct it if it's wrong
• Have it deleted (we'll do this within 30 days of request)
• Complain to the Office of the Australian Information Commissioner if you think we're doing the wrong thing

To exercise any of these rights, email privacy@sentinel.example.

Breach notification

If we suffer a data breach that's likely to cause serious harm, we'll notify affected users within 72 hours, as required by the Australian Notifiable Data Breaches scheme.

Data residency

All SENTINEL data is stored on infrastructure located in Australia. We use AWS Sydney (ap-southeast-2) for the database and object storage. The CDN edge serves cached responses globally, but the source of truth never leaves Australia.

Changes to this policy

If we change anything material, we'll publish a notice on this page and (for users with accounts) send an email.

Contact

Questions: privacy@sentinel.example