Privacy Policy

We collect the following categories of information when you use the Sentinel platform:

• Account information — Your name, email address, company name, and role, provided when your account is created by your organisation's administrator.
• Screening data — Names, dates of birth, ID numbers, nationalities, and wallet addresses that you submit for AML screening purposes. This data is processed to generate sanctions, PEP, and adverse media results.
• Document images — If you use the document scanning feature, images of identity documents are temporarily processed to extract text fields. Images are not stored on our servers after processing is complete.
• Case records — Screening results, case notes, MLRO review decisions, and audit logs associated with your account, retained for compliance purposes.
• Device information — Device type and operating system version, collected for compatibility, security, and session management purposes.
• Usage logs — Timestamps of screening activity and login events, retained as part of the compliance audit trail.

The Sentinel mobile application requests access to your device camera for two specific purposes:

Camera access is only activated when you explicitly tap the relevant scan button within the application. The app does not access your camera in the background at any time.

• To provide AML sanctions screening services against global watchlists including OFAC, UN, EU, UK, and UAE sanctions lists
• To generate adverse media and PEP (Politically Exposed Person) screening results
• To maintain case management records and audit trails for your organisation's regulatory compliance obligations
• To authenticate users and maintain account and session security
• To enforce your organisation's screening quotas and access permissions
• To generate PDF compliance reports for MLRO review and regulatory inspection
• To operate the ongoing monitoring service and notify your team of changes in subject status
• To improve the accuracy, performance, and reliability of our screening services

We do not use your data for advertising, profiling unrelated to compliance, or any purpose beyond the operation of the Sentinel AML platform.

We do not sell your personal data under any circumstances. We share data only in the following limited circumstances:

• AI document processing (Anthropic) — Document images and extracted text are sent to Anthropic's API for structured field extraction. Anthropic's data processing terms apply. Data is not retained by Anthropic beyond the scope of the API request.
• Sanctions databases — Screening queries are matched against third-party sanctions, PEP, and adverse media databases as part of the core service functionality.
• Your organisation — Screening results, case data, and audit logs are accessible to all authorised users within your organisation's Sentinel account as configured by your administrator.
• Legal obligations — We may disclose information where required by applicable UAE law or regulation, including to the UAE Financial Intelligence Unit (UAEFIU) or other competent authorities where legally required.
• Service providers — Infrastructure and hosting providers operating under appropriate data processing agreements and security standards.

Your data is stored on secure servers hosted in the UAE. We implement the following security controls:

• All data is transmitted over HTTPS using TLS 1.2 or higher
• Authentication tokens are stored in encrypted secure storage on your device (iOS Keychain / Android Keystore)
• Access is controlled by role-based permissions — analysts cannot access administrative functions
• Session isolation is enforced — only one active session is permitted per user account at any time
• Audit logs are maintained for all screening, case management, and administrative activity
• Sessions are automatically terminated after periods of inactivity
• Document images are processed transiently and are not written to persistent storage

Screening records and case data are retained for a minimum of 5 years in accordance with UAE AML/CFT regulations (Federal Decree-Law No. 10 of 2025 and its executive regulations). This retention period may be extended where required by applicable law or ongoing regulatory proceedings.

Account data is retained for the duration of your organisation's active subscription and for 2 years thereafter, unless a deletion request is submitted and legally permitted.

Document images captured during scanning are not retained — they are processed transiently and discarded immediately after field extraction is complete.

Subject to applicable UAE law, you have the following rights in relation to your personal data:

• Access — Request a copy of the personal data we hold about you
• Correction — Request correction of inaccurate or incomplete personal data
• Deletion — Request deletion of your account and associated personal data (subject to statutory retention requirements)
• Objection — Object to certain processing of your personal data
• Portability — Request a structured copy of your personal data in a machine-readable format

To exercise any of these rights, use the Request Account Deletion option in the Sentinel mobile app's Settings screen, or contact us directly using the details in Section 10 below.

We will respond to requests within 30 days. Note that certain data required for regulatory compliance cannot be deleted on request — we will explain clearly where this applies.

The Sentinel AML platform is a professional compliance tool intended exclusively for use by authorised employees and representatives of regulated businesses. It is not directed at, and should not be used by, individuals under the age of 18.

We do not knowingly collect personal data from minors. If you believe a minor has provided data through our platform, please contact us immediately using the details in Section 10.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. We will notify account administrators of material changes via email and through an in-app notification.

The date at the top of this page indicates when the policy was last revised. Continued use of the Sentinel platform after changes are posted constitutes acceptance of the updated policy.

We encourage you to review this policy periodically to stay informed about how we protect your information.