Privacy Policy

Senthorion is a multi-tenant cybersecurity SaaS platform that helps organizations monitor, assess, and improve their security posture.

For most customer account data, Senthorion acts as a data controller. For data submitted by customers for processing in the service, Senthorion generally acts as a processor on customer instructions.

Privacy contact: privacy@senthorion.com (fallback: info@senthorion.com).

Depending on your usage, we may process:

• Account and organization data (such as name, email, role, organization membership).
• Authentication, sign-in, and session data required to operate accounts securely.
• Security data you submit or generate while using the platform (such as assets, targets, findings, alerts, and compliance-related records).
• Support and communications data, including messages sent to our team.
• AI interaction data when you use AI-assisted features, including inputs you provide and outputs returned to you.

We process data to provide and secure the service, including to:

• Authenticate users and enforce organization-level access controls.
• Operate the features you use and produce the results you request.
• Provide dashboards, alerts, audit views, and compliance workflows.
• Prevent abuse, investigate incidents, and improve reliability.

Legal bases generally include contract performance, legitimate interests in platform security and operations, and consent where required (for example, for optional marketing communications).

We rely on a limited set of third-party service providers to operate the platform (for example cloud hosting, email delivery, and AI providers). A current subprocessor list can be requested from privacy@senthorion.com.

Senthorion operates the platform from reputable cloud regions. Where data is transferred internationally, we apply appropriate contractual and technical safeguards consistent with applicable law.

We retain personal and operational data only for as long as needed to provide the service, meet legal and contractual obligations, and support legitimate business purposes such as security and fraud prevention. Different data categories have different retention periods, which we review periodically.

When AI-assisted features are used, we apply safeguards designed to reduce the exposure of sensitive information before requests are sent to AI providers, and we do not use customer data to train third-party models without authorization.

You can request access, correction, deletion, portability, or objection where applicable.

To submit a request, contact privacy@senthorion.com. We may need to verify identity and organization authority before fulfilling requests.

We apply technical and organizational measures designed to protect personal data. See our Security Policy for a high-level overview.

If a breach affecting personal data is confirmed, we will notify impacted customers and regulators as required by law.

We may update this policy to reflect product, legal, or operational changes. Material changes will be reflected through an updated date and, where appropriate, direct notice.