Privacy Policy

SentryDoc (“SentryDoc,” “we,” “us,” or “our”) provides an automated document-verification platform. This Privacy Policy explains what information we collect through our website and platform, how we use it, who we share it with, and the choices you have. It applies to visitors to our website and to users of the SentryDoc service.

For customers who have entered into a Business Associate Agreement (“BAA”) with us, the BAA governs the handling of Protected Health Information (“PHI”) and controls in the event of any conflict with this Policy.

1. Information we collect

We collect the following categories of information:

• Account information. Name, email address, organization, role, and authentication credentials provided when an account is created on your behalf or by you.
• Documents and extracted data. Files you or your end users upload for verification (for example, certifications, licenses, or identity documents) and the structured data that our verification pipeline extracts from them.
• Usage and log data. IP address, browser and device information, pages visited, actions taken, and timestamps. We use this to operate, secure, and improve the service.
• Cookies and similar technologies. Strictly-necessary cookies for session authentication, plus limited analytics to understand how the platform is used.

2. How we use information

• To provide, maintain, and improve the verification service.
• To communicate with you about your account, support requests, service notices, and security alerts.
• To detect, investigate, and prevent abuse, fraud, and security incidents.
• To comply with legal obligations and enforce our agreements.

We do not use customer documents or extracted data to train general-purpose AI models.

3. How we store and protect information

SentryDoc is hosted on Amazon Web Services in the United States (us-east-2). Documents are uploaded directly from the browser to encrypted object storage and are encrypted at rest using customer-managed KMS keys. All traffic to and from the platform is encrypted in transit using TLS. Access to production systems is restricted, logged, and reviewed.

No security program is perfect, and we cannot guarantee that unauthorized third parties will never defeat our safeguards. Customers are responsible for configuring access to their own accounts (including credential strength and offboarding).

4. Sharing of information

We do not sell personal information. We share information only with the service providers we use to operate the platform — including cloud infrastructure, AI-based document processing, transactional email and SMS delivery, and application error monitoring — and as required by law. Customer data submitted to our AI processing provider is not used to train its models.

We may also share information when required to comply with applicable law, legal process, or a lawful government request, or to protect the rights, property, or safety of SentryDoc, our customers, or others.

5. Retention

We retain documents, extracted data, and account information for as long as the customer account is active or as configured by the customer. On termination, customer data is deleted after a reasonable wind-down period unless we are required to retain it by law. Individuals can request deletion of their personal information by contacting us at the address below; deletion requests submitted on behalf of a SentryDoc customer’s end users are routed to that customer.

6. Your rights

Depending on where you live, you may have rights to access, correct, delete, or port your personal information, and to object to or restrict certain processing. To exercise these rights, email legal@sentrydoc.com. We will respond within the timeframes required by applicable law. We will not discriminate against you for exercising your rights.

7. HIPAA

Where a customer has entered into a BAA with SentryDoc, the BAA governs SentryDoc’s use and disclosure of PHI, and its terms control over any conflicting provision of this Privacy Policy. This Policy does not, on its own, constitute a notice of privacy practices under HIPAA.

8. Children’s privacy

SentryDoc is not directed to children under the age of 13, and we do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us and we will take appropriate steps to delete it.

9. International users

SentryDoc is operated from, and stores data in, the United States. If you access the service from outside the United States, you understand that your information will be transferred to, stored, and processed in the United States.

10. Changes to this Policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date above. If changes are material we will provide additional notice (for example, by email or an in-app banner).

11. Contact us

Questions or requests about this Privacy Policy can be sent to legal@sentrydoc.com.