Privacy Policy
Last Updated: April 13, 2026
Our Core Commitment: SentraCheck minimizes data retention for document content. We do not store the text or content of your documents — only issue metadata (type, severity, location). Uploaded document files are automatically deleted after 24 hours by default. We never use your documents to train AI models.
1. Introduction
SentraCheck ("we," "our," or "us") provides AI-powered document compliance services including PII detection, ADA/WCAG accessibility analysis, and Instant PDF-to-HTML conversion. This Privacy Policy explains how we collect, use, and protect information when you use our services.
By using SentraCheck, you agree to the collection and use of information in accordance with this policy.
2. What We Minimize or Do Not Store
We deliberately minimize data collection and document retention:
- Document Text Content: We do not store the raw text or content of your documents. Text is extracted in memory for analysis only and is never written to persistent storage.
- Uploaded Document Files: Files are stored temporarily on our infrastructure (24-hour default auto-delete, configurable per organization) and then securely deleted. We do not create permanent archives of uploaded files.
- PII Values Found in Documents: The actual sensitive values identified (e.g., a specific Social Security number) are never stored. Only the issue type, severity, and page location are recorded in your scan findings.
3. Information We DO Collect
3.1 Account Information
When you create an account, we collect:
- Name and job title
- Email address
- Organization name
- Organization type
3.2 Usage Data
We collect anonymized, aggregate usage statistics:
- Number of documents scanned (not the documents themselves)
- Types of issues detected (aggregate counts only)
- Feature usage patterns
- Service performance metrics
3.3 Technical Data
We automatically collect:
- IP address
- Browser type and version
- Device information
- Access times and dates
4. How We Use Your Information
We use the information we collect to:
- Provide and maintain our document scanning services
- Process subscription applications and onboarding
- Send important service notifications
- Provide customer support (including 24-hour email response)
- Improve our services and develop new features
- Comply with legal obligations
5. Publicity
We will not use your organization's name, logo, or participation for marketing purposes without your explicit written consent.
What we will NOT do without your consent:
- List your organization as a subscriber
- Display your organization's name or logo in marketing materials
- Reference your participation in case studies or promotional content
- Share specific documents, scan results, or confidential information
- Imply official endorsement without explicit written approval
If you wish to be featured or provide a testimonial, please contact marketing@sentracheck.com. You may revoke consent at any time by emailing privacy@sentracheck.com.
6. Data Security
We implement industry-standard security measures:
- Encryption in Transit: All data transmitted to and from our services uses TLS 1.3 encryption.
- Encryption at Rest: Account data is encrypted using AES-256 encryption.
- Secure Processing: Document analysis occurs through an isolated job queue with role-based access controls. Document content is never written to persistent logs.
- Access Controls: Strict role-based access controls limit employee access to customer data.
- Regular Audits: We conduct regular security assessments and penetration testing.
7. Data Retention
Uploaded Document Files: Auto-deleted after 24 hours by default. Organizations on Agency or Enterprise plans may configure a custom retention period between 1 day and 10 years.
Scan Findings: Issue metadata (type, severity, page location — never document content or PII values) is stored encrypted for the duration of your account so you can review scan history. You may delete individual scans at any time.
Converted HTML Output: PDF conversion results are stored and accessible via viewer URL until deleted by you or your organization.
Account Data: Retained for the duration of your subscription plus 30 days after account closure.
Authentication & API Logs: Retained for 90 days. Admin action logs retained for 2 years.
8. Data Sharing and Subprocessors
We do not sell, trade, or rent your personal information. We may share data only in these circumstances:
- AI Analysis (Anthropic): Extracted document text (not original files, file names, or account information) is sent to Anthropic's Claude API for PII detection and PDF conversion analysis. Anthropic processes this data under their enterprise data handling terms and does not use it to train AI models. See Anthropic's Privacy Policy.
- Payment Processing (Stripe): Billing information is handled by Stripe under PCI DSS Level 1 standards. We never receive or store your card numbers.
- Hosting Infrastructure: Our servers and database run on infrastructure in the United States. Hosting providers operate under strict confidentiality agreements.
- Legal Requirements: When required by law, subpoena, or court order.
- Business Transfers: In connection with a merger, acquisition, or sale of assets, with notice to affected users.
9. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access: Request a copy of personal data we hold about you.
- Correction: Request correction of inaccurate personal data.
- Deletion: Request deletion of your account and associated data.
- Portability: Receive your data in a structured, machine-readable format.
- Objection: Object to certain processing of your data.
To exercise these rights, contact us at privacy@sentracheck.com.
10. California Privacy Rights (CCPA/CPRA)
California residents have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
- Right to know what personal information is collected
- Right to delete personal information
- Right to opt-out of the sale of personal information (we do not sell personal information)
- Right to non-discrimination for exercising privacy rights
- Right to correct inaccurate personal information
- Right to limit use of sensitive personal information
11. Subscribers
For organizations using our services:
- Our services are designed to help organizations comply with privacy and accessibility requirements.
- We can execute Data Processing Agreements (DPAs) as needed.
- We support compliance with NIST 800-122 and other applicable security frameworks.
- Subscribers receive comprehensive documentation and standard operating procedures.
12. Cookies and Tracking
We use essential cookies necessary for the service to function. We do not use third-party advertising or tracking cookies. You can configure your browser to refuse cookies, but this may affect service functionality.
13. Children's Privacy
Our services are not directed to individuals under 18. We do not knowingly collect information from children. If we become aware that we have collected data from a child, we will delete it promptly.
14. International Data Transfers
Our services are hosted in the United States. If you access our services from outside the U.S., your information may be transferred to and processed in the U.S., which may have different data protection laws than your jurisdiction.
15. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of material changes by posting the new policy on this page and updating the "Last Updated" date. Continued use after changes constitutes acceptance of the revised policy.
16. Contact Us
For privacy-related questions or to exercise your rights:
Email: privacy@sentracheck.com
Mail: SentraCheck, Attn: Privacy Officer