Privacy Policy

Last updated: February 16, 2026

1. Introduction

Sentfy ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, mobile application, and related services (collectively, "the Service").

By accessing or using the Service, you consent to the practices described in this Privacy Policy. If you do not agree with this policy, please do not access or use the Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address (provided directly or through Apple Sign In or Google Sign In)
  • Display name (if provided)
  • Authentication identifiers from third-party sign-in providers
  • Profile information associated with your third-party account (e.g., name, profile photo URL)

2.2 Subscription and Payment Information

  • Subscription plan, status, and billing period
  • Credit pack purchase history
  • Transaction identifiers from our payment processors

Important: We do not directly collect, store, or have access to your full credit card numbers, bank account details, or other sensitive payment information. All payment processing is handled securely by our third-party payment processors (Stripe and Apple).

2.3 Usage Data

  • Features and pages you access within the Service
  • Interactions with the Service (e.g., searches, alerts configured, live sessions attended)
  • Frequency and duration of your activities
  • Credit usage history

2.4 Device and Technical Information

  • Device type, operating system, and version
  • Browser type and version
  • IP address
  • Unique device identifiers
  • General geographic location (derived from IP address, not precise GPS location)
  • Referring URLs and pages visited

2.5 Cookies and Tracking Technologies

We use cookies and similar tracking technologies to operate the Service and collect usage data. These include:

  • Essential Cookies: Required for the Service to function (e.g., authentication, session management). These cannot be disabled.
  • Analytics Cookies: Help us understand how users interact with the Service so we can improve it.
  • Preference Cookies: Remember your settings and preferences (e.g., dark mode, notification preferences).

You can manage cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of the Service.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Provide the Service: To operate, maintain, and deliver the features and functionality of the Service
  • Account Management: To create and manage your account, process subscriptions and credit purchases
  • Communication: To send you important service-related notifications, such as account verification, billing confirmations, security alerts, and changes to our terms or policies
  • Improvement: To analyze usage patterns and improve the Service, develop new features, and fix bugs
  • Security: To detect, prevent, and address fraud, abuse, security issues, and technical problems
  • Legal Compliance: To comply with applicable laws, regulations, legal processes, or governmental requests
  • Enforce Terms: To enforce our Terms of Service and protect our rights and the rights of our users

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data on the following legal bases:

  • Contract Performance: Processing necessary to provide the Service you requested (account creation, subscription management, credit processing)
  • Legitimate Interests: Processing necessary for our legitimate business interests, such as improving the Service, ensuring security, and preventing fraud, where these interests are not overridden by your data protection rights
  • Consent: Where you have given explicit consent for specific processing activities (e.g., marketing communications)
  • Legal Obligation: Processing necessary to comply with applicable legal requirements

5. Data Sharing and Disclosure

We do not sell your personal information. We may share your information only in the following circumstances:

  • Service Providers: With trusted third-party service providers who assist us in operating the Service, subject to contractual obligations to protect your data (see Section 6)
  • Legal Requirements: When required by law, regulation, subpoena, court order, or other legal process
  • Safety and Rights: When we believe disclosure is necessary to protect the safety, rights, or property of Sentfy, our users, or the public
  • Business Transfers: In connection with a merger, acquisition, reorganization, sale of assets, or bankruptcy, in which case your information may be transferred as a business asset. We will notify you of any such change
  • Aggregated Data: We may share aggregated or de-identified data that cannot reasonably be used to identify you, for research, analytics, or business purposes

6. Third-Party Services

We use the following third-party services to operate the Service. Each provider has its own privacy policy governing their use of your data:

  • Apple Sign In — Authentication provider
  • Google Sign In — Authentication provider
  • Stripe — Payment processing for web subscriptions and credit pack purchases
  • Supabase — Database hosting and backend infrastructure
  • Resend — Transactional email delivery

7. Data Storage, Security, and International Transfers

Your data is stored securely using industry-standard encryption at rest and in transit. We use Supabase for primary data storage, which provides enterprise-grade security, encryption, and compliance certifications.

Our servers and third-party service providers may be located in the United States or other countries. If you are accessing the Service from outside the United States, your information may be transferred to, stored, and processed in the United States or other jurisdictions where our service providers operate. By using the Service, you consent to the transfer of your information to these locations.

For users in the EEA, UK, or Switzerland, we rely on appropriate safeguards for international data transfers, including Standard Contractual Clauses (SCCs) approved by the European Commission, where applicable.

While we implement commercially reasonable security measures to protect your data, no method of transmission over the internet or method of electronic storage is 100% secure. We cannot guarantee absolute security.

8. Data Retention

We retain your personal data for as long as your account is active or as needed to provide you with the Service. Upon account deletion:

  • Your personal data will be deleted or anonymized within thirty (30) days
  • Certain data may be retained longer where required by law, regulation, or legitimate business purposes (e.g., financial transaction records, fraud prevention)
  • Aggregated or anonymized data that cannot identify you may be retained indefinitely for analytical purposes
  • Backup copies may persist for a reasonable period before being purged from our systems

9. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete personal data
  • Deletion: Request deletion of your personal data (subject to legal retention requirements)
  • Portability: Request your data in a structured, commonly used, machine-readable format
  • Restriction: Request restriction of processing of your personal data
  • Objection: Object to processing of your personal data based on legitimate interests
  • Withdraw Consent: Where processing is based on consent, withdraw your consent at any time
  • Opt-Out of Marketing: Unsubscribe from marketing communications at any time

To exercise any of these rights, please contact us at privacy@sentfy.ai. We will respond to your request within thirty (30) days. We may ask you to verify your identity before processing your request.

10. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

  • Right to Know: You may request details about the categories and specific pieces of personal information we have collected about you, the sources, the business purposes, and the categories of third parties with whom we share it
  • Right to Delete: You may request deletion of your personal information, subject to certain exceptions
  • Right to Correct: You may request correction of inaccurate personal information
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights
  • Right to Opt-Out of Sale/Sharing: We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising purposes

To exercise these rights, contact us at privacy@sentfy.ai. You may also designate an authorized agent to make a request on your behalf.

11. Do Not Track Signals

Some browsers include a "Do Not Track" (DNT) feature that signals to websites that you do not want to be tracked. There is currently no universally accepted standard for how to respond to DNT signals. At this time, the Service does not respond to DNT signals.

12. Children's Privacy

The Service is not directed to, and we do not knowingly collect personal information from, children under 13 years of age (or under 16 in the EEA). If we become aware that we have collected personal information from a child under the applicable age without parental consent, we will take steps to delete that information promptly. If you believe we have collected information from a child, please contact us immediately at privacy@sentfy.ai.

13. Data Breach Notification

In the event of a data breach that compromises the security of your personal information, we will notify affected users and relevant regulatory authorities as required by applicable law. We will provide notification without undue delay and, where feasible, within 72 hours of becoming aware of the breach (as required under GDPR for EEA users). Notification will include the nature of the breach, the data affected, steps we are taking to address it, and recommendations for how you can protect yourself.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page, updating the "Last updated" date, and/or sending you an email notification. We encourage you to review this policy periodically. Your continued use of the Service after any changes constitutes your acceptance of the updated policy.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

If you are in the EEA and believe that we have not adequately resolved your data protection concerns, you have the right to lodge a complaint with your local data protection supervisory authority.

← Back to Home