Sign In
Sign Up

Privacy Policy

Effective date: 01/02/2026 

Last updated: 01/02/2026 

This Privacy and Cookie Policy explain how Elbah Group Limited (company number 15108393), trading as Sentinel (“Sentinel”, “we”, “us”), collects, uses, shares, and protects personal data when you use: 

  • our marketing website (the “Website”); and 
  • our web application (the “App”) 

Together, the Website and App are the “Services”. 

This Policy also explains how we use cookies and similar technologies and how you can control them. 

1. Who we are 

Controller: Elbah Group Limited (company number 15108393) trading as Sentinel 

Email: [email protected] 

Address: 86-90 Paul Street, London, England, United Kingdom, EC2A 4NE 

2. What this Policy covers 

This Policy covers personal data we process when you: 

  • visit or interact with the Website, 
  • create an account or use the App, 
  • receive alerts or notifications (where you or an account owner has added you as a contact), and 
  • contact us for support or sales. 

It does not cover third-party websites, products, or services you access via links or integrations (those have their own policies). 

3. Personal data we collect 

A. Data you provide 

Account and profile (App): 

  • Name, email address 
  • Login credentials (stored as hashed passwords) 
  • Roles/permissions and team membership 

Billing and subscription: 

  • Billing name, billing email, company name (if provided) 
  • Invoices, plan, payment status, transaction identifiers 

Monitoring configuration (App): 

  • Monitor configuration (e.g., endpoints/domains you choose to monitor, schedules, alert rules) 
  • Notification settings and alert history/events 

Notification contacts (App): 

  • Email addresses and/or phone numbers you add for alerts 
  • Messaging identifiers you configure (e.g., webhook metadata) 

Support and communications (Website/App): 

  • Messages you send to us (support requests, forms, emails) and related metadata 

B. Data we collect automatically 

Technical and usage data (Website/App): 

  • IP address, device/browser information 
  • Access logs, security logs, timestamps, diagnostic and error logs 
  • Interactions with pages/features (where analytics are enabled and you consent) 

C. Cookies and similar technologies 

We use cookies and similar technologies on the Website and App as described in Section 11 (Cookies). 

4. How we use personal data and our legal bases 

We use personal data for the purposes below under the UK GDPR legal bases shown in brackets: 

  • Provide and operate the Services (Contract): create and manage accounts; provide monitoring/alerting; administer subscriptions and settings. 
  • Support and service communications (Contract / Legitimate interests): respond to enquiries; provide troubleshooting and important service messages. 
  • Security, abuse prevention, and fraud detection (Legitimate interests / Legal obligation): protect accounts and infrastructure; investigate suspicious activity and prevent misuse. 
  • Improve and develop the Services (Legitimate interests; for analytics cookies: Consent): analyse performance and reliability; improve user experience and documentation; analytics tools run only if you opt in via the cookie banner. 
  • Legal compliance (Legal obligation): tax, accounting, legal requests, and compliance obligations. 
  • Marketing (Consent or Legitimate interests depending on context): send marketing emails where permitted; you can opt out at any time via unsubscribe links or by contacting us. 

5. How we share personal data 

We may share personal data with: 

  • Service providers (processors/sub-processors) that help us operate and support the Services (e.g., hosting, email delivery, SMS/voice delivery, support tooling, analytics where enabled). 
  • Payment processors to process subscriptions and payments. 
  • Authorities, regulators, or other parties where required by law or necessary to protect rights, safety, and security. 
  • A buyer or successor in connection with a merger, acquisition, financing, reorganization, or sale of assets, subject to appropriate safeguards. 

6. Sub-processors we use 

Below is a list of sub-processors used to provide the Services (as of the Last updated date). We may update this list from time to time. 

Sub-processor 

Purpose 

Data involved 

Notes 

Amazon Web Services (AWS) 

Hosting/infrastructure for the Services 

Account data; service data; logs 

May involve processing outside the UK depending on configuration 

SendGrid 

Email delivery (notifications, account emails, and occasional deal offers where permitted) 

Email addresses; email content; delivery metadata 

Marketing emails only where permitted/opt-in where required 

ClickSend 

SMS/voice notifications (where enabled) 

Phone numbers; message content; delivery metadata 

 

Stripe 

Payment processing 

Billing details; transaction identifiers; payment status 

We do not store full card details 

PayPal 

Payment processing (where offered) 

Billing details; transaction identifiers; payment status 

We do not store full card details 

Google Tag Manager 

Tag management 

Cookie preferences and tag firing logic; limited device/browser data 

Tags only fire according to your cookie choices 

Google Analytics (GA4) 

Analytics (strictly opt-in) 

Cookie identifiers; usage data; device/browser data; IP-derived location 

Not using Google Signals/Ads features currently; may add later with updated consent 

Microsoft Clarity 

Analytics/session insights (strictly opt-in) 

Cookie identifiers; usage data; device/browser data 

Session insights only when you opt in 

7. International transfers 

If personal data is transferred outside the UK, we use appropriate safeguards (such as the UK IDTA or Addendum) and carry out transfer risk assessments where required. 

8. Data retention 

We retain personal data only as long as needed for the purposes in this Policy: 

  • Account data: while your account is active, plus 12 months after closure. 
  • Billing records: 6 years. 
  • Logs: at least 6 months. 
  • Backups: rotated/overwritten every 7 days. 

Deletion requests are handled subject to legal requirements and legitimate security/anti-fraud needs. 

9. Your rights 

Depending on your circumstances, you may have rights to: 

  • access your personal data 
  • correct inaccurate data 
  • request deletion 
  • restrict or object to processing 
  • data portability (where applicable), and 
  • withdraw consent (where consent is the basis). 

To exercise your rights, email [email protected]. We may need to verify your identity. 

10. Security 

We use appropriate technical and organizational measures to protect personal data, including access controls and security monitoring. You are responsible for keeping login details confidential and using secure authentication practices. 

11. Children 

The Services are not intended for children under 16. We do not knowingly collect personal data from children under 16. If we learn we have collected such data, we will delete it. 

12. Cookies and similar technologies 

12.1 What are cookies? 

Cookies are small text files placed on your device. Similar technologies (e.g., local storage and tags) may also be used. 

12.2 Cookie consent and categories 

We use a cookie consent banner. Analytics/experience cookies are strictly opt-in. If you do not consent, we do not set those cookies. 

We use: 

  • Strictly necessary cookies (no consent required): required for core functionality such as authentication/session management, security, load balancing, and remembering cookie preferences. 
  • Analytics/experience cookies (consent required): used to understand how the Services are used and to improve them (e.g., GA4 and Clarity, and any tags deployed via Tag Manager that fall into this category). 

12.3 Analytics tools we use (when you opt in) 

Google Analytics (GA4) commonly uses cookies such as: 

  • _ga (typically 2 years) – distinguishes users 
  • _ga_<container-id> (typically 2 years) – maintains session state 

We do not currently use Google Signals or Ads Features. If we enable advertising-related features in the future, we will update this Policy and cookie banner settings before activating them. 

Microsoft Clarity cookies may include: 

  • _clck – stores a Clarity user ID and preferences 
  • _clsk – links multiple page views into a single session 

Additional Microsoft-associated cookies may appear depending on configuration and browser context. 

12.4 Managing cookies 

You can manage cookies by using our cookie banner/preferences tool and/or changing your browser settings to block or delete cookies. If you disable cookies entirely, parts of the Website or App may not function as intended (especially login/session features). 

13. Changes to this Policy 

We may update this Policy from time to time. We will post the updated version with a revised Last updated date. If changes are material, we may provide additional notice (e.g., in-app notice or email).