Sentinel Dev

Sentinel Development Group, Inc.

Privacy Policy

The plain-English version: we don't sell your data, we don't train models on it, and we don't use surveillance to fund the business. This page is the long-form contract.

Effective April 27, 2026

This Privacy Policy applies to all products operated by Sentinel Development Group, Inc. (“Sentinel Dev,” “we,” or “us”), including Nova (Browser, News, Share), Stateful, Soma (Life, Chat, Assistant), and Kora. Where a specific product handles data differently, the differences are called out below.

1. The short version

  • We collect only what each product needs to do its job.
  • We never sell your data. To anyone. Ever.
  • We never use your personal data to train AI models — ours, theirs, or anyone else's.
  • Our business model is paid subscriptions. You are the customer, not the inventory.
  • You can export your data and delete your account at any time.

2. Who we are

Sentinel Development Group, Inc. is a Delaware corporation. We operate the products listed above as independent properties under one corporate parent. Different properties have different data needs, and this policy explains each.

For privacy questions, write to privacy@sentineldev.com. For data access, deletion, or portability requests, write to legal@sentineldev.com.

3. What we collect, by product

Nova (Browser, News, Share)

Nova is engineered to be private by construction. We collect the bare minimum required to operate the service:

  • Account data: email address (for sign-in), and a hashed password if you create one.
  • Service logs: minimal request metadata for security and abuse prevention. Retained for 30 days, then deleted.
  • What we do not collect: browsing history, click trails, search queries, ad interactions, or behavioral profiles. Nova Browser blocks third-party trackers by default; we don't replace them with our own.

Stateful

Stateful is a memory layer that connects to the data sources you authorize. Because the product's purpose is to read across your work, the data scope is broader than Nova — but the controls are equally strict.

  • Connected sources: only what you explicitly connect (e.g., Gmail, Slack, GitHub, calendar, notes apps). Each connection is opt-in, scoped, and revocable. Disconnecting a source deletes the indexed content from that source within 24 hours.
  • Extracted memories: typed records (facts, preferences, constraints, rejections, corrections) derived from your connected sources. These belong to you and are encrypted with keys derived from your credentials.
  • Provenance metadata: for each extracted record we store its source (e.g., “Slack message in #engineering, Apr 2”) so you can trace any fact back to its origin.
  • Service logs: request metadata, retained for 30 days.

Soma (Life, Chat, Assistant)

Soma is a personal assistant for families. The assistant works because it knows your context — calendar events, task lists, family relationships. We treat that data accordingly:

  • Account and profile data: name, email, family structure you choose to declare.
  • Personal context: calendar events, tasks, notes, and chat messages you create within Soma. Encrypted at rest. Multi-tenant isolation enforced at every storage layer.
  • Connected sources: only what you explicitly connect. Same rules as Stateful.

Kora

Kora (work operating system) collects only what its workflows require: workspace data you create, integrations you authorize, and minimal account/billing data. A specific data-handling addendum is available on request to legal@sentineldev.com.

4. How we use your data

We use the data you provide for one purpose only: to operate the product you signed up for. Specifically:

  • To authenticate you and keep you signed in.
  • To run the features you use (sync, extraction, retrieval, assistant responses).
  • To prevent abuse and enforce our Terms.
  • To send transactional emails (sign-in, billing, security alerts) and product announcements you can opt out of.

We do not use your data to train AI models — ours or any third party's. We do not sell, rent, or trade your data. We do not use your data to target ads, because we don't serve ads.

5. AI providers and model calls

Stateful, Soma, and Kora use AI models from third parties (currently OpenAI, Anthropic, and Google) to generate replies and synthesize context. When we send your data to these providers:

  • We send only the slice of context relevant to your current request (e.g., the “brief” for a single prompt), not your entire model.
  • We use providers' zero-retention API endpoints where available, meaning the provider does not store the request after responding.
  • We have signed Data Processing Agreements with each provider explicitly prohibiting use of your data for training.
  • You can review which providers are active for your account in your settings, and disable any of them.

6. Encryption and security

  • In transit: all data is sent over TLS 1.2+.
  • At rest: encrypted at the database and storage layer. For Stateful, the user-specific memory model is encrypted with a key derived from your credentials — meaning we cannot read it server-side even if compelled.
  • Access controls: employee access to user data is role-gated, logged, and audited. Production access requires multi-factor authentication and is granted only for break-glass debugging with explicit justification.
  • Tenant isolation: all user-scoped data is filtered by user ID at every storage layer (Postgres RLS, ArangoDB userId predicates, Qdrant filtered queries). Cross-tenant data access is structurally impossible.

7. Your rights

Regardless of where you live, you have the following rights over your data:

  • Access: request a complete export of your data at any time. We provide it in a structured, machine-readable format (typically JSON) within 30 days.
  • Correction: edit or correct any data we hold about you, directly in the product or by request.
  • Deletion: delete your account at any time. We delete all your personal data within 30 days, retaining only what we're legally required to keep (typically billing records for 7 years).
  • Portability: your model is yours. Export it and walk away — no lock-in.
  • Disconnect: revoke access to any connected source at any time. Indexed content from that source is deleted within 24 hours.
  • Object / restrict: object to or restrict specific processing activities by writing to privacy@sentineldev.com.

Residents of the EU, UK, and Switzerland have additional rights under GDPR. Residents of California have rights under CCPA/CPRA. Residents of other US states may have rights under their respective state privacy laws. We honor all of them, regardless of where you live, because they're the right defaults.

8. Data retention

  • Account data: kept for the life of your account, deleted within 30 days of account closure.
  • Service logs: 30 days, then automatically deleted.
  • Extracted memories (Stateful, Soma): kept for the life of your account or until you delete them.
  • Billing records: 7 years, as required by US tax law.
  • Backups: rolling 30-day backups for disaster recovery. Deleted data is purged from backups within 30 days.

9. Sub-processors

We use a small set of vendors to operate the service. Each is bound by contract to handle your data with the same standards we hold ourselves to:

  • Cloud infrastructure: Amazon Web Services and Google Cloud Platform (US regions).
  • AI model providers: OpenAI, Anthropic, Google (zero-retention endpoints, no training use).
  • Email delivery: Postmark (transactional).
  • Payments: Stripe.
  • Error monitoring: Sentry (PII-scrubbed).

A current list with addresses is available at legal@sentineldev.com. We notify users of material changes to sub-processors at least 30 days before they take effect.

10. International transfers

We operate primarily out of the United States. If you access our products from outside the US, your data is transferred to the US. For users in the EU, UK, and Switzerland, we rely on Standard Contractual Clauses (SCCs) and additional safeguards as required.

11. Children

Our products are not directed at children under 13 (or under 16 in the EU). We do not knowingly collect data from children. If you believe we have, write to privacy@sentineldev.com and we will delete it.

12. Changes to this policy

We may update this policy from time to time. Material changes will be announced by email and on the product, at least 30 days before they take effect. The “Effective” date at the top of this page reflects the current version.

13. Contact

For privacy questions: privacy@sentineldev.com
For data access, correction, deletion, or portability: legal@sentineldev.com
For security disclosures: security@sentineldev.com

Postal address:
Sentinel Development Group, Inc.
Attn: Privacy
[Address on file with the Delaware Secretary of State]

Privacy Policy — Sentinel Dev