Sentinel MDM
Book a demo
Privacy

Your data, your jurisdiction.

This policy explains what Sentinel collects, why, where it's stored, who can access it, and how to exercise your rights. Last updated 2026-06-21.

1 · Who we are

Sentinel MDM ("we", "us") is operated under remarketly.io. For data-protection questions, contact privacy@sentinelmdm.com. EU representative + UAE PDPL contact details available on request.

2 · What we collect

From tenant administrators (you, our customer):

  • Account profile: name, work email, role
  • Authentication: hashed password (bcrypt, never plaintext) or Google OAuth token
  • Audit log: every state-changing action you take, IP, user agent, timestamp
  • Billing: company name, plan, seat count — payment instruments held by Stripe, not us

From devices under management (your end users):

  • Hardware identifiers: serial, IMEI, manufacturer, model, OS version
  • Telemetry you've opted into per policy: battery, storage, network state, installed app list
  • Geofence in/out events — never raw GPS coordinates
  • Optional: app usage stats (off by default; per-policy opt-in)

3 · What we don't collect

  • No personal messages, emails, contacts, or call history
  • No camera, microphone, or screen recording — Sentinel cannot enable these remotely
  • No keystrokes, browsing history, or per-URL usage
  • No raw GPS coordinates (only in/out geofence events)
  • No payment-card data (Stripe handles it; we receive a tokenised reference)

4 · Where it's stored

Data residency is set per tenant at onboarding and contractually fixed:

  • EU (Frankfurt) — default for Growth and above
  • UAE (Dubai) — for tenants subject to UAE PDPL
  • Saudi Arabia (Riyadh) — Scale+ tenants
  • US-East / APAC (Singapore) — Scale+ on request

Cross-region replication is opt-in. Backups encrypted with a key that never leaves your region. Sub-processors: Neon (Postgres), Vercel (Next.js runtime), Cloudflare (DDoS), and — only when you enable Co-Pilot — Anthropic / OpenAI (queries redacted before transmission).

5 · How long we keep it

  • Active tenant data: while your subscription is active + 30 days grace
  • Audit log: 12 months hot, 7 years cold (regulatory retention)
  • Telemetry: 90 days rolling unless your policy specifies longer
  • Deleted tenants: hard-deleted from primary storage within 30 days; backups expire within 90 days

6 · Your rights

Under GDPR, UAE PDPL, Saudi PDPL, and HIPAA (where applicable) you can:

  • Access — request a copy of all data we hold about you
  • Rectification — correct anything wrong
  • Erasure — delete your account and all associated data
  • Portability — export in machine-readable JSON
  • Object to processing — opt out of optional telemetry
  • Lodge a complaint with your data-protection authority

Submit any of these to privacy@sentinelmdm.com — we respond within 30 days (GDPR), 45 days (UAE PDPL).

7 · Cookies

We use strictly-necessary cookies only:
  • __Secure-sentinel.session-token — your sign-in session
  • __Secure-sentinel.csrf-token — CSRF protection

No tracking pixels, no third-party analytics on app-mdm or private-mdm. On the marketing site we use first-party analytics only.

8 · Changes

We update this page whenever the policy changes materially. The 'Last updated' date at the top reflects the most recent change. Significant updates are emailed to all active tenant admins 30 days before they take effect.

Questions?

Email privacy@sentinelmdm.com or talk to us live.

Book a call