Trust is engineered, not promised. This page covers how we protect your data, how we comply with North American and international privacy law, and how you read the audit log when you need to know what happened.
Where your data lives
SENTINEL is hosted in Canada by default. Your dealership data is stored in Quebec, with encrypted backups in another Canadian region. We do not move data outside Canada without your explicit, written consent.
Encryption
- In transit — TLS 1.3 on every connection, including internal service-to-service traffic.
- At rest — AES-256 on all stored data, with per-tenant key isolation. Database backups are encrypted with separate keys, rotated quarterly.
Tenant isolation
Every record has a company_id. Every database query passes through Row Level Security policies that enforce tenant isolation at the database layer — not just in application code. A bug in a feature cannot expose another dealership's data.
Authentication
- Single sign-on via Google, Microsoft and Apple
- TOTP and WebAuthn (security key) two-factor for all accounts
- Session bindings rotate hourly; suspicious geo-jumps invalidate sessions
The audit log
Open Insights → Audit to see every AI action your platform took:
- The agent that acted (e.g.
dispatch_brain,oracle_scoring) - The decision and its inputs
- The cryptographic signature
- The human who approved it (if applicable)
Audit entries are append-only. They cannot be edited or deleted, even by an admin. We retain them for seven years to satisfy automotive industry requirements.
Compliance posture
- Loi 25 (Quebec) — Privacy Officer designated, impact assessments on file
- PIPEDA (Canada federal) — Aligned, data residency in-province
- GDPR (EU) — Aligned where European data is involved
- CCPA (California) — Aligned for California residents
The full Privacy Notice and the Loi 25 statement live on /privacy and /loi-25.
Reporting a vulnerability
If you find a security issue, please email security@sentinel-os.ca — encrypted with our public key (linked from the email). We acknowledge within one business day, and we don't sue researchers who act in good faith.