Privacy Policy
Last updated: 2026-06-18
This Privacy Policy explains what personal data Sentvale processes, why, and the rights you have. It applies to the Sentvale website and service.
Sentvale is operated by an independent sole proprietor (the "operator", "we", "us"), providing the Service remotely. For any privacy request, or to obtain our full identification details, contact admin@sentvale.com. For the purposes of the EU GDPR, the UK GDPR, and similar laws, the operator is the controller of the personal data described below. If we are required to designate an EU or UK representative, or a Data Protection Officer, their details will be published here.
Your country of residence determines which specific rights and lawful bases apply to you. Where local data-protection law gives you stronger rights, those rights apply.
1. Data we process
- Account data: your name, email, and authentication identifiers, handled through our authentication provider (Clerk).
- Exchange API credentials: the read-only API keys (and, where an exchange requires it, secret and passphrase) that you connect so the Service can observe your account. These are encrypted at rest using authenticated encryption and are decrypted only inside our monitoring worker at the moment of a read. We never store them in plaintext, never use them to place trades or move funds, and you can remove them at any time.
- Monitoring configuration and history: the exchange, bot type, pair, and range/band you declare, plus the alert state and alert history we generate for you. Stored in our database (Neon).
- Telegram data: if you choose to receive alerts on Telegram, the chat identifier needed to deliver messages to you, exchanged through the Telegram Bot API.
- Billing data: subscription and payment status, handled by our Merchant of Record (Polar.sh). We do not receive or store your full card details.
- Usage and device data: server logs, IP address, browser and device information, and, only if you consent, analytics about how you use the site.
- Communications: messages you send us and our replies.
2. Why we process it and the lawful basis
| Purpose | Lawful basis (GDPR / UK GDPR) |
|---|---|
| Provide the monitoring Service and deliver alerts | Performance of a contract |
| Operate billing and prevent abuse | Contract; legitimate interests; legal obligation |
| Secure, debug, and improve the Service | Legitimate interests |
| Measure site usage through analytics | Consent |
| Respond to your messages | Legitimate interests |
| Comply with legal, tax, and accounting duties | Legal obligation |
Where we rely on legitimate interests, we have balanced those interests against your rights. Where we rely on consent, you can withdraw it at any time.
3. Who we share it with
We share data only with the third-party providers that run the Service on our behalf, each processing data under our instructions and appropriate contractual terms:
- Clerk — authentication and account management.
- Neon — database (account, configuration, encrypted credentials, alert history).
- Fly.io — compute that runs our monitoring worker (Singapore region).
- Vercel — hosting for the application.
- Cloudflare — hosting and DNS for our marketing site.
- Polar.sh — Merchant of Record for billing and payments.
- Telegram — delivery of the alerts you opt into.
- Resend — transactional and account email.
When the Service reads your exchange account, it connects to the cryptocurrency exchange you chose, using the read-only key you provided; the exchange is your own third-party relationship, not our processor. We may also disclose data where required by law, to enforce our Terms, or to protect rights, property, and safety.
We do not sell your personal data, and we do not share it for cross-context behavioral advertising.
4. International transfers
Sentvale is operated remotely and uses providers located in different countries, including the United States, the European Union, and Singapore. Where personal data is transferred across borders, we rely on an appropriate transfer mechanism, such as the European Commission and UK standard contractual clauses, or transfers to countries with an adequacy decision, where these apply. You can ask us about the safeguards in place by contacting admin@sentvale.com.
5. Retention
We keep personal data only as long as needed for the purposes above:
- account and monitoring configuration: while your account is active, and for up to 30 days after you delete it or close your account, except where we must keep it longer;
- exchange API credentials: deleted promptly when you remove the connection or close your account;
- billing and tax records: for the period required by applicable law (commonly up to 7 years);
- server logs: typically up to 90 days;
- analytics data: per the retention settings of the analytics providers, where consented.
After these periods we delete or de-identify the data.
6. Your rights
Depending on your country, you may have the right to:
- access the personal data we hold about you;
- correct inaccurate data;
- delete your data ("right to erasure");
- restrict or object to processing;
- receive your data in a portable format;
- withdraw consent at any time (without affecting prior processing); and
- not be discriminated against for exercising your rights.
To exercise any right, contact admin@sentvale.com. We will respond within the time required by applicable law. You also have the right to complain to your local data-protection authority. In the EU this is your national supervisory authority; in the UK it is the Information Commissioner's Office.
US state privacy rights
If you are a resident of a US state with a privacy law (such as California), you have rights to know, access, delete, and correct your personal information, and to opt out of its sale or sharing. As stated above, we do not sell personal information or share it for cross-context behavioral advertising. To exercise these rights, contact admin@sentvale.com.
7. Cookies and analytics
We use a small number of strictly necessary cookies to sign you in and keep the Service secure (set by our authentication provider). Any non-essential analytics are used only with your consent, and you can change your choice at any time.
8. Security
We use reasonable technical and organizational measures to protect personal data, including access controls, encryption in transit, encryption at rest for your exchange credentials, and per-user data isolation. Our design principle is read-only and non-custodial: the Service is built to observe, never to trade or move funds. No system is perfectly secure, but we work to protect your data and to address incidents promptly.
9. Children
The Service is not directed at children, and we do not knowingly collect their personal data. If you believe a child has provided us data, contact admin@sentvale.com and we will delete it.
10. Changes
We may update this policy. We will change the "Last updated" date and, for material changes, take reasonable steps to notify you.
11. Contact
For any privacy question or request, contact admin@sentvale.com.