Sentry

Last updated · May 8, 2026

Privacy Policy

Dark Rock Labs, Inc. ("Dark Rock", "we", "us") operates Sentry, a cyber-resilience platform. This policy explains what personal data we collect, why we collect it, and the rights you have over it. It is written to satisfy the EU GDPR, the UK GDPR, the California Consumer Privacy Act (CCPA/CPRA), Canada's PIPEDA, Brazil's LGPD, and similar frameworks worldwide.

1. Data we collect

  • Account data — name, work email, organization, and authentication identifiers (managed by Supabase Auth).
  • Workspace data — content you and your team create inside Sentry (assessments, tickets, policies, etc.).
  • Usage data — pages visited, feature events, and performance metrics, used solely to operate and improve the service.
  • Communications — emails you send to support and the records of those exchanges.

2. How we use it

We process your data to (a) provide the service you signed up for, (b) maintain security and prevent abuse, (c) communicate with you about your account, and (d) comply with our legal obligations. We do not sell personal data, and we do not use it to train third-party AI models.

3. Legal bases (EEA / UK)

We rely on: performance of contract (delivering the service), legitimate interests(security, fraud prevention, product improvement), consent (optional marketing emails), and legal obligation (responding to lawful requests).

4. Sub-processors

We use carefully vetted sub-processors to operate the service:

  • Vercel Inc. — application hosting (US, with multi-region support).
  • Supabase Inc. — database, authentication, object storage.
  • Resend Inc. — transactional email delivery.

A current list is maintained at /security#subprocessors. We notify customers in advance of material sub-processor changes.

5. Data residency

US customers' data is stored in the United States by default. EU customers may request EU-resident storage (Frankfurt or Paris regions). UK, Canada, Brazil, and APAC residency is available on request for Enterprise plans.

6. Retention

We keep workspace data for the lifetime of your subscription plus 30 days after cancellation, after which it is permanently deleted. Backups are retained for an additional 30 days. Account logs and security telemetry are retained for 12 months.

7. Your rights

Subject to applicable law, you may: access your data, correct inaccuracies, request deletion, restrict processing, port your data to another service, or object to a particular use. EU/UK residents may also lodge a complaint with a supervisory authority. Email privacy@darkrocksecurity.com to exercise any of these rights.

8. Children

Sentry is not intended for children under 16, and we do not knowingly collect data from them.

9. International transfers

Where we transfer personal data outside the EEA/UK, we rely on the European Commission's Standard Contractual Clauses (and the UK Addendum) plus supplementary security measures including encryption in transit and at rest.

10. Changes

We post material updates here and notify account administrators by email at least 30 days before they take effect.

11. Contact

Dark Rock Labs, Inc. · Data Protection Officer · privacy@darkrocksecurity.com