Privacy Policy

1. Introduction

The Backwards Marketer, LLC, doing business as Sentinel Hound (“Company,” “we,” “us,” or “our”), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Sentinel Hound platform (“Service”), including our web application, mobile applications, and any associated services.

By using the Service, you consent to the data practices described in this Privacy Policy. If you do not agree, please discontinue use of the Service immediately.

2. Information We Collect

2.1 Information You Provide Directly

• Account Information: Name, email address, phone number, job title, and organization name when you register.
• Payment Information: Billing details processed securely through Stripe. We do not store full credit card numbers on our servers.
• Patrol Data: Checkpoint scan logs, incident reports, text notes, and shift summaries submitted during active patrols.
• Photographs & Media: Images captured through the mobile application for incident reporting and documentation.
• Communications: Messages sent through the in-app AI assistant, support requests, and contact form submissions.

2.2 Information Collected Automatically

• GPS & Location Data: Real-time geographic coordinates, movement paths, speed, altitude, and location accuracy metrics during active shifts. Location tracking continues in the background while shifts are active.
• Device Information: Device type, operating system, browser type, app version, unique device identifiers, and battery level.
• Usage Data: Pages visited, features used, session duration, click patterns, and interaction timestamps.
• Network Information: IP address, connection type (WiFi/cellular), and network status (online/offline).

2.3 Information from Third Parties

• Authentication Providers: If you sign in via Google OAuth, we receive your name, email, and profile picture from Google.
• Payment Processor: Stripe provides us with transaction confirmations, subscription status, and billing events.

3. How We Use Your Information

We use collected information for the following purposes:

• Service Operation: To provide, maintain, and improve the core functionality of the platform including patrol tracking, report generation, and real-time monitoring.
• AI Processing: To power AI-generated shift reports, image analysis, conversational assistance, and anomaly detection. Your data may be processed by third-party AI models (Google Gemini) under strict data processing agreements.
• Verification & Compliance: To generate confidence scores, detect GPS spoofing, verify checkpoint completions, and produce audit-ready documentation.
• Billing & Subscriptions: To process payments, manage subscriptions, enforce officer limits, and handle trial expirations.
• Communications: To send transactional emails, shift reminders, credential expiry alerts, and system notifications via email (Resend) and SMS (Twilio).
• Security & Fraud Prevention: To detect unauthorized access, prevent GPS spoofing, identify suspicious activity, and protect the integrity of the platform.
• Analytics & Improvement: To understand usage patterns, diagnose technical issues, and improve the Service.

4. Location Data — Special Notice

Location data is collected every 5–15 seconds while a shift is active, including when the application is running in the background. This data is used to record patrol paths, verify geofence compliance, calculate checkpoint proximity, and generate verification evidence.

Employer Responsibility: If you are an account administrator enrolling security officers on the platform, you are solely responsible for providing clear notice to officers that their location will be tracked during shifts, obtaining all legally required consent under applicable federal, state, and local employment and privacy laws, and ensuring compliance with labor regulations regarding employee monitoring.

Location tracking automatically ceases when a shift is ended by the officer or administrator. We do not track officer locations outside of active shifts.

5. Data Sharing & Disclosure

We do not sell your personal information. We may share data with:

• Service Providers: Supabase (database & authentication), Stripe (payments), Google Cloud/Gemini (AI processing), Resend (email), Twilio (SMS), and Sentry (error tracking). All providers are bound by data processing agreements.
• Your Organization: Administrators within your organization can view patrol data, shift reports, and location history for officers in their organization.
• Client Portal Viewers: If your organization shares shift reports via the client portal, authorized clients can view sanitized report data through token-based access links.
• Legal Obligations: We may disclose information if required by law, subpoena, court order, or governmental request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of the transaction.

6. Data Retention

We retain your data as follows:

• Account Data: Retained for the duration of your active account plus 90 days after deletion request.
• Patrol & Location Data: Retained according to your organization's configured data retention policy (default: 12 months for standard plans, configurable for enterprise).
• Shift Reports: Retained for 24 months or as required by applicable record-keeping regulations.
• Audit Logs: Retained for 36 months for compliance and dispute resolution purposes.
• Payment Records: Retained as required by tax and financial regulations (typically 7 years).

Automated data retention cleanup processes run periodically to permanently delete data that has exceeded its retention period.

7. Data Security

We implement industry-standard security measures to protect your information, including:

• Encryption in transit (TLS 1.2+) and at rest (AES-256).
• Row-Level Security (RLS) in our database ensuring strict multi-tenant data isolation.
• Role-based access controls (RBAC) limiting data access to authorized users only.
• Cryptographic hashing of verification data to ensure tamper-proof audit trails.
• Regular security audits and vulnerability assessments.

No method of electronic storage or transmission is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

8. Your Rights & Choices

Depending on your jurisdiction, you may have the right to:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your personal data, subject to legal retention obligations.
• Portability: Request a machine-readable export of your data.
• Opt-Out: Opt out of non-essential communications and marketing emails.
• Restrict Processing: Request that we limit how we process your data in certain circumstances.

To exercise these rights, contact us at [email protected]. We will respond to verified requests within 30 days.

9. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to request deletion, and the right to opt out of the sale of personal information.

We do not sell personal information as defined by the CCPA. To submit a verifiable consumer request, contact us at the email address listed below.

10. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal data, please contact us and we will take steps to delete such information.

11. Third-Party AI Processing Disclosure

Certain features of the Service utilize third-party artificial intelligence models, including Google Gemini, to process text, images, and operational data. When AI features are used:

• Data is transmitted securely to the AI provider's servers for processing.
• We use API-based access, meaning your data is processed in real time and is not used to train the provider's general models.
• AI processing is governed by our data processing agreements with each provider.
• AI-generated outputs (reports, analyses, summaries) are stored within your organization's account and subject to the same retention and security policies as other data.

12. Cookies & Tracking Technologies

We use essential cookies and local storage to maintain your session, remember preferences (such as dark/light mode), and cache data for offline functionality. We do not use third-party advertising cookies.

We may use analytics tools to understand how the Service is used. You can control cookie settings through your browser preferences.

13. International Data Transfers

Your information may be processed and stored on servers located in the United States. If you access the Service from outside the United States, you consent to the transfer of your information to the United States, where data protection laws may differ from those in your jurisdiction.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and, where appropriate, sending email notification. The “Effective Date” at the top of this page indicates when the policy was last revised.

Your continued use of the Service after changes are posted constitutes acceptance of the revised Privacy Policy.

15. Contact Us

For questions, concerns, or requests regarding this Privacy Policy or our data practices, contact us at: