Legal

Privacy Notice

Effective: January 2026

Sentinel Authority operates the sentinelauthority.org website and the ODDC attestation platform. This Privacy Notice describes the categories of information collected, the purposes for which it is processed, and the safeguards applied.

Legal Entity and Jurisdiction

Data Controller: Sentinel Authority, an Ontario, Canada-based independent conformance body

Governing Law: Province of Ontario, Canada

Jurisdictional Scope: This Notice applies to information processed in connection with services provided globally by Sentinel Authority

International Transfers: Data may be processed in Canada and internationally. By submitting information, applicants acknowledge transfer to and processing in Canada and other jurisdictions where Sentinel Authority operates

Legal Basis for Processing: Contractual necessity and legitimate interest in maintaining attestation integrity

Information We Collect Information You Provide

Contact information (name, email, phone, organization)

Application data (system descriptions, ODD specifications, technical documentation)

Account credentials for the attestation portal

Payment information (processed by third-party providers)

Collected Automatically

ENVELO Interlock telemetry data from systems undergoing assessment

Log data (IP address, browser type, pages visited)

Cookies for session management

How We Use Your Information

Process and evaluate assessment applications

Conduct CAT-72 conformance testing

Issue and manage ODDC attestations

Communicate about your application or attestation status

Maintain audit records as required for attestation integrity

Maintain, secure, and administer the attestation platform

Data Retention

We retain attestation records, including CAT-72 evidence and audit logs, for the duration of your attestation plus seven (7) years, to preserve evidentiary integrity and support potential regulatory, legal, or contractual review.

Account information is retained while your account is active and for a reasonable period thereafter for legal and business purposes.

Data Security

All data is encrypted in transit (TLS 1.3) and at rest. We implement industry-standard security measures including access controls, audit logging, and regular security assessments.

Your Rights

Depending on your jurisdiction, you may have rights to access, correct, delete, or port your personal data. Note that attestation records may be subject to retention requirements that limit deletion rights.

Third Parties

Sentinel Authority does not monetize personal data. We may share data with service providers who assist in operating our platform, subject to confidentiality obligations.

Updates

The effective date of this Privacy Notice appears above. Material revisions will be communicated via email or platform notification. Prior versions are archived upon revision.

Data Protection Inquiries

Direct data protection inquiries to the address below.

conformance@sentinelauthority.org →