Testing & Evaluation Phase Notice
Sentinel FinCrime is currently in a testing and evaluation phase. During this period, some features may be incomplete, subject to change, or not yet available to all users. We collect limited data as described in this policy to operate and improve the platform. By using the platform in its current state, you acknowledge its testing status.
Last updated: 2 June 2026
Privacy-first by design
Your transaction files are processed entirely within your browser and are never transmitted to or stored on our servers.
Sentinel FinCrime ("we", "us", "our") is an independent financial crime technology platform founded by Kiruthika Nithyanand. We provide browser-based transaction monitoring and compliance screening tools designed to support compliance teams, fintechs, law firms, accountants, and other regulated entities worldwide.
Our platform is accessible at sentinelfincrime.com. This Privacy Policy governs all personal information we collect when you use our website or platform. It has been prepared in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), as well as the General Data Protection Regulation (GDPR) for users in the European Economic Area.
For any privacy-related questions or concerns, contact us at: support@sentinelfincrime.com
Sentinel FinCrime is currently operating in a testing and evaluation phase. This means the platform is being actively developed and refined. During this phase:
This privacy policy applies in full regardless of testing status. Your personal information will be handled consistently with these principles throughout the testing period and beyond.
We collect limited categories of personal information to operate and improve the platform:
Account information: When you register, we collect your name, email address, company name (optional), and the country you are based in. This information is used to create and manage your account and to communicate with you about the service.
Usage statistics: We collect aggregate, anonymised data about how the platform is used — such as which features are accessed, how many scans are completed, and general usage patterns. This data does not identify you individually and is used solely to improve the product.
Payment tokens: If you subscribe to a paid plan, payment processing is handled entirely by Stripe, Inc. We receive only a tokenised reference — we never receive, see, or store your full card number, expiry date, or CVV. We store your Stripe customer ID, subscription status, and the last four digits of your card for billing reference purposes only.
Support communications: If you contact us via the contact form or by email, we retain the contents of those communications to respond to your enquiry and improve our service.
We are committed to transparency about the limits of our data collection. In particular:
We use the personal information we collect only for legitimate purposes directly connected to operating and improving Sentinel FinCrime:
We do not use your personal information for third-party marketing, sell your data to any party, or use it for automated decision-making that produces legal or similarly significant effects on you.
Your transaction files never leave your device.
All AML screening — including rule execution, anomaly detection, sanctions screening, and report generation — occurs entirely within your browser using client-side JavaScript. When you load a CSV or Excel file into the platform:
The only information we record server-side relates to aggregate scan statistics (for example: that a scan was completed, and how many transactions and alerts were produced) — never the individual transaction records or the identities contained within them.
If you choose to save specific alert or case records to your account for workflow purposes, that data is stored under your Supabase-backed account with row-level security enforced — meaning only your authenticated session can access it.
All subscription payments are processed by Stripe, Inc., a PCI-DSS Level 1 certified payment processor. When you enter payment details on the platform:
We implement the following security measures to protect your personal information:
Despite these precautions, no internet-connected system can guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials.
We use only essential cookies required for the platform to function. We do not use advertising, tracking, analytics, or social media cookies of any kind.
The only cookies we use are:
sb-access-token, sb-refresh-token): Set when you log in and required to maintain your session. They expire after one hour and refresh automatically while you are active. These cookies are strictly necessary — the platform cannot function without them.We do not use Google Analytics, Meta Pixel, advertising networks, or any third-party tracking services. For full details, see our Cookie Policy.
We use the following third-party services to operate the platform. We share personal information only to the minimum extent necessary for each service:
Supabase (Supabase, Inc.)
Database, authentication, and storage. Data is processed in AWS ap-southeast-2 (Sydney, Australia). Privacy policy: supabase.com/privacy
Vercel (Vercel, Inc.)
Web hosting and global edge network. Privacy policy: vercel.com/legal/privacy-policy
Stripe (Stripe, Inc.)
Payment processing. PCI-DSS Level 1 certified. We share only the minimum data required to process payments. Privacy policy: stripe.com/privacy
Anthropic (Anthropic, PBC)
Powers optional AI-assisted features such as SAR narrative drafting and the investigation copilot. If you use these features, relevant data you choose to submit is transmitted to Anthropic. Privacy policy: anthropic.com/privacy
We do not sell, rent, or trade your personal information to any third party under any circumstances.
We retain your personal information only for as long as necessary for the purposes outlined in this policy:
When you delete your account, all associated personal data is permanently deleted within 30 days of the deletion request. During this 30-day window, your data remains available for export. After deletion is complete, it is irreversible. Billing records required by law are retained even after account closure.
Under the Australian Privacy Act 1988 and the GDPR, you have the following rights regarding your personal information:
To exercise any of these rights, please contact us at support@sentinelfincrime.com. We will respond within 30 days. Australian users who are unsatisfied with our response may contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au. EEA users may contact their local Data Protection Authority.
Sentinel FinCrime is a professional compliance platform intended for use by businesses and their employees. It is not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a minor has created an account or provided us with personal information, please contact us at support@sentinelfincrime.com and we will take prompt steps to remove that information.
We may update this Privacy Policy as the platform evolves or as legal requirements change. When we make material changes, we will notify registered users by email at least 14 days before the changes take effect. The current version of this policy will always be available at sentinelfincrime.com/privacy. Continued use of the platform after the effective date of any changes constitutes your acceptance of the updated policy.
For any questions, concerns, or requests relating to this Privacy Policy or the handling of your personal information, please reach out to us:
Sentinel FinCrime
support@sentinelfincrime.com
Australia
We aim to respond to all privacy-related enquiries within 30 days.