Legal

Privacy Policy

Last updated: July 6, 2026

1. Who we are

UniSentinel provides a modular governance, risk and compliance (GRC) platform, licensed module by module and deployable as a cloud service (SaaS) or on your own infrastructure — on Linux via Docker, or natively on Windows Server.

For the personal data described in this policy that is collected through this website, UniSentinel acts as the data controller. You can reach us at any time at support@unisentinel.com.

2. Scope of this policy

This policy covers two distinct situations. First, visitors to this marketing website: sections 3 and 4 describe the limited data we handle when you browse the site or contact us. Second, customers of the UniSentinel product: sections 5 and 6 describe how data inside the product is handled under each deployment model.

Where your organisation runs UniSentinel and you use it as an end user, your organisation — not UniSentinel — decides why and how your personal data is processed, and its own privacy notice applies to that use.

3. What we collect on this website

This website has no form backend. The demo-request and contact buttons open your own email client with a pre-filled draft (a mailto: link); nothing is submitted to our servers unless you choose to send the email yourself, and we receive only what you decide to send — typically your email address and the message you write.

Like virtually every website, our web server records basic technical logs — IP address, requested pages, timestamps and browser user agent — used solely to keep the site secure and operational.

4. Cookies

The marketing site — the pages you are reading now — sets no tracking cookies, no analytics cookies and no third-party advertising cookies.

One strictly necessary session cookie exists on this domain: it is set only when an authorised member of our team signs in to the internal console, and is never set for ordinary visitors.

5. Product data — cloud

When your organisation subscribes to UniSentinel as a cloud service, the content it puts into the platform — risks, controls, audits, documents, user accounts and everything else — is customer content. We process it only to provide, secure and support the service, and never for advertising or profiling.

For customer content, your organisation is the data controller and UniSentinel is the data processor, acting on documented instructions under the service agreement and data processing terms concluded with your organisation.

6. Product data — on-premises

When UniSentinel is deployed on your own servers — Linux or Windows — your data never reaches us. The product runs entirely on your infrastructure and requires no outbound connection: license verification happens offline, against a digitally signed license file.

The product sends no telemetry by default. Error reporting to UniSentinel exists as a feature, but it is strictly opt-in: unless your administrator deliberately enables it, nothing leaves your environment.

7. Legal bases for processing

Where the EU or UK General Data Protection Regulation or similar laws apply, we rely on the following legal bases:

  • Consent — for example, when you choose to email us, or when an on-premises administrator opts in to error reporting.
  • Performance of a contract — processing needed to provide the cloud service to a subscribing organisation, or to respond to your request before entering into a contract.
  • Legitimate interests — keeping this website and our services secure, preventing abuse and administering our business, always balanced against your rights and freedoms.

8. Sharing and subprocessors

We do not sell personal data, and we do not share it with third parties for their own marketing.

For the cloud offering only, we use a small number of infrastructure providers — hosting, managed databases, file storage and email delivery — as subprocessors bound by data protection terms; the current list is available on request. On-premises deployments involve no subprocessors, because we do not hold the data. We may also disclose information where a law or a valid legal order requires it.

9. International transfers

Correspondence you send us and cloud customer content may be processed in countries other than your own, depending on where our infrastructure providers operate. Where such transfers involve data protected by the GDPR or comparable laws, we rely on appropriate safeguards such as the European Commission's standard contractual clauses or an applicable adequacy decision.

On-premises deployments involve no international transfer by UniSentinel: the data remains wherever your organisation chooses to run the software.

10. Retention

Email correspondence is kept for as long as needed to handle your enquiry and any follow-up, and to meet legal or accounting obligations. Server logs are retained for a short, rolling period for security purposes and then deleted.

Cloud customer content is retained for the duration of the service agreement and deleted or returned in accordance with it after termination. Retention of on-premises data is entirely in your organisation's hands.

11. Security

UniSentinel is a security product, and we hold ourselves to that standard. The platform is built on a documented security architecture: encryption of data in transit (TLS) and of stored credentials and secrets at rest, role-based access control enforced on the server for every action, and an immutable audit log of security-relevant events. We apply proportionate technical and organisational measures to the limited website data described above as well.

12. Your rights

Depending on the law that applies to you, you have the following rights over your personal data. To exercise any of them, email support@unisentinel.com; if your request concerns data held inside a customer's UniSentinel instance, we will refer you to that organisation, which is the controller for that data.

  • Access — obtain a copy of the personal data we hold about you.
  • Rectification — have inaccurate data corrected.
  • Erasure — have your data deleted.
  • Portability — receive your data in a machine-readable format.
  • Objection — object to processing based on our legitimate interests.
  • Restriction — restrict processing in certain circumstances.
  • Complaint — lodge a complaint with your competent supervisory authority.

13. Children

This website and the UniSentinel product are business tools directed at organisations, not at children. We do not knowingly collect personal data from anyone under 16; if you believe a child has provided us with personal data, contact us and we will delete it.

14. Changes and contact

We may update this policy as the product, our practices or the law change. The current version is always published on this page with the “last updated” date above; material changes to how we handle cloud customer content are additionally communicated to affected customers.

Questions, requests and complaints about privacy: support@unisentinel.com.