Sentinel CPO LLC ("Sentinel CPO", "we") uses a limited number of third-party sub-processors to operate the platform. This page discloses each sub-processor, the data they receive, the purpose for which they receive it, and where that data is processed.
Sub-processors are contractually bound to process Client data only for the purposes described below, to maintain appropriate security controls, and not to use Client data for their own purposes — including model training.
No sub-processor receives a Client's real name, email address, or company name in connection with intelligence processing. All AI inference, voice session analysis, and behavioral synthesis is conducted against a pseudonymous Client ID (CPO-XXXX) only. Real identity is compartmentalized to billing and authentication records, which are handled exclusively by Stripe and Supabase respectively.
| Sub-Processor | Purpose | Data Received | Data NOT Received | Residency |
|---|---|---|---|---|
| Anthropic, PBC San Francisco, CA, USA AI Inference | AI-powered behavioral and physiological analysis; generation of weekly intelligence briefings and baseline assessments. | Pseudonymous Client ID; structured biometric summary (aggregated daily metrics); structured behavioral session metadata; onboarding profile responses; goal records. All data transmitted over encrypted API. | Real name · Email · Company name · Audio recordings · Raw biometric telemetry · Payment data | United States. Anthropic does not use Client data submitted via API for model training under Sentinel CPO's commercial agreement. |
| ElevenLabs, Inc. New York, NY, USA Voice AI | Real-time AI voice check-in sessions. Processes audio stream in real-time to conduct structured performance check-ins. Audio is not retained after session close. | Real-time audio stream (processed in-session, not retained); session context block (pseudonymous — contains Client ID and structured context, no real identity); text-to-speech synthesis requests. | Real name · Email · Biometric records · Payment data · Session audio (not stored) | United States. Session audio is processed in real-time and not retained by ElevenLabs on behalf of Sentinel CPO after session close. |
| Oura Health Oy Oulu, Finland (EU) · US operations: San Francisco, CA Biometric Hardware | Biometric telemetry collection via the Oura Ring hardware device. Sentinel CPO retrieves aggregated daily biometric metrics via the Oura API on the Client's behalf. | Oura Ring biometric telemetry (HRV, sleep architecture, readiness, activity, respiratory rate, temperature) via OAuth-authorized API connection. Oura processes data under its own Privacy Policy, which Clients accept directly when creating an Oura account. | Sentinel CPO billing data · Briefing content · Check-in transcripts · Payment data | European Union and United States. Clients maintain a direct relationship with Oura Health Oy and are subject to Oura's Privacy Policy and Terms of Service independently of their Sentinel CPO subscription. |
| Sub-Processor | Purpose | Data Received | Data NOT Received | Residency |
|---|---|---|---|---|
| Supabase, Inc. San Francisco, CA, USA Database & Auth | Primary database (PostgreSQL), authentication (email/password, session tokens), and object storage. All structured Client data is stored here. | All structured platform data: encrypted Client records, pseudonymous intelligence data, authentication credentials, session tokens, and delivered briefing content. Database is secured with Row-Level Security (RLS) enforced at the PostgreSQL layer. | Raw audio recordings (never stored) · Payment card data | United States (US East region). Supabase is SOC 2 Type II certified. All data encrypted at rest (AES-256) and in transit (TLS 1.2+). |
| Vercel, Inc. San Francisco, CA, USA Application Hosting | Hosts and executes the Sentinel CPO web application and serverless API functions. | Server-side request logs (IP address, request path, response code, timestamp). Request bodies are processed in-memory and are not logged or retained by Vercel. | Database content · Briefing content · Biometric data · Payment data · Real identity beyond IP | United States (primary). Vercel maintains SOC 2 Type II certification. |
| Sub-Processor | Purpose | Data Received | Data NOT Received | Residency |
|---|---|---|---|---|
| Stripe, Inc. San Francisco, CA, USA Payments | Payment processing, subscription management, invoice generation, and tax calculation. | Client name, email address, billing address, payment method details, subscription tier and pricing. Stripe is the system of record for all financial transactions. | Pseudonymous Client ID · Biometric data · Intelligence briefings · Check-in data · Voice session data | United States. Stripe is PCI DSS Level 1 certified and SOC 2 compliant. Stripe handles all payment card data — Sentinel CPO never touches or stores raw payment card numbers. |
| Sub-Processor | Purpose | Data Received | Data NOT Received | Residency |
|---|---|---|---|---|
| Resend, Inc. San Francisco, CA, USA Email Delivery | Transactional email delivery — enrollment confirmations, briefing delivery notifications, billing receipts, and system alerts. | Recipient email address, email subject line, and email body content (which may include a link to a delivered briefing or account notification). | Biometric data · Intelligence briefing content · Check-in data · Payment data · Pseudonymous Client ID | United States. |
| Google LLC Mountain View, CA, USA Analytics & Fonts | Google Tag (anonymized page-view analytics on the public marketing website); Google Fonts (font delivery via CDN). | Anonymized page-view events from the public marketing website (sentinelcpo.com) only. Google Fonts requests contain the requesting IP address but no personal data beyond what any CDN request includes. Google does not receive any data from the authenticated portal (portal.sentinelcpo.com). | Portal activity · Client identity · Biometric data · Briefings · Payment data | United States and global CDN nodes. |
Sentinel CPO will update this page prior to engaging any new sub-processor that will process Client personal data. Material changes — defined as the addition of any sub-processor that receives personal data not previously disclosed — will be communicated to active Clients via email at least 14 days before the sub-processor begins processing.
For questions about this disclosure or our sub-processor relationships:
Sentinel CPO LLC — Privacy & Security
Submit a privacy inquiry →