Privacy Policy

Welcome to Sui Sentinel, a decentralized AI security platform operated by Cyphronix Software Private Limited (CIN: U62013MP2025PTC075797). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit suisentinel.xyz or use our platform.

By accessing or using Sui Sentinel, you consent to the practices described in this policy. If you do not agree with any part of this Privacy Policy, please discontinue use of our services.

We collect information across two surfaces: the landing page (suisentinel.xyz) and the main application (app.suisentinel.xyz). Here is a full account of every category of data we collect.

2.1 Account & Identity Data

When you create a Sui Sentinel account, we collect and store:

• Sui wallet address, used as your primary identity on the platform.
• Username and display name, chosen by you during onboarding.
• Email address, optionally provided for notifications and updates.
• Profile avatar, uploaded by you and stored in our secure file storage.
• Email notification preference, controlling whether you receive updates.

2.2 Social Account Connections

You may optionally connect social accounts via OAuth to verify your identity and participate in rewards missions. When you do, we receive and store:

• Twitter/X: Platform user ID, username, and profile avatar URL.
• Discord: Platform user ID, username, and profile avatar URL.

We do not receive your social passwords, direct messages, or private content. You can disconnect social accounts at any time from your profile settings.

2.3 AI Agent (Sentinel) Data

When you deploy an AI Sentinel, we collect:

• Agent name and URL-friendly slug.
• Agent profile image (uploaded to secure file storage).
• AI model provider and model name (e.g., OpenAI, GPT-4o).
• Sui blockchain object ID and transaction digest, which are also publicly recorded on-chain.
• Your wallet address, recorded as the agent owner.

2.4 Platform Activity Data

• Featured Agent Requests: Name, email, wallet address, Twitter username, Telegram username, and a description submitted when requesting a featured listing.
• User Feedback: Name, email, wallet address, feedback type, and message submitted via the in-app feedback form.

2.5 Landing Page Submissions

• Manifesto Signatures: Email address and timestamp when you sign the community manifesto.
• Job Applications: Full name, email, resume file, GitHub profile link, a note on your interest in the role, and availability information.
• Demo Requests: First name, last name, email, company name, an optional message, and whether you wish to join the beta.
• Ambassador Programme: Full name, preferred name, country, timezone, and Telegram handle, Twitter and GitHub URLs, Sui wallet address, desired roles, Web3 experience level, motivation, a 30-day contribution plan, and weekly availability.

2.6 Automatically Collected Data

• Usage Data: Pages visited, time spent, referral URLs, and interaction events collected via Vercel Analytics (privacy-focused, no personal identifiers stored).
• Device & Browser Data: IP address, browser type, operating system, and device identifiers.
• Session Cookies: Authentication session tokens managed by NextAuth.js to keep you logged in.

2.7 Blockchain Data

When you interact with Sui Sentinel smart contracts on the Sui blockchain, your wallet address and all transaction data are recorded publicly and immutably on-chain. This data is outside our control and cannot be erased. Please be aware of the inherently public nature of blockchain interactions before participating.

We use the information we collect to:

• Operate, maintain, and improve the Sui Sentinel platform and website.
• Process and respond to your applications, demo requests, and enquiries.
• Send transactional emails (via AWS SES) such as application confirmations and community updates.
• Analyse usage patterns to enhance user experience and platform security.
• Comply with applicable legal obligations and enforce our Terms of Service.
• Detect, investigate, and prevent fraudulent, abusive, or illegal activity.
• Communicate important updates about the platform or your account.

We use cookies and similar technologies to operate and improve our services. These include:

• Essential Cookies: Required for the website to function. These cannot be disabled.
• Analytics Cookies: Help us understand how visitors interact with our site (via Vercel Analytics). These are privacy-focused and do not use personal identifiers.

You can control cookie preferences through your browser settings. Note that disabling cookies may affect the functionality of certain features.

We work with the following carefully selected third-party providers. Each processes your data only as necessary to deliver their service:

• Supabase (PostgreSQL database & file storage): Stores all structured data including user profiles, agent records, applications, manifesto signatures, rewards activity, and more. Also hosts three file storage buckets: ss-agents (agent images), ss-avatars (profile pictures), and job-applications (resume files). Data is processed under Supabase's data processing agreement.
• Amazon Web Services (SES): Used exclusively for sending transactional emails (application confirmations, community updates). Subject to the AWS privacy policy.
• Vercel (Hosting & Analytics): Hosts the platform. Vercel Analytics collects privacy-focused, cookie-less usage data with no personal identifiers stored. Subject to Vercel's privacy policy.
• NextAuth.js: Manages authentication sessions via secure HTTP-only cookies. Session tokens are stored locally and not shared with third parties.
• Twitter/X (OAuth): When you connect your Twitter account, Twitter shares your user ID, username, and avatar URL with us via their OAuth 2.0 flow. We do not receive your password or private messages. Subject to Twitter/X's privacy policy.
• Discord (OAuth): When you connect your Discord account, Discord shares your user ID, username, and avatar URL with us. We do not receive your server messages or private content. Subject to Discord's privacy policy.
• Sui Blockchain: The decentralised network underpinning smart contract operations. Transaction data, wallet addresses, and agent object IDs are public and immutable on-chain.

We do not sell, trade, or rent your personal information to third parties for marketing purposes.

We implement appropriate technical and organisational security measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. These measures include:

• Encrypted data transmission (TLS/HTTPS) across all platform endpoints.
• Server-side Supabase service role keys are never exposed to the client browser.
• All data operations go through Next.js server-side API routes. The Supabase service role key is used exclusively on the server and is never exposed to the client.
• Smart contract security: Sui Sentinel's contracts are fully audited by OtterSec.

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security.

We retain your personal information for as long as necessary to fulfil the purposes outlined in this policy, unless a longer retention period is required or permitted by law:

• User accounts & profiles: Retained for the lifetime of your account. You may request deletion at any time.
• Social connections (Twitter/Discord): Retained until you disconnect them via your profile settings or request deletion.
• Agent data: Agent records and on-chain references are retained indefinitely as they are tied to immutable blockchain records.
• Rewards activity: Retained indefinitely to maintain an auditable history of on-chain reward claims.
• Job applications: Retained for as long as reasonably necessary for hiring purposes. You may request deletion at any time.
• Manifesto signatures: Retained indefinitely as a record of community support.
• Demo requests & feedback: Retained for as long as reasonably necessary for business purposes.
• Ambassador applications: Retained for as long as reasonably necessary after submission.

You may request deletion of your off-chain personal data at any time by contacting us (see Section 10). Note that on-chain data (wallet addresses, transaction hashes, agent object IDs) cannot be deleted due to the immutable nature of the blockchain.

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Rectification: Request correction of inaccurate or incomplete data.
• Erasure: Request deletion of your personal data, subject to applicable legal obligations.
• Restriction: Request that we restrict processing of your personal data.
• Portability: Request a machine-readable copy of data you have provided to us.
• Objection: Object to our processing of your personal data.

To exercise any of these rights, please contact us at suisentinal@gmail.com. We will respond to your request within 30 days.

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of significant changes by updating the “Last Updated” date at the top of this page. We encourage you to review this policy periodically.

If you have any questions, concerns, or requests relating to this Privacy Policy, please contact us: