1. Short summary

Sentinel is designed as a security tool, not a browsing surveillance product. The browser extension analyzes the active page locally first. When cloud intelligence is available, Sentinel may contact ATIN to check website reputation, download fresh threat intelligence, or submit a report that you choose to send.

Sentinel is not perfect. It may miss dangerous websites, warn on legitimate websites, or misclassify a download. You should still use caution online and should not rely on Sentinel as your only security protection.
2. Data Sentinel may process locally

To protect the active page, Sentinel may inspect security-relevant page information, including:

Current page URL, domain, redirect chain, page title, and visible security-relevant text patterns.
Form metadata such as field names, field types, form actions, and whether password or payment fields exist.
Script, iframe, download, link, and resource metadata needed to detect suspicious behavior.
Cookie names, cookie domains, cookie counts, and cookie categories where available.
Risk findings, verdict, score, confidence, safe-mode state, local allowlist/blocklist settings, and extension preferences.


This local processing is used to provide the extension’s core protection, warnings, safe-mode behavior, and user controls.
3. Data we do not intentionally collect

Sentinel and ATIN are not intended to collect private secrets. We do not intentionally collect or transmit:

Passwords, one-time codes, seed phrases, private keys, card numbers, or sensitive form values.
Cookie values, session tokens, access tokens, refresh tokens, or authorization headers.
The full contents of your browsing history.
Private messages, account contents, or documents unrelated to security analysis.


Security software may still see technical metadata while analyzing a page. We use redaction and minimization to avoid storing sensitive values, and we store cookie names/counts/domains rather than cookie values.
4. ATIN cloud intelligence and reports

When Sentinel contacts ATIN, ATIN may receive security-relevant information such as:

Website domain, host, URL, normalized URL, or download URL being checked.
Sentinel score, verdict, finding keys, evidence codes, and sanitized technical context.
Manual false-positive or missed-threat reports you choose to submit.
Operational logs such as request time, status code, IP address, user agent, and error diagnostics.


ATIN also scans public websites, threat-feed indicators, and known suspicious infrastructure independently. That autonomous scanning is intended to build website/domain intelligence, not private user profiles.
5. Why we use this information

We use security information to:

Detect, warn about, and block phishing, scams, malware, suspicious downloads, and credential theft.
Maintain ATIN reputation, threat-feed consensus, scan history, and domain intelligence.
Investigate false positives, missed threats, abuse, service errors, and security incidents.
Improve rules, tests, reliability, and product safety.


1. Your choices and controls
   
   You can disable optional telemetry in the extension settings where offered.
   You decide whether to submit false-positive or missed-threat reports.
   You can clear local extension storage or uninstall the extension through your browser.
   You can contact us to request access, correction, or deletion where applicable law gives you those rights.
2. Sharing and service providers

We do not sell personal data. We may share limited data with infrastructure providers, security providers, or legal authorities when needed to operate the service, prevent abuse, comply with law, or protect users and Avenode Technologies.
8. Retention

Local extension data remains in your browser until you clear it or uninstall the extension. ATIN may retain website reputation, threat intelligence, scan history, reports, and operational logs for as long as needed to provide security protection, audit decisions, improve detection, comply with legal obligations, and prevent abuse. Public website intelligence may be retained as historical security evidence even if a website later becomes inactive or clean.
9. Security, children, and international processing

We use reasonable technical and organizational safeguards for the service. No internet service is perfectly secure. Sentinel is not directed to children. If data is processed across borders, we use safeguards required by applicable law.
10. Changes

We may update this policy as Sentinel and ATIN evolve. Material changes will be reflected by updating this page and the “Last updated” date.
11. Contact

For privacy requests, security reports, or false-positive questions, contact c.hermann@avenode.net