Privacy Policy

Bu yasal belge, geçerli Fransız hukukuna uygun olarak Fransızca yazılmıştır.

1. Introduction

The sole proprietorship EI ROMAIN COUZON operates the SentryAlert mobile application and the sentryalert.app website (hereinafter collectively referred to as the "Service").

The purpose of this privacy policy is to inform users of the Service about how their personal data is collected, processed and protected, in accordance with the General Data Protection Regulation (EU) 2016/679 (hereinafter "GDPR") and French Law No. 78-17 of January 6, 1978, relating to information technology, files and civil liberties, as currently in force.

By using the Service, the user acknowledges having read this policy and accepts its terms.

2. Data Controller

  • Identity: EI ROMAIN COUZON, Sole Proprietor (Entrepreneur Individuel)
  • Address: 245 av. Marie de Montpellier, 34000 Montpellier, France
  • Contact email (personal data): privacy@sentryalert.app

3. Data Collected

3.1 Via the SentryAlert application

The table below details the data collected through the use of the application:

Data Purpose Legal Basis Retention Period
Tesla OAuth identifier User authentication Art. 6.1.b GDPR — Performance of contract Duration of user account
Vehicle VIN Identification of the associated vehicle Art. 6.1.b GDPR — Performance of contract Duration of user account
Tesla tokens (API access) Access to Tesla Fleet API — encrypted with AES-256 Art. 6.1.b GDPR — Performance of contract Duration of user account
Sentry Mode events Notifications and alert history Art. 6.1.b GDPR — Performance of contract Rolling 30 days
Push notification token (APNs on iOS / FCM on Android) Sending push notifications Art. 6.1.b GDPR — Performance of contract Duration of user account
User preferences Experience personalization (language, notifications) Art. 6.1.b GDPR — Performance of contract Duration of user account
Subscription data Subscription management and billing Art. 6.1.b GDPR — Performance of contract Duration of account + legal retention obligations

3.2 Data NOT collected

SentryAlert does not collect any of the following data:

  • Geolocation data (GPS position of the vehicle or user)
  • Driving data (speed, acceleration, trips)
  • Images or videos from the vehicle's cameras
  • Contacts, photos or other personal data stored on the user's device

3.3 Via the sentryalert.app website

Audience analytics: The website uses our own first-party analytics tool, hosted on our own infrastructure (no cookies, no IP address stored, no personal data) to measure audience anonymously (pages visited, duration, device, language).

Contact form: The contact form collects the user's name and email address for the purpose of processing their request, based on the legitimate interest of the data controller (Art. 6.1.f GDPR). This data is retained for the time necessary to process the request, then deleted.

4. Sub-processors

As part of the operation of the Service, certain data may be transmitted to the following sub-processors:

Sub-processor Role Location Safeguards
Hetzner Online GmbH Server and database hosting Germany (EU) Native GDPR (EU)
Apple Inc. Push notifications (APNs) and distribution (App Store) — iOS users United States Standard Contractual Clauses (SCCs)
Google LLC Push notifications (FCM) and distribution (Google Play Store) — Android users United States Standard Contractual Clauses (SCCs)
Tesla, Inc. Fleet Telemetry (Sentry Mode events) United States Consent + Standard Contractual Clauses (SCCs)
Cloudflare, Inc. CDN and DDoS protection Global (anycast network) Standard Contractual Clauses (SCCs)

The application's core data (user accounts, tokens, events) is stored exclusively in Germany, within the European Union.

5. Data Security

The data controller implements the following technical and organizational measures to ensure the security of personal data:

  • Token encryption: Tesla access tokens are encrypted with AES-256 before being stored in the database.
  • Encryption in transit: All communications are protected by TLS 1.3.
  • Authentication: User sessions rely on short-lived JWT tokens.
  • Backups: Encrypted backups are performed daily.
  • Server access: Server access is restricted to SSH connections only.

6. Your Rights (GDPR)

In accordance with Articles 15 to 22 of the GDPR, you have the following rights over your personal data:

  • Right of access (Art. 15) — Obtain confirmation that your data is being processed and receive a copy of it.
  • Right to rectification (Art. 16) — Have your inaccurate or incomplete data corrected.
  • Right to erasure (Art. 17) — Request the deletion of your data. You can also delete your account directly from the SentryAlert application.
  • Right to restriction of processing (Art. 18) — Request the suspension of processing of your data in certain cases.
  • Right to data portability (Art. 20) — Receive your data in a structured, commonly used and machine-readable format.
  • Right to object (Art. 21) — Object to the processing of your data on legitimate grounds.

To exercise any of these rights, please send your request to privacy@sentryalert.app. We commit to responding within 30 days of receiving the request.

If you believe that the processing of your data does not comply with applicable regulations, you have the right to lodge a complaint with the French Data Protection Authority (CNIL): www.cnil.fr.

7. Reklam ölçümü ve kampanyalar

Hangi reklam kampanyalarının insanların SentryAlert'i keşfetmesine yardımcı olduğunu anlamak için belirli teknik sinyalleri iki reklam ağıyla paylaşabiliriz: Meta (Facebook, Instagram) ve Google (Ads, Analytics). Bu araçlar yalnızca onayınıza göre ve aşağıdaki koşullar altında etkinleştirilir.

Kullanılan araçlar (onay verirseniz)

  • Meta Pixel — ziyaretleri ölçmek için tarayıcınıza yüklenen betik.
  • Meta Conversions API — sunucularımızdan Meta'ya sunucudan sunucuya çağrılar.
  • Google Tag — Consent Mode v2 etkin şekilde tarayıcınıza yüklenen betik.
  • Google Analytics 4 — davranışsal kitle ölçümü.

Onay verilirse reklam ağlarına gönderilen teknik veriler

  • Ziyaret edilen sayfa (URL).
  • Kampanya parametreleri (utm_source, utm_medium, utm_campaign, utm_content, utm_term).
  • Reklam tıklama tanımlayıcısı (Meta için fbclid, Google için gclid).
  • Yaklaşık ülke (Cloudflare tarafından IP adresinizden türetilir — yalnızca ülke düzeyi).
  • Tarayıcı türü ve cihaz kategorisi.
  • Ziyaret zaman damgası.

Onay verseniz bile reklam ağlarına asla gönderilmeyen veriler

  • Tesla verileri (araç durumu, batarya, GPS konumu, Sentry uyarıları).
  • VIN — araç tanımlama numarası.
  • Fotoğraf veya videolar.
  • Ad, e-posta adresi, parola.
  • SentryAlert hesabınızın içeriği.
  • Kesin konum (GPS koordinatları).

Yasal dayanaklar

  • AB / AEA / Birleşik Krallık / İsviçre: önceden pazarlama onayı (GDPR madde 6.1.a, ePrivacy yönergesi madde 5.3).
  • Bu bölgenin dışında: bu araçlar, geçerli yerel kurallara tabi olarak varsayılan olarak etkinleştirilebilir.

Teknik uyumluluk

  • Google Consent Mode v2: Google etiketlerimiz, ad_storage, analytics_storage, ad_user_data ve ad_personalization için varsayılan olarak 'denied' (reddedildi) sinyalini alır. Bu sinyaller yalnızca onayınızdan sonra 'granted' (verildi) durumuna geçer.
  • Meta Pixel ve Conversions API: reklam ölçümünü kabul edene kadar hiçbir çağrı yapılmaz.

Her sayfanın alt bilgisinde yer alan 'Gizlilik tercihleri' bağlantısına tıklayarak seçiminizi istediğiniz zaman değiştirebilirsiniz.

Reklam ağı politikaları

Resmi kaynaklar

Bu politika aşağıdaki resmi kaynaklara dayanmaktadır:

8. Changes to This Policy

The data controller reserves the right to modify this privacy policy at any time. Any changes will be published on this page with an indication of the update date. Users are advised to regularly review this page to stay informed of any changes.

Last updated: March 8, 2026