Privacy Policy
1. Introduction
The sole proprietorship EI ROMAIN COUZON operates the SentryAlert mobile application and the sentryalert.app website (hereinafter collectively referred to as the "Service").
The purpose of this privacy policy is to inform users of the Service about how their personal data is collected, processed and protected, in accordance with the General Data Protection Regulation (EU) 2016/679 (hereinafter "GDPR") and French Law No. 78-17 of January 6, 1978, relating to information technology, files and civil liberties, as currently in force.
By using the Service, the user acknowledges having read this policy and accepts its terms.
2. Data Controller
- Identity: EI ROMAIN COUZON, Sole Proprietor (Entrepreneur Individuel)
- Address: 245 av. Marie de Montpellier, 34000 Montpellier, France
- Contact email (personal data): privacy@sentryalert.app
3. Data Collected
3.1 Via the SentryAlert application
The table below details the data collected through the use of the application:
| Data | Purpose | Legal Basis | Retention Period |
|---|---|---|---|
| Tesla OAuth identifier | User authentication | Art. 6.1.b GDPR — Performance of contract | Duration of user account |
| Vehicle VIN | Identification of the associated vehicle | Art. 6.1.b GDPR — Performance of contract | Duration of user account |
| Tesla tokens (API access) | Access to Tesla Fleet API — encrypted with AES-256 | Art. 6.1.b GDPR — Performance of contract | Duration of user account |
| Sentry Mode events | Notifications and alert history | Art. 6.1.b GDPR — Performance of contract | Rolling 30 days |
| Push notification token (APNs on iOS / FCM on Android) | Sending push notifications | Art. 6.1.b GDPR — Performance of contract | Duration of user account |
| User preferences | Experience personalization (language, notifications) | Art. 6.1.b GDPR — Performance of contract | Duration of user account |
| Subscription data | Subscription management and billing | Art. 6.1.b GDPR — Performance of contract | Duration of account + legal retention obligations |
3.2 Data NOT collected
SentryAlert does not collect any of the following data:
- Geolocation data (GPS position of the vehicle or user)
- Driving data (speed, acceleration, trips)
- Images or videos from the vehicle's cameras
- Contacts, photos or other personal data stored on the user's device
3.3 Via the sentryalert.app website
Audience analytics: The website uses our own first-party analytics tool, hosted on our own infrastructure (no cookies, no IP address stored, no personal data) to measure audience anonymously (pages visited, duration, device, language).
Contact form: The contact form collects the user's name and email address for the purpose of processing their request, based on the legitimate interest of the data controller (Art. 6.1.f GDPR). This data is retained for the time necessary to process the request, then deleted.
4. Sub-processors
As part of the operation of the Service, certain data may be transmitted to the following sub-processors:
| Sub-processor | Role | Location | Safeguards |
|---|---|---|---|
| Hetzner Online GmbH | Server and database hosting | Germany (EU) | Native GDPR (EU) |
| Apple Inc. | Push notifications (APNs) and distribution (App Store) — iOS users | United States | Standard Contractual Clauses (SCCs) |
| Google LLC | Push notifications (FCM) and distribution (Google Play Store) — Android users | United States | Standard Contractual Clauses (SCCs) |
| Tesla, Inc. | Fleet Telemetry (Sentry Mode events) | United States | Consent + Standard Contractual Clauses (SCCs) |
| Cloudflare, Inc. | CDN and DDoS protection | Global (anycast network) | Standard Contractual Clauses (SCCs) |
The application's core data (user accounts, tokens, events) is stored exclusively in Germany, within the European Union.
5. Data Security
The data controller implements the following technical and organizational measures to ensure the security of personal data:
- Token encryption: Tesla access tokens are encrypted with AES-256 before being stored in the database.
- Encryption in transit: All communications are protected by TLS 1.3.
- Authentication: User sessions rely on short-lived JWT tokens.
- Backups: Encrypted backups are performed daily.
- Server access: Server access is restricted to SSH connections only.
6. Your Rights (GDPR)
In accordance with Articles 15 to 22 of the GDPR, you have the following rights over your personal data:
- Right of access (Art. 15) — Obtain confirmation that your data is being processed and receive a copy of it.
- Right to rectification (Art. 16) — Have your inaccurate or incomplete data corrected.
- Right to erasure (Art. 17) — Request the deletion of your data. You can also delete your account directly from the SentryAlert application.
- Right to restriction of processing (Art. 18) — Request the suspension of processing of your data in certain cases.
- Right to data portability (Art. 20) — Receive your data in a structured, commonly used and machine-readable format.
- Right to object (Art. 21) — Object to the processing of your data on legitimate grounds.
To exercise any of these rights, please send your request to privacy@sentryalert.app. We commit to responding within 30 days of receiving the request.
If you believe that the processing of your data does not comply with applicable regulations, you have the right to lodge a complaint with the French Data Protection Authority (CNIL): www.cnil.fr.
7. 廣告成效衡量與廣告活動
為了解哪些廣告活動幫助人們發現 SentryAlert,我們可能會與兩個廣告聯播網分享某些技術訊號:Meta(Facebook、Instagram)與 Google(Ads、Analytics)。這些工具僅在您同意的情況下、依下列條件啟用。
使用的工具(若您同意)
- Meta Pixel — 在您的瀏覽器中載入的指令碼,用於衡量造訪。
- Meta Conversions API — 從我們的伺服器向 Meta 發出的伺服器對伺服器呼叫。
- Google Tag — 在您的瀏覽器中載入的指令碼,並啟用 Consent Mode v2。
- Google Analytics 4 — 行為導向的受眾衡量。
若您同意,將傳送給廣告聯播網的技術資料
- 造訪的頁面(URL)。
- 廣告活動參數(utm_source、utm_medium、utm_campaign、utm_content、utm_term)。
- 廣告點擊識別碼(Meta 為 fbclid,Google 為 gclid)。
- 概略國家(由 Cloudflare 根據您的 IP 位址推斷 — 僅限國家層級)。
- 瀏覽器類型與裝置類別。
- 造訪時間戳記。
即使您同意,也絕不會傳送給廣告聯播網的資料
- Tesla 資料(車輛狀態、電量、GPS 位置、哨兵提醒)。
- VIN — 車輛識別號碼。
- 相片或影片。
- 姓名、電子郵件地址、密碼。
- 您 SentryAlert 帳戶的內容。
- 精確位置(GPS 座標)。
法律依據
- 歐盟 / 歐洲經濟區 / 英國 / 瑞士:須事先取得行銷同意(GDPR 第 6.1.a 條、ePrivacy 指令第 5.3 條)。
- 於此區域之外:這些工具可能會預設啟用,但須遵守當地適用的相關規定。
技術合規
- Google Consent Mode v2:我們的 Google 標記在 ad_storage、analytics_storage、ad_user_data 與 ad_personalization 上預設接收「denied」訊號。這些訊號僅在您同意後才會切換為「granted」。
- Meta Pixel 與 Conversions API:在您接受廣告成效衡量之前,不會發出任何呼叫。
您可以隨時點擊每個頁面頁尾的「隱私偏好設定」來變更您的選擇。
廣告聯播網政策
8. Changes to This Policy
The data controller reserves the right to modify this privacy policy at any time. Any changes will be published on this page with an indication of the update date. Users are advised to regularly review this page to stay informed of any changes.
Last updated: March 8, 2026