Privacy Policy

Last Updated: 11 March 2026 | Version 1.0

Sentine ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy outlines how we collect, use, disclose, and safeguard your personal information when you use our platform and website. This policy has been prepared to comply with the Australian Privacy Principles (APPs) established under the Privacy Act 1988 (Cth).

By using Sentine, you consent to the data practices described in this policy.

1. Role as a Data Processor versus Data Controller

For the purpose of anti-money laundering (AML) and counter-terrorism financing (CTF) compliance tools provided through our platform:

  • The Reporting Entity (Firm / Subscriber) using our platform is the Data Controller of its clients' personal data.
  • Sentine acts solely as the Data Processor acting on the instructions of the Firm.

If you are an individual whose data has been submitted to Sentine by a participating Firm, your primary point of contact regarding privacy inquiries is the Firm itself.

2. Information We Collect

We collect personal information to provide, manage, and improve our services.

2.0 How We Collect Information

We collect personal information through the following channels:

  • Directly from you: When you register an account, subscribe to a plan, submit a support request, or interact with our platform.
  • From Firms (on behalf of their clients): When a Firm uploads customer identity documents, enters customer details, or initiates verification workflows through the platform.
  • From third-party providers: We receive verification results from FrankieOne (identity verification outcomes, biometric match results), company data from InfoTrack (ASIC extracts), and payment confirmations from Stripe.
  • Automatically: Through cookies, server logs, and analytics tools (PostHog, Google Analytics) when you visit our website or use the platform. See our Cookie & Tracking Policy for details.

2.1 Information Collected from Subscribers (Firms)

When creating an account or subscribing to our services, we collect:

  • Contact details (name, email address, phone number).
  • Business details (company name, ABN/ACN, role/title).
  • Billing and payment information.
  • Account credentials and platform usage data.

2.2 Sensitive Data Processed on Behalf of Firms

In operating our AML/CTF compliance platform, we process sensitive customer data on behalf of Firms, which may include:

  • Identity Information: Names, dates of birth, residential addresses.
  • Government-Issued IDs: Driver's licences, passports, Medicare cards.
  • Biometric Data: Facial recognition or liveness check data processed securely via our third-party verification partner (FrankieOne).
  • Screening Data: Politically Exposed Persons (PEP) status, sanctions lists matches, and adverse media findings.

3. How We Use Information

We use the collected information for the following purposes:

  • To provide, operate, and maintain the Sentine platform.
  • To facilitate Identity Verification (KYC/KYB) and screening processes as instructed by the Firm.
  • To process payments and manage subscriptions.
  • To provide customer support and respond to inquiries.
  • To monitor platform security and prevent fraudulent activities.
  • To analyse platform usage and improve our services.

AI & Machine Learning Notice: Sentine does not use customer data (including personal or sensitive data processed on behalf of Firms) to train any foundational AI or machine learning models. Any future deployment of AI tools will be governed by strict zero-retention policies and require explicit opt-in from the Firm.

4. How We Share and Disclose Information

We do not sell your personal information. We only share information in the following circumstances:

4.1 Third-Party Sub-Processors

We engage trusted third-party providers to assist in operating our platform. These include:

  • FrankieOne: For KYC/KYB identity verification, biometrics processing, and AML screening.
  • InfoTrack: For retrieving ASIC extracts and company data.
  • Xero: For optional practice management integration (if authorised by the Firm).
  • Stripe: For payment processing (based in the US, compliant with strict security standards).
  • Keycloak: For secure authentication and identity management.
  • PostHog / Google: For platform and website analytics.

4.2 Legal and Regulatory Requirements

We may disclose information if required by law, subpoena, or other legal processes, or to protect the rights, property, or safety of Sentine, our users, or others. Where possible and legally permitted, we will notify the Firm of such requests in accordance with our Law Enforcement Request Policy.

5. Data Storage and Security

Data Localisation: Primary processing and storage of personal information are conducted in Tier 1 data centres located within Australia (Sydney/Melbourne).

Cross-Border Transfers: While core data remains in Australia, some of our third-party processors operate internationally:

  • Stripe (payment processing) — United States
  • PostHog (product analytics) — United States / European Union
  • Google Analytics (website analytics) — United States

We ensure appropriate safeguards are in place for all cross-border transfers, including reviewing each processor's security certifications, data processing agreements, and compliance with applicable privacy frameworks.

Security Measures: We implement industry-standard security practices, including AES-256 encryption at rest, TLS 1.3 in transit, rigorous role-based access control (RBAC), and immutable audit logging.

6. Data Retention

We retain data in accordance with the specific legal obligations of our Subscribers:

  • Matter & Evidence Data: Maintained for the duration of the Firm's subscription. AML/CTF evidence packs are designed to assist Firms in meeting their mandatory 7-year record-keeping obligations post-matter closure.
  • Subscription Expiry: Upon subscription termination or expiry, Firms have a defined grace period (typically 90 days) to export their data. After this period, data is securely deleted in line with our data destruction protocols.

7. Your Privacy Rights

Under the Australian Privacy Principles, individuals have the right to request access to and correction of their personal information.

  • Account Holders/Subscribers: You may access and update your profile directly within the platform or by contacting us.
  • Clients of Subscribers (Data Subjects): If you are an individual whose data was submitted by a Firm, please direct your access, correction, or deletion requests to that Firm. We will assist the Firm in fulfilling their obligations.

Note on Deletion Requests: Deletion of certain AML/CTF verification records may be restricted where statutory record-keeping obligations (e.g., section 107 of the AML/CTF Act 2006) legally require the Firm to retain that evidence, overriding general privacy deletion rules.

Children's Privacy: The Sentine platform is a business-to-business service designed for use by professional services firms. It is not directed at individuals under the age of 18. We do not knowingly collect personal information from children.

8. Cookies and Tracking

We use cookies to ensure platform functionality, maintain active sessions, and analyse usage trends. You can manage your cookie preferences through your browser settings or our website's consent banner. Please refer to our Cookie & Tracking Policy for detailed information.

9. Complaints Process

If you believe we have breached the Australian Privacy Principles, please contact us outlining your concerns. We will acknowledge your request within 7 business days and aim to resolve it within 30 days.

If you are not satisfied with our response, you have the right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

10. Contact Us

For any questions regarding this Privacy Policy or our data practices, please contact our Privacy Officer at:

Email: privacy@sentine.com.au
Address: Sydney, New South Wales, Australia