Legal

Privacy Policy

Dernière mise à jour : February 2026

Sommaire (12 sections)

1. Data controller
2. Privacy by Design
3. Extension data
4. Website data
5. Data sharing
6. Transfers outside the EU
7. Your rights
8. Security
9. Minors
10. Changes
11. Complaints
12. Contact

1. Data Controller

The controller responsible for processing personal data is:

Robin Roellinger — Sole trader
Chemin des Catalans, 83470 Saint-Maximin-la-Sainte-Baume
Email: dpo@sentinelle-pii.fr

2. Our Commitment: Privacy by Design

Sentinelle PII was designed according to the principle of data protection by design (Privacy by Design, Article 25 of the GDPR).

Detection and pseudonymization of sensitive data take place entirely within your browser. Your detected personal data (emails, phone numbers, IBANs, etc.) never leaves your computer.

The extension communicates with our servers solely for account management, quota management and technical configuration (see section 3.3 for details).

3. Data Processed by the Extension

3.1 Local processing (in your browser)

The extension analyzes the text you enter into ChatGPT, Claude, Gemini and any custom domain you add, to detect sensitive data. This processing takes place exclusively within your browser.

Temporary data (chrome.storage.session, deleted when the browser is closed):

Token-to-real-value mapping (per tab, for de-pseudonymizing responses)
CSS selector configuration cache

Persistent data (chrome.storage.local, retained between sessions):

Protection enabled/disabled state
Total detection counter and 30-day history
Anonymous device identifier (UUID, for quota management)
Authentication tokens (JWT, refresh token) for paid accounts
List of custom domains added by the user
Installation date

3.2 What the extension does NOT send to our servers

No content from your conversations
No detected personal data (emails, phone numbers, IBANs, credit cards, etc.)
No browsing history

3.3 Requests to our servers

The extension makes the following requests:

Selector configuration: retrieval of a static JSON file from cdn.sentinelle-pii.fr ((your IP address is visible to the CDN, no other data transmitted))
Quota management (Solo plan): sending anonymous device identifier and detection count to the API server
Authentication (paid plans): sending email address and verification code at login; automatic JWT refresh
History (Pro/Team plans): sending detection count (never the content) for server-side history

Abuse prevention: to prevent abusive login attempts, your IP address (transmitted via the CF-Connecting-IPheader) is temporarily used for rate limiting. It is stored in Cloudflare KV with a TTL of 15 minutes and then automatically deleted.

3.4 Server-side stored data

The backend API (Cloudflare Workers + KV) stores the following data for paid accounts:

Email address, subscribed plan, Stripe identifiers (customer_id, subscription_id), partner code if applicable, validity date
Refresh tokens (duration: 30 days)
Pro/Team detection history: number of detections per day, never the content (duration: 35 days)

For Solo plan users (without an account), only quota data is stored:

Device identifier (device_id) and daily counter (duration: 36 hours)

Legal basis for device_id: legitimate interest (Article 6.1.f GDPR) — preventing abuse of the free plan and fair quota management.

3.5 Custom domains

The extension allows you to add custom HTTPS domains on which to activate protection. Adding a domain requires granting an additional host permission in your browser. The list of added domains is stored locally in chrome.storage.local and is not transmitted to our servers.

4. Data Collected by the Website

4.1 Upon purchase or Team invitation

When you subscribe to a paid plan, we collect:

Email address — for account creation, login via 6-digit code and subscription-related communications
Payment information — processed directly by Stripe, we do not have access to it

For the Team plan, the administrator can invite team members by providing their email address. These emails are stored server-side and a login code is sent to them via Resend. Legal basis: legitimate interest of the administrator (Article 6.1.f GDPR) and contract performance for the invited member (Article 6.1.b).

Legal basis (purchase): contract performance (Article 6.1.b GDPR)

Retention period: subscription duration + 3 years (statutory invoice retention requirement)

4.2 Partner program

Upon registration for the partner program, we collect:

Name, email, partner code — to identify the partner and link them to their referrals
Authentication secret — to secure access to the partner account
Stripe Connect account — Stripe identifier for the partner account for automatic commission payouts
Commission history — amount, date, referenced referral

Legal basis: performance of the partnership agreement (Article 6.1.b GDPR)

Retention period: partnership duration + 3 years (accounting requirement)

4.3 Cookies and analytics

The website uses Umami, a privacy-friendly analytics tool. Umami does not place any cookies, does not collect any personally identifiable data, and does not track users across sites. Data collected is limited to page views and navigation events (clicks on main buttons), entirely anonymously.

We do not use advertising cookies or third-party trackers.

5. Data Sharing

We never sell your data. We share it only with:

Stripe (payment) — to process your transactions and pay partner commissions
Cloudflare Workers + KV (backend API) — for authentication, quota management and detection history
Cloudflare CDN — to serve the extension configuration file
Vercel — to host the website
Resend — to send transactional emails (login codes)
Umami Cloud — for anonymous website traffic statistics (no cookies, no personal data)

These providers comply with GDPR and have signed standard contractual clauses (SCCs).

6. Transfers Outside the EU

Some of our providers (Stripe, Vercel, Cloudflare, Resend) are based in the United States. Transfers are governed by:

The Data Privacy Framework (DPF) for certified providers
The Standard contractual clauses (SCCs) from the European Commission

7. Your Rights

Under the GDPR, you have the following rights:

Right of access — obtain a copy of your data
Right of rectification — correct inaccurate data
Right to erasure — request the deletion of your data
Right to data portability — receive your data in a structured format
Right to object — object to processing
Right to restriction — restrict processing in certain cases

To exercise these rights, contact: dpo@sentinelle-pii.fr

We will respond within a maximum of 30 days.

8. Security

We implement appropriate technical and organizational measures:

HTTPS encryption on all communications
Restricted data access
Regular security updates
Strong authentication for administrative access

9. Minors

The service is not intended for persons under 16 years of age. We do not knowingly collect data from minors.

10. Changes

We may modify this policy at any time. Changes will be published on this page with the update date. For significant changes, we will notify you by email.

11. Complaints

If you believe your rights are not being respected, you may lodge a complaint with the CNIL:

Commission Nationale de l'Informatique et des Libertés
3 Place de Fontenoy, TSA 80715
75334 PARIS CEDEX 07
www.cnil.fr

12. Contact

For any questions regarding this policy:

Email: dpo@sentinelle-pii.fr