Privacy Policy

Last updated: April 2026

1. Introduction

./sentral ("we", "us", "our") respects your privacy. This policy explains what data we collect, how we use it, and your rights regarding your personal information.

2. Data We Collect

Account information:

  • Email address
  • Name (optional)
  • Password (stored as a one-way hash — we cannot read your password)
  • Username (public display name)

Billing information:

  • Stripe customer ID and subscription status
  • We do NOT store credit card numbers — all payment processing is handled by Stripe

Usage data:

  • Dashboard configurations and saved window layouts
  • Chat messages (if using the community chat feature)
  • Server logs (IP address, request timestamps, user agent) for security and debugging

3. How We Use Your Data

  • To provide and maintain the Service
  • To process payments and manage subscriptions
  • To send transactional emails (verification, password reset, billing notifications)
  • To improve the Service and fix bugs
  • To prevent abuse and enforce our Terms of Service
  • To determine trial eligibility — returning customers (anyone who has previously held a subscription on this account) are billed immediately on subscribe rather than receiving another free trial

We do NOT sell your personal data. We do NOT use your data for advertising.

4. Third-Party Services

We share limited data with the following services, solely to operate the platform:

  • Stripe — payment processing (email, subscription data)
  • Resend — transactional email delivery (email address, name)
  • Sentry — error tracking (anonymised error reports, only loaded after you accept optional cookies)
  • Adobe Fonts (Typekit) — web fonts for site typography (your IP address is sent to Adobe when fonts are fetched)
  • Vercel — frontend hosting (standard web server logs)
  • Railway — backend hosting and database (all data stored here)

5. Data Storage and Security

Your data is stored in a PostgreSQL database hosted on Railway. All connections use TLS encryption. Passwords are hashed using bcrypt. Access tokens expire after 4 hours and are rotated automatically in the background; the underlying refresh token expires after 30 days of inactivity. We implement rate limiting, account lockout, input validation, and other security measures to protect your data.

6. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we will permanently remove your personal data within 30 days. Anonymised usage statistics may be retained indefinitely.

7. Your Rights

You have the right to:

  • Access — request a copy of all personal data we hold about you
  • Rectification — correct inaccurate personal data
  • Deletion — request deletion of your account and personal data
  • Export — download your data in a machine-readable format
  • Object — object to processing of your personal data

To exercise these rights, contact us at support@sentralterminal.com or use the data export feature in your account settings.

8. Cookies and Browser Storage

We use a small set of cookies and similar browser storage. We do NOT use tracking, advertising, or marketing cookies.

Necessary (always active):

  • Session tokens used to keep you signed in
  • Your cookie-consent choice itself, so we remember it on your next visit

Optional (loaded only after you click "Accept all" on the cookie banner shown on your first visit):

  • Sentry — application error tracking to help us diagnose bugs

Always loaded for site presentation:

  • Adobe Fonts (Typekit) — supplies the typography used on the site. Adobe receives your IP address when your browser fetches the font files. We treat this as part of the site's visual presentation rather than as tracking; Adobe does not associate the request with your identity.

You can change your cookie-consent choice at any time by clearing your browser's storage for sentralterminal.com, which will re-show the consent banner on your next visit.

9. CFTC Data

The Commitments of Traders data displayed in the Service is sourced from the U.S. Commodity Futures Trading Commission (CFTC) and is public domain. We process and display this data but do not claim ownership of the underlying CFTC reports.

10. Children

The Service is not intended for users under the age of 18. We do not knowingly collect personal data from children.

11. Changes

We may update this policy from time to time. We will notify you of material changes via email. Continued use of the Service after changes constitutes acceptance.

12. Contact

For privacy questions or data requests, contact us at support@sentralterminal.com.