New Release: Kiwi Vault is live. Download
NASCENTRA
Sentinel

Privacy Policy

Last Updated: February 22, 2026

1. Introduction and Commitment to Zero-Knowledge

Nascentra ("we," "our," or "us") welcomes you to Sentinel, a high-fidelity security layer designed for AI LLM interfaces. This Privacy Policy is a legally binding agreement between you and Nascentra, outlining our uncompromising stance on data privacy. Unlike traditional software services that harvest user data for monetization or training, Sentinel is built on a "Zero-Knowledge" architectural foundation. This means that by design, we have no technical means of accessing, viewing, or storing the information you process through the extension. Our commitment is to provide a tool that empowers your privacy without requiring your trust in a central server, as all logic resides and executes exclusively within your local environment.

2. Scope of the Policy and International Applicability

This Policy applies to your use of the Sentinel Chrome Extension across all supported platforms, including ChatGPT, Claude, and Gemini. We have drafted this document to comply with the highest global standards of data protection, including the European Union's General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the UK Data Protection Act. Regardless of your jurisdiction, Sentinel provides a uniform level of protection because it avoids the collection of Personal Identifiable Information (PII) at the source. This global scope ensures that users in any territory can rely on the architectural guarantees of the product to maintain compliance with their own local privacy mandates and corporate data security policies.

3. Data Minimization and The Non-Collection Principle

In accordance with the principle of data minimization, Sentinel does not collect any data. We do not maintain servers that receive your chat history, your PII, or your metadata. While most extensions require a "home-base" server for analytics or processing, Sentinel's detection engine (regex-based scanning) runs as a client-side IIFE (Immediately Invoked Function Expression). This technical choice ensures that the data you type—whether it be emails, credit card numbers, or API keys—never crosses the boundary of your local machine. Because we do not collect data, we cannot sell it, share it, or lose it in a data breach, providing you with an absolute safety margin that exceeds industry norms.

4. Local Processing and Content Script Execution

All PII detection and masking operations are performed locally via the extension's content scripts. When you type in a textarea or contenteditable element on a supported AI site, Sentinel's engine analyzes the string in real-time within your browser's memory. This processing is ephemeral; findings are used to update the UI "Shield" icon and are not logged to any persistent file unless you choose to save a prompt to your local library. By keeping all processing local, we eliminate the latency and security risks associated with cloud-based AI safety layers. Your browser acts as the sole sandbox for all security operations, ensuring that the "Sentinel" only watches for your benefit, never for ours.

5. Secure Prompt Library and AES-256 Encryption

Sentinel includes a feature known as the "Secure Prompt Library." When you save a prompt, it is not stored in plain text. Instead, it is encrypted using the Advanced Encryption Standard (AES-256-GCM) via the Web Crypto API. The encryption keys are derived locally using PBKDF2 with 310,000 iterations, based on a passphrase deterministic to your local extension instance. This ensures that even if another person gains access to your computer's hardware, your saved prompts remain unreadable without the specific extension context. Nascentra does not have access to these keys, nor can we reset them, reinforcing our zero-knowledge guarantee for your most sensitive creative or technical prompt assets.

6. Chrome Storage API and Local Persistence

The extension utilizes the chrome.storage.local API to save your settings, such as which PII types are enabled for scanning, and your encrypted prompt database. This storage mechanism is local to your browser profile. It is not synced to Google's servers via Chrome Sync unless you have explicitly enabled such a feature in your browser settings (which we recommend against for maximum security). Because this data is stored in the local storage partition of the extension, it is isolated from the websites you visit. You have full control over this data and can purge it entirely by uninstalling the extension or clearing the extension's cache through the Chrome Developer tools.

7. Analysis of Permissions and Usage Justification

Sentinel requests specific permissions from the Chrome Web Store to function effectively. The storage permission is required for your settings and prompt library. The activeTab and scripting permissions are necessary to inject the PII detection logic into the AI interfaces you use. The host_permissions are strictly limited to the domains of ChatGPT, Claude, and Gemini. We do not request broad "access all websites" permissions, adhering to the principle of least privilege. Each permission is a technical necessity to provide the security layer you expect, and none of these permissions are used to exfiltrate data or monitor your behavior outside of the intended AI chat environments.

8. Third-Party Interactions and External Links

Sentinel is a self-contained product. It does not contain trackers from third parties, such as Google Analytics, Meta Pixel, or Mixpanel. We believe that a privacy tool should not be a gateway for third-party surveillance. While the extension operates on sites like OpenAI or Anthropic, it does not share any data with those providers that you haven't already typed. In fact, Sentinel's primary purpose is to prevent those third parties from receiving your sensitive PII. If you click on a link within our documentation or legal pages that leads to an external site, you will then be subject to that site's privacy policy, which is outside our control.

9. Data Retention and Deletion Policies

Because Nascentra does not store your data on its servers, we do not have a "retention period" in the traditional sense. Your data lives on your device for as long as you keep the extension installed. If you wish to delete your data, you can do so instantly within the extension's settings tab or by removing the extension from Chrome. This gives you the ultimate "Right to be Forgotten" as mandated by the GDPR, but with the added benefit of not having to trust a company to fulfill a deletion request—you hold the delete key yourself. We encourage users to regularly export and backup their prompt libraries using the built-in export tool.

10. Protection of Children's Privacy (COPPA)

We are fully compliant with the Children's Online Privacy Protection Act (COPPA). Sentinel is not directed at children under the age of 13, and because our architecture prevents the collection of any user data, we do not knowingly or unknowingly collect personal information from children. If a minor uses the extension, their data remains on their local machine, ensuring that no profile is built and no personal information is transmitted to our servers or any third party. Parents can be assured that Sentinel acts as a safeguard, preventing children from inadvertently sharing sensitive family information with AI models.

11. Your Rights Under GDPR and UK Data Protection

Under the GDPR, European and UK users have specific rights including access, rectification, and portability. Since Sentinel is a local-only tool, you exercise these rights through the user interface. You can "access" your data by viewing your prompt library; you can "rectify" it by editing a prompt; and you can "port" it by using the JSON export feature. We do not act as a "Data Controller" for your chat content because we never possess it; we are the "Software Provider" of a local tool. This architecture is the most robust way to protect your fundamental rights to privacy and data protection as defined by European law.

12. California Privacy Rights (CCPA/CPRA)

For residents of California, the CCPA provides the right to know what personal information is collected and the right to opt-out of the "sale" of such information. Nascentra does not sell, rent, or trade any user data because we do not collect it. Sentinel's existence is inherently an "opt-out" of data collection by AI companies. We do not share your PII with "service providers" for business purposes. Any data that exists within the extension is owned and controlled entirely by you on your hardware. We fulfill the requirements of the CCPA by providing a transparent, local-first tool that prioritizes user control over corporate data aggregation.

13. Security Measures and Cryptographic Standards

The security of your local data is our highest priority. We utilize industry-standard cryptographic primitives provided by the browser's native environment. By using the Web Crypto API, we ensure that encryption happens at the system level, protecting against various side-channel attacks. We use AES-256-GCM, which provides both confidentiality and data integrity (authentication). Furthermore, our service worker handles routing using a secure message bus that prevents other extensions from "sniffing" the communication between Sentinel's components. This multi-layered security approach ensures that your sensitive prompts are as safe as the underlying operating system.

14. Disclosure Required by Law

In the highly unlikely event that Nascentra is served with a legal warrant or subpoena for user data, our response would be simple: "We have no data to provide." Because our architecture is zero-knowledge, we do not possess the keys to your prompts, nor do we have logs of your activity. We cannot be compelled to provide what we do not have. This "legal immunity by design" is a cornerstone of the Sentinel philosophy, ensuring that your private information cannot be used against you through legal discovery processes targeting the software vendor, as the vendor has no technical access to the user's private vault.

15. Business Transitions and Data Transfer

If Nascentra were to undergo a merger, acquisition, or sale of assets, your data would remain on your machine. Because there is no central database of users or prompts, a new owner would only acquire the intellectual property of the software code, not your personal data. Your locally stored information remains under your exclusive control through the extension. We would notify users of any change in ownership via the extension's update notes, but the technical reality of our zero-knowledge architecture ensures that your privacy remains intact regardless of the corporate entity behind the Sentinel product.

16. Changes to this Privacy Policy

We reserve the right to modify this Privacy Policy as the extension evolves and new features are added. For example, if we add optional cloud-syncing features in the future, this policy would be updated to reflect those changes, and such features would always be "opt-in" with clear warnings. We will notify you of any material changes by updating the "Last Updated" date at the top of this document and providing a notice within the extension popup. Your continued use of Sentinel after such changes constitutes your acknowledgment and acceptance of the updated terms, provided that our core zero-knowledge guarantees remain the default state.

17. Contact and Inquiries

If you have any questions, concerns, or feedback regarding this Privacy Policy or our data handling practices, please contact our Data Protection Office. We are committed to transparency and will respond to all inquiries within a reasonable timeframe. We also encourage security researchers to review our architecture and report any findings through our official channels. Your trust is our most valuable asset, and we are dedicated to maintaining the highest standards of privacy for the global AI community.