Privacy Policy

Effective Date: May 15, 2026

Occulent, Inc. ("Occulent", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our website, use our software products (including SentinelShare and SentinelPass), or engage with our consulting services (collectively, the "Services").

By accessing or using our Services, you signify that you have read, understood, and agree to our collection, storage, use, and disclosure of your personal information as described in this Privacy Policy.

1. Zero-Knowledge Architecture Commitment

Occulent operates strictly on a zero-knowledge architecture for all sensitive data stored within SentinelShare and SentinelPass. This means:

• Your master passwords and encryption keys never leave your device.
• All files, credentials, and vault data are encrypted locally before transmission.
• We cannot read, access, or decrypt your stored data under any circumstances.

2. Categories of Personal Data We Collect

While we cannot see your encrypted data, we do collect limited administrative data necessary to provide our Services:

A. Information You Provide Directly

• Account Registration: First name, last name, work email address, and job title.
• Billing Information: Payment details, billing address, and transaction history (processed securely via our PCI-compliant payment processors).
• Support Inquiries: Any information you choose to provide when contacting our technical support or sales teams.

B. Information We Collect Automatically

• Device and Usage Data: IP addresses, browser types, operating systems, and device identifiers.
• Telemetry: Anonymized metadata, login timestamps, and access frequency to ensure system reliability and detect security anomalies.
• Cookies and Tracking Technologies: We use cookies to maintain session states and analyze aggregate website traffic. You can control cookie preferences through your browser settings.

3. Purposes and Legal Basis for Processing

Under the General Data Protection Regulation (GDPR), we rely on the following legal bases to process your personal data:

• Performance of a Contract: To provision your account, process payments, and deliver the Services you requested.
• Legitimate Interests: To improve our products, detect fraud, ensure network security, and conduct direct B2B marketing.
• Consent: When you opt-in to receive promotional communications.
• Legal Obligation: To comply with tax, accounting, and law enforcement requirements.

4. Data Sharing and Third-Party Disclosures

We do not sell, rent, or trade your personal information. We only share administrative data with trusted third parties under strict Data Processing Agreements (DPAs):

• Cloud Infrastructure Providers: To host our encrypted backend systems (e.g., AWS, Google Cloud).
• Payment Processors: To securely handle subscription billing (e.g., Stripe).
• Analytics and CRM Providers: To manage customer relationships and analyze aggregate usage metrics.

In the event of a merger, acquisition, or sale of assets, your personal information may be transferred to the acquiring entity, subject to the same privacy commitments.

5. Your Privacy Rights (GDPR & CCPA/CPRA)

Depending on your jurisdiction, you have specific rights regarding your personal data:

• Right to Access & Portability: Request a copy of the personal data we hold about you in a structured, machine-readable format.
• Right to Rectification: Request correction of inaccurate or incomplete data.
• Right to Erasure ("Right to be Forgotten"): Request deletion of your administrative account data. Note: Deleting your account will result in the permanent loss of access to your encrypted zero-knowledge vaults.
• Right to Object & Restrict Processing: Opt-out of direct marketing or restrict certain types of data processing.
• Right to Non-Discrimination: We will not deny you services or charge different prices for exercising your privacy rights.

To exercise these rights, please contact our Data Protection Officer at privacy@occulent.com. We will respond to your request within 30 days.

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy. Active account data is retained for the duration of your subscription. Upon account closure, telemetry and billing records are retained for a maximum of 7 years to comply with legal and tax obligations, after which they are permanently anonymized or deleted.

7. International Data Transfers

Occulent is based in the United States. If you access our Services from the European Economic Area (EEA), the UK, or other regions, your data may be transferred outside your jurisdiction. We ensure appropriate safeguards are in place, including the use of Standard Contractual Clauses (SCCs) approved by the European Commission.

8. Changes to this Privacy Policy

We may update this Privacy Policy periodically to reflect changes in legal requirements or our operational practices. If we make material changes, we will notify you via email or a prominent notice within our application prior to the change becoming effective.

9. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy, please contact our privacy team:

• Email: privacy@occulent.com
• Mailing Address: Occulent Privacy Office, 100 Cybersecurity Way, Suite 400, San Francisco, CA 94105, USA.