How we protect your data and earn your trust

By default, yes — every report you run is private to your account. Only you can see it from your report history. We do not show your reports to other users, sell them, or surface them in any aggregate ranking.

The exceptions are:

• Reports you choose to share publicly via the Share button on the report page. These get a /r/<public-id> URL that anyone with the link can open. You can revoke a share at any time.
• The pinned sample report on the homepage— currently Apple, configured via an environment variable. This is a single chosen public company, not anyone's personal analysis.
• Aggregate statslike "reports run this month" on the trust section of the homepage — counters only, no identifying info.

Read more in our Privacy Policy.

We combine seven layers of public data and weight them by reliability — regulatory filings rank above media coverage, media coverage above self-reported numbers. The short version:

• Financials & fundamentals — EODHD (primary), Yahoo Finance.
• News — EODHD news, GDELT, NewsData.io, Google News RSS (in that fallback order).
• Leadership — official company filings via Yahoo Finance.
• Regulatory / legal — OpenCorporates and national registries when available.

Every claim in the AI Analysis section is tagged inline with the source it came from ([Reuters], [Yahoo Finance], etc.) so you can audit any specific number or quote.

The full pipeline architecture is documented at docs/data-sources and docs/methodology.

Sentinellis SRL is a Romanian limited liability company and we operate under EU GDPR. The short version of what that means for you:

• Right to access — download your full data set anytime from your account page.
• Right to deletion — "Delete my account" permanently removes your account, reports, and audit log entries.
• Right to rectification — you can edit your email and password from the account page. For anything else, email us.
• Data minimization — we store your email, hashed password, subscription state, the reports you ran, and a small audit log. No tracking cookies beyond what cookie consent allows.
• Sub-processors — every third party that touches your data is listed at /sub-processors, with a 30-day notification commitment before we add a new one.

Full policy in the Privacy Policy. For data-protection questions specifically, email contact@sentinellis.com with subject GDPR request.

We take security seriously and welcome responsible disclosure. If you've found a vulnerability:

1. Email contact@sentinellis.com with subject Security issue. Describe the issue, the steps to reproduce, and the impact you observed.
2. Give us a reasonable window to investigate and patch before public disclosure (we aim to acknowledge within 48 hours and patch within 7 days for critical issues).
3. Don't actively exploit the issue against other users, exfiltrate personal data, or stress-test our systems with DoS.

We don't currently run a paid bounty program but we credit responsible reporters publicly (with your permission) on the about page once the patch ships.

For non-security questions, regular support email works: contact@sentinellis.com.