Aureum Frontiers

Legal

Privacy Policy

Last updated 13 June 2026

This policy explains what personal data Aureum Sentinel collects, why, and the rights you have over it. Sentinel is operated by Aureum Frontiers B.V., a company registered in the Netherlands, which is the controller of your personal data. We process it in line with the EU General Data Protection Regulation (GDPR) and Netherlands data-protection law.

What we collect

  • Identity: your email address, and any name, country, or phone number you provide. Stored by Supabase Auth.
  • Portfolio data: the holdings you connect or enter and the risk metrics we derive from them.
  • Broker connection data: the read-only positions returned by SnapTrade or Tink when you link an account. We never receive or store your broker credentials.
  • Usage and device data: basic information such as the pages you use, your IP address, and browser type, used to run and secure the Service.
  • Support and security records: messages you send us, and authentication and access logs kept to protect your account.

Why we process it

  • To provide the Service (contract): to create your account, connect your portfolio, and produce the analytics you signed up for.
  • To keep it secure (legitimate interest): to prevent fraud and abuse and to investigate errors. When you decline analytics, we still capture the error type for security purposes (GDPR Recital 49).
  • With your consent: for optional analytics, crash reporting, and any marketing email. You can withdraw consent at any time.

How we use your data

We use your data to run, secure, and improve Sentinel, to provide support, and, where you have agreed, for optional analytics and communications. Aggregate, de-identified metrics may inform product decisions.

We do not sell your data, and we do not share individual data with third parties for their own marketing.

Who we share it with

We rely on a small set of sub-processors, each bound by its own data-protection terms, to run the Service:

  • Supabase: database, authentication, and storage.
  • Vercel: web application hosting.
  • Fly.io: API and risk-compute hosting.
  • Resend: transactional email (sign-in, alerts).
  • SnapTrade and Tink: read-only brokerage connectivity; they hold their own credentials.
  • Sentry: error and performance monitoring, loaded only where you have consented.

The Data Processing summary covers this in more detail, including a signable DPA on request.

Storage, security, and retention

Your account and portfolio data are stored in the European Union (Frankfurt). Portfolio holdings are encrypted at rest with AES-GCM, traffic is served over TLS, and every record is isolated to your own account by Postgres row-level security. The Security Guide describes the controls in full.

You can export or delete your data from Settings at any time. A deleted account is held for a short grace period so it can be recovered, then permanently purged.

Your rights

If you are in the EU or UK, you have the right under GDPR to access, correct, delete, restrict, or port your data, and to object to processing based on legitimate interests. Sentinel does not make solely automated decisions that produce legal effects about you.

You can act on most of these directly from Settings (export and deletion). For anything else, email privacy@aureumfrontiers.com and we will respond within 30 days. You may also complain to the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

Cookies and tracking

We use a secure, http-only session cookie to keep you signed in, and a small number of cookies to remember preferences such as language. Analytics and crash reporting are off by default and load only after you accept them in the cookie banner; you can change your choice at any time.

International transfers

Your core account and portfolio data stay in the EU. Some supporting providers, such as email delivery or error monitoring, may process limited data outside the European Economic Area; where they do, we rely on safeguards such as the European Commission’s Standard Contractual Clauses.

Children

Sentinel is not intended for anyone under 18, and we do not knowingly collect data from children. If you believe a child has provided us data, contact us and we will delete it.

Changes to this policy

We may update this policy as the Service evolves. If a change is material we will give notice, for example by email or in the app.

Contact

For any privacy question, contact Aureum Frontiers B.V. (Netherlands) at privacy@aureumfrontiers.com.

Back to Aureum Sentinel
Privacy Policy · Aureum Sentinel · Aureum Sentinel