Privacy Policy

Effective date: 11/04/2026

Sentinel AV (“we,” “us,” or “our”) is a small independent audio plugin developer based in Victoria, Australia. This Privacy Policy explains what personal information we collect when you visit sentinelav.com, subscribe to our newsletter, or purchase one of our plugins, what we do with that information, and the rights you have over it.

We have written this policy in plain English. If anything is unclear, please email us at sentinel@sentinelav.com.au.

1. Who this policy applies to

This policy applies to everyone who interacts with Sentinel AV, including visitors to our website, newsletter subscribers, customers who purchase our plugins, and reviewers or partners who receive complimentary licenses.

2. Our approach to privacy

Sentinel AV is a small business and may be exempt from the Australian Privacy Act 1988 under the small business operator threshold. Even so, we have chosen to comply voluntarily with the Australian Privacy Principles (APPs) as a matter of good practice. For visitors in the European Union and United Kingdom, we also aim to comply with the General Data Protection Regulation (GDPR) and the UK GDPR.

We collect the minimum information we need to run our business, we tell you who we share it with, and we do not sell your data to anyone.

3. Information we collect and why

3.1 Newsletter subscribers (MailerLite)

When you sign up for our newsletter using the form on our website, we collect your email address, the IP address you signed up from, the timestamp of your subscription, and your subscription status (subscribed, unsubscribed, bounced).

  • Purpose: to send you product announcements, release notes, occasional promotional offers, and behind-the-scenes updates about Sentinel AV.
  • Lawful basis (GDPR): your consent, which you give by submitting the signup form. You may withdraw consent at any time by clicking the “unsubscribe” link in any email we send.
  • Processor: MailerLite, a US-based email marketing provider that complies with GDPR and the EU-US Data Privacy Framework.
  • Retention: we keep subscriber data for as long as you remain subscribed. If you unsubscribe, MailerLite retains a suppression record (your email address only) so that we do not accidentally email you again.
  • Sharing: your data is processed by MailerLite on our behalf and is not shared with anyone else.

3.2 Purchases and license keys (Gumroad)

When you purchase a plugin, the transaction is handled by Gumroad. Sentinel AV receives the email address you used to buy the plugin, the product purchased, the transaction ID, the country of purchase (for tax purposes), and the license key issued to you.

  • Purpose: to deliver the software and your license key, to validate licenses, to process refunds, to handle support requests tied to your purchase, to comply with tax and accounting obligations, and to detect fraud or chargeback abuse.
  • Lawful basis (GDPR): performance of a contract (delivering the software you bought) and our legitimate interests in fraud prevention and recordkeeping.
  • Processor: Gumroad, a US-based payment and digital delivery platform. Your full payment card details are never received or stored by Sentinel AV; they are handled directly by Gumroad and its upstream payment processors.
  • Retention: we retain purchase records for at least seven years to comply with Australian tax recordkeeping obligations.
  • Sharing: transaction data is shared between Sentinel AV and Gumroad. We do not share it with anyone else except where required by law or to enforce our rights under the EULA.

3.3 Demo videos and license validation (Supabase)

We use Supabase to host the demo videos shown on our product pages, and as the backend for validating review licenses issued to journalists and content creators. When you watch a demo video, Supabase may receive your IP address and basic request metadata as part of normal video delivery. When a review license is validated, Supabase processes the license key and a hardware identifier supplied by the plugin.

  • Purpose: video hosting and delivery, and license validation for review copies.
  • Lawful basis (GDPR): legitimate interest in delivering our website content and protecting our software from unauthorized use.
  • Processor: Supabase, a US-based hosting and backend provider.
  • Retention: server logs are retained for a short rolling window (typically 30 days) and then discarded.
  • Sharing: not shared.

3.4 Website hosting and infrastructure analytics (Cloudflare)

Our website is hosted and served via Cloudflare, which provides CDN, DDoS protection, and (where enabled) cookieless web analytics. As part of normal web traffic, Cloudflare receives your IP address, user agent, referring URL, and the pages you request.

  • Purpose: to serve the website, protect it from attacks, and understand aggregate traffic patterns (page views, geography at country level, browser/OS share).
  • Lawful basis (GDPR): legitimate interest in operating and securing our website.
  • Processor: Cloudflare, a US-based infrastructure provider.
  • Retention: Cloudflare retains request logs for a short rolling window per its own policies. Analytics aggregates do not identify individual visitors.
  • Sharing: not shared.

3.5 Behavioural analytics (Google Analytics 4)

Our website uses Google Analytics 4 to understand how visitors interact with the site — which pages they visit, how they arrived, how long they stay, which CTAs they click. Google Analytics receives your IP address (truncated in the EU/UK before storage), user agent, referring URL, the pages you request, events you trigger while browsing, and a pseudonymous client identifier stored in a first-party cookie on your device.

  • Purpose: to measure website performance, understand visitor journeys, and inform improvements to our product pages and marketing copy.
  • Lawful basis (GDPR): legitimate interest in understanding and improving how our website serves visitors. Where consent is the stricter standard in your jurisdiction, continuing to use the website after seeing this Privacy Policy constitutes consent; you may opt out at any time (see below).
  • Processor: Google Analytics, operated by Google LLC (US) with processing infrastructure in multiple regions. Google Analytics 4 IP anonymisation is enabled by default for EU/UK visitors.
  • Retention: visitor-level data is retained for a maximum of 14 months; aggregate reports are retained longer.
  • Sharing: data is processed by Google on our behalf. We do not share it with anyone else, and we do not use Google Analytics data to target advertising.
  • Opt out: you can install the Google Analytics Opt-out Browser Add-on or use your browser’s Do Not Track / tracking protection features.

3.6 Support requests

If you email us for support, we receive your email address and whatever you choose to put in your message (which may include your operating system, DAW, plugin version, screenshots, or audio files). We use this only to help you and to keep a record of the conversation for future reference.

  • Lawful basis (GDPR): legitimate interest in providing customer support, or contractual necessity if your request relates to a paid product.
  • Retention: support emails are retained indefinitely unless you ask us to delete them, so that we can refer back to previous conversations if you contact us again.

4. Cookies

  • Google Analytics 4 sets a first-party _ga cookie (and related _ga_* session cookies) containing a pseudonymous client identifier. These are used to recognise returning visitors across sessions. Retention: up to 2 years.
  • Cloudflare Web Analytics (where enabled) is cookieless. It does not set tracking cookies and does not fingerprint visitors.
  • MailerLite signup form may set cookies when you interact with it (for example, to remember that you have already subscribed).
  • Gumroad checkout sets its own cookies during the purchase flow; these are governed by Gumroad’s privacy policy.

We do not run any third-party advertising or social media tracking pixels on our website.

5. International transfers

Sentinel AV is based in Australia. Our processors (MailerLite, Supabase, Gumroad, Cloudflare) are all based in the United States. By using our website or purchasing our plugins, you understand that your information may be transferred to and processed in the United States and other countries where these providers operate. Each of these providers maintains its own safeguards for international transfers, including standard contractual clauses where applicable.

6. Your rights

Regardless of where you live, you can ask us to:

  • Confirm what personal information we hold about you.
  • Provide you with a copy of that information.
  • Correct information that is wrong or out of date.
  • Delete your information (subject to any legal obligations we have to retain it, such as tax records).
  • Stop using your information for a particular purpose, or object to a particular use.
  • Provide your information in a portable format.
  • Withdraw any consent you have previously given, at any time.

If you are in the EU or UK, these rights are formal entitlements under the GDPR. If you are elsewhere, we will honor them as a matter of policy.

To exercise any of these rights, email sentinel@sentinelav.com.au. We aim to respond within 30 days.

If you believe we have mishandled your data, you have the right to lodge a complaint with the Office of the Australian Information Commissioner or with your local supervisory authority in the EU or UK.

7. Data security

We take reasonable steps to protect the information we hold, including using reputable processors with their own security programs, limiting access to data on a need-to-know basis, and avoiding the storage of sensitive information where possible. No system connected to the internet is perfectly secure, and we cannot guarantee absolute security.

8. Data breach notification

If we become aware of a data breach that is likely to result in serious harm, we will notify affected individuals and (where required) the relevant regulator without undue delay, in line with the Notifiable Data Breaches scheme under the Privacy Act 1988 and Article 33/34 of the GDPR.

9. Children

Our products and website are not directed at children under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us so we can remove it.

10. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will update the “last updated” date at the top of the page. Significant changes will be announced via our newsletter.

11. Contact us

For any questions about this Privacy Policy, or to exercise any of your rights, please contact:

Sentinel AV Victoria, Australia Email: sentinel@sentinelav.com.au