Pre-launch

Building the iOS Solo MVP. Early access is by request while the control plane and enforcement client are still in active development.

Request access

Privacy

Collect less. Explain everything.

Privacy is a product feature for SentryPact, not a footnote. We earn trust by collecting less, defaulting to category-level signals, and making any deeper collection an explicit opt-in with a real reason.

By default

What is on, what is off.

The Solo MVP is built around the smallest data collection that still proves the product works. Nothing here describes a feature that exists today; it describes the privacy contract the product is being built against.

On

Default collection

  • Category-level block counts
  • Tamper, bypass, and heartbeat events
  • Device check-in metadata
  • Pact lifecycle and release decisions
  • Audit trail for safety-sensitive actions

Off

Default exclusions

  • Raw browsing history
  • Page contents and request bodies
  • Partner screenshots
  • Hidden background reporting
  • Cross-account data sharing

Opt-in only

If it is sensitive, you turn it on.

Some users will need higher-detail accountability. We are designing those features as explicit opt-in features with visible status, audit, and an off switch that does not feel like a trap.

Examples of opt-in features

  • Full URL logging when a user explicitly chooses it
  • High-detail partner reporting beyond category counts
  • Configurable retention windows for events
  • Sharing diagnostic data when reporting a bug

What opt-in actually means here

  • The choice is visible inside the app, not buried in a settings web page
  • Switching it on is logged in the audit trail
  • Switching it off does not require asking permission
  • The status is visible to any configured co-signer

Things we will not do

Hard lines, written down.

Privacy commitments work because they are public, specific, and uncomfortable to walk back.

No stealth mode

The app makes its presence and current state obvious to the user it is protecting. No hidden installs, no disguised icons, no covert reporting.

No silent partner monitoring

If a co-signer is configured, the protected user can see the relationship, the access log, and the data being shared. Coercive-control patterns are designed against, not enabled.

No raw browsing history by default

Default collection is category counts and tamper events. URL-level data only exists when the user explicitly turns it on for themselves.

No selling, advertising, or training on user data

SentryPact is a paid product with a small, sustainable price ladder. There is no incentive to monetize private behavior, and no plan to.

Retention & deletion

Short by default. Documented at every step.

Final retention windows will be set before launch, alongside backup and recovery policy. The published goal is to retain only as long as the product needs to function safely.

What gets stored centrally

  • Pact state and release decisions
  • Device enrollment metadata
  • Aggregated event counts and tamper signals
  • Subscription state and entitlement audit

What is documented before launch

  • Default retention windows for each data category
  • Account closure and deletion behavior
  • Backup and restore policy
  • The exact data exportable to the user on request

Privacy questions

Talk to us before you trust us.

Privacy is a contract, not a product. Reach out with any question about defaults, retention, or partner mode visibility.

Email privacy@sentrypact.com