Privacy Policy — Sentinel Risk Group — AI Governance Shield™

1. Introduction

Sentinel Risk Group ("we," "our," "us") operates the website www.sentinelriskgrp.com and provides AI governance assessment services under the brand AI Governance Shield™. This Privacy Policy describes how we collect, use, disclose, and protect information obtained through our website and services.

2. Information We Collect

2.1 Information You Provide

Contact information: name, email address, phone number, job title, organization name
Inquiry details submitted through our website contact form
Engagement documentation: signed agreements, payment information
Evidence materials submitted for governance assessment (which may include Protected Health Information under HIPAA)

2.2 Information Collected Automatically

Device and browser information (type, version, operating system)
IP address and approximate geographic location
Pages visited, time spent, referring URLs
Cookies and similar tracking technologies (see Cookie Policy)

3. How We Use Information

We use collected information for the following purposes:

To respond to inquiries and schedule consultations
To prepare and deliver governance assessment services
To communicate regarding engagements, deliverables, and renewals
To process payments
To improve our website and services
To comply with legal and regulatory obligations

We do not sell, rent, or trade personal information to third parties for marketing purposes.

4. Protected Health Information (PHI)

In the course of providing AI Governance Shield™ assessment services, clients may submit materials containing Protected Health Information as defined under HIPAA.

All PHI is handled exclusively under a signed Business Associate Agreement (BAA)
PHI is used solely for the purpose of conducting the governance assessment described in the BAA and Client Service Agreement
PHI is not collected through the website contact form — it is submitted only through secure client workspaces after BAA execution
PHI is retained only for the duration specified in the BAA and is destroyed in accordance with HIPAA requirements

5. Information Sharing and Disclosure

We do not share personal information except in the following circumstances:

With your consent
To comply with legal obligations, subpoenas, or court orders
To enforce our agreements or protect our legal rights
With service providers who assist in our operations (e.g., payment processors, cloud storage providers), subject to confidentiality obligations

6. Data Security

We implement administrative, technical, and physical safeguards designed to protect information from unauthorized access, use, or disclosure. These measures include:

Encrypted data transmission (TLS/SSL) for all website communications
Access controls limiting information access to authorized personnel
Secure client workspaces with access controls for evidence submission
Regular review of security practices

No method of electronic transmission or storage is 100% secure. While we strive to protect information, we cannot guarantee absolute security.

7. Data Retention

Website inquiry data: Retained for 24 months from date of collection, then deleted
Client engagement records: Retained for 7 years per professional record retention requirements
PHI submitted for assessment: Retained and destroyed per the terms of the applicable BAA

8. Your Rights

8.1 All Users

Request access to personal information we hold about you
Request correction of inaccurate information
Request deletion of personal information (subject to legal retention requirements)
Opt out of non-essential communications

8.2 California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act and California Privacy Rights Act:

Right to know what personal information is collected, used, and shared
Right to delete personal information
Right to opt out of the sale or sharing of personal information (we do not sell personal information)
Right to non-discrimination for exercising privacy rights

To exercise these rights, contact us at: admin@sentinelriskgrp.com

8.3 Colorado Residents (CPA)

Colorado residents have rights under the Colorado Privacy Act, including rights to access, correct, delete, and opt out of targeted advertising and data sales. Contact us to exercise these rights.

9. Cookies

Our website uses cookies and similar technologies. Please see our separate Cookie Policy for details on what cookies we use and how to manage your preferences.

10. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of those websites. We encourage you to review their privacy policies.

11. Children's Privacy

Our website and services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the revised policy on our website with an updated effective date. Material changes will be communicated via email to active clients.

13. Contact Information

For privacy-related inquiries or to exercise your rights:

Sentinel Risk Group
Email: admin@sentinelriskgrp.com