← Back to Sentinel

Privacy.

Last updated 25 April 2026. This policy applies to cyber.pgintel.dev and any future cybersentinel.sgproperty. We are a Singapore-operated beta product. We treat your data and your client’s data with the obligations the Personal Data Protection Act 2012 (PDPA) places on us.

What we are

Sentinel is a security assessment tool built for Singapore Managed Service Providers (MSPs). The product is currently in closed beta: only the demo at /sg/demo is live, and it runs against a fictional tenant. Real Microsoft 365 OAuth integration is targeted for Q3 2026.

Data we collect (today, in beta)

  • If you visit the site, our hosting provider (Vercel) collects standard server logs (IP, user agent, timestamps) for security and operations.
  • If you click “Apply as founding MSP”, your email client opens a draft addressed to the founder; nothing is sent to us until you press Send.
  • If you click “Run agent” on the demo, the demo’s pre-loaded fake findings are sent to Anthropic’s API for processing. No personal data leaves our systems.

Data we will collect (after OAuth ships)

  • Microsoft 365 tenant metadata (tenant ID, organisation name, user counts, role assignments, MFA registration state, Microsoft Secure Score). We pull this via read-only delegated permissions; we do not request write access.
  • The findings we generate from that metadata, persisted so the report can be re-rendered.
  • Account information for the MSP user (name, email, firm name).

We do not pull or persist email content, calendar items, files, chat messages, or any user-generated content from M365.

Where the data lives

Database: Neon Postgres. Production region pinned to ap-southeast-1 (Singapore) before the first paying tenant connects. Hosting: Vercel global edge for the static site, Singapore region for backend functions where supported. Anthropic API calls (for the AI agent) terminate in the United States; if your engagement letter prohibits cross-border AI processing, the agent feature can be disabled per tenant.

What we do NOT do

  • We do not train any AI model on your data, your client’s data, or any tenant content.
  • We do not run cross-tenant analytics or aggregate one MSP’s findings into another’s view.
  • We do not sell, rent, or share data with third parties for marketing.
  • We do not embed advertising or analytics trackers beyond the operational essentials (Vercel logs, Stripe for billing once enabled).

Your rights under PDPA

You have the right to access the personal data we hold about you, to correct it, and to withdraw consent. Email partners@cyber.pgintel.dev and we will respond within the timeframe required by the PDPA.

Sub-processors

  • Vercel — hosting, edge functions, server logs.
  • Neon — managed Postgres database (Singapore region).
  • Anthropic — AI agent inference (Claude Opus 4.7).
  • Microsoft — Graph API (read-only delegated permissions, post-OAuth).
  • Stripe — billing, only after the founding-MSP program closes (today: not active).
  • Resend — transactional email for report delivery.

Changes

As Sentinel ships from beta to v1, this policy will change to reflect new product surfaces. We will email all customers directly when material changes happen, no fewer than 30 days before they take effect.

Contact

Lawrence Kuok (founder, data controller for PDPA purposes) Lawrence Kuok — mdash; partners@cyber.pgintel.dev. Founder, operating from Singapore.