LEGAL

PRIVACY POLICY

LAST UPDATED: 19 APR 2026 • VERSION 2.0 BETA

CONTROLLER + CONTACT

SENTINEL FORGE™ is a product of ANQ LLC (“we,” “us,” “our”), a Wyoming limited liability company. ANQ LLC is the data controller for the SENTINEL FORGE application (“the Service”). This Privacy Policy explains how we collect, use, store, share, and protect personal information.

Principal office: 487 Indian Overlook, Clarksville, TN 37040, USA.

Questions, data-rights requests, or complaints: Contact us. We do not currently have a designated Data Protection Officer or EU/UK representative (pending). Users in the EU/EEA/UK may contact us directly using the form above.

DATA WE COLLECT

  • Account information — callsign, email address, authentication credentials, optional military branch and MOS.
  • Demographics — height, weight, date of birth, biological sex (for baseline calibration).
  • Fitness data — workout logs, exercise sets, ACFT scores, nutrition entries, body composition.
  • Health metrics — heart rate, HRV, sleep stages, stress signals, recovery scores, menstrual cycle (optional).
  • Device data — OAuth tokens, sensor-sourced records, device identifiers for connected peripherals.
  • Media — body-scan photos and meal photos that you upload.
  • Usage + diagnostics — app events, error logs, IP address, browser / OS, timestamps.
  • Communication — contact-form submissions, email replies, support tickets.

LEGAL BASIS (GDPR ART 6)

  • Performance of a contract — account creation, subscription billing, core app function.
  • Consent — optional features (AI features, marketing email, sensor linking). You can withdraw consent in Settings at any time.
  • Legitimate interest — error tracking, fraud prevention, aggregated analytics, security monitoring.
  • Legal obligation — tax records, responding to lawful requests from authorities.

HOW WE USE YOUR DATA

  • Deliver personalized fitness analytics and performance dashboards.
  • Generate AI-powered workout, recovery, nutrition, and cycle recommendations.
  • Track progress across strength, endurance, and readiness metrics.
  • Provide leaderboards, groups, chat, and head-to-head challenges when enabled by you.
  • Debug errors, monitor abuse, and improve the Service.
  • Send transactional email (account, billing, password reset). Marketing email is opt-in only.

We do not sell your personal data. We do not use your data for cross-site advertising.

SUB-PROCESSORS + SERVICES

We share data only with the service providers necessary to operate the Service:

  • Anthropic (Claude API) — AI Coach, Form Check, Body Scan, Meal Scan, training guidance. Data is sent only when you use AI features. Anthropic does not train on API inputs under their Commercial Terms.
  • Microsoft Azure — application hosting, PostgreSQL database, object storage, CDN. United States region.
  • Stripe — payment processing (subscriptions, one-time purchases). Card data is handled entirely by Stripe; we receive only billing metadata.
  • Resend — transactional email delivery (password reset, receipts, account notices).
  • Capgo — over-the-air updates for the mobile app bundle.
  • Sentry — crash and performance monitoring. We scrub PII where reasonably feasible.
  • Google Play — Android app distribution and in-app billing (once enabled).
  • Third-party sensor providers — Oura, Fitbit, Eight Sleep, Suunto, Withings. We request only the scopes needed for performance tracking. We do not push your data back to these providers.

AI FEATURES

SENTINEL FORGE uses Anthropic’s Claude model to generate workout analysis, training recommendations, recovery notes, meal parsing, and body-scan analysis. When you invoke an AI feature, relevant fitness and biometric data is sent to Anthropic for processing and discarded by them after the response is returned (per their Commercial Terms). AI output is probabilistic and may contain errors. You are responsible for evaluating AI guidance against your own judgment and professional advice. AI outputs are not medical advice.

INTERNATIONAL TRANSFERS

Our infrastructure is hosted in the United States. If you access the Service from the EU, EEA, UK, or elsewhere outside the U.S., your data will be transferred to and processed in the United States. Where required, such transfers are governed by the Standard Contractual Clauses (SCCs) issued by the European Commission, including the UK Addendum.

DATA STORAGE AND SECURITY

Your data is encrypted at rest using Azure PostgreSQL with encryption enabled and encrypted in transit via HTTPS/TLS 1.2+. OAuth tokens for connected peripherals are stored encrypted. Passwords are hashed using industry-standard adaptive hashing. Access is restricted to authorized personnel on a least-privilege basis. No security program is perfect; we will notify affected users and regulators of material breaches as required by law.

DATA RETENTION

  • Account + fitness + health data — retained while your account is active. Deleted within 30 days of account deletion request.
  • Error + diagnostic logs — 90 days.
  • Email metadata (Resend) — 90 days.
  • Billing records — retained for 7 years to meet U.S. tax obligations.
  • Backups — encrypted backups rotate out within 35 days.

YOUR RIGHTS

Depending on your jurisdiction, you may have the right to:

  • Access — request a copy of your personal data.
  • Rectification — correct inaccurate data.
  • Erasure — delete your data (“right to be forgotten”).
  • Portability — export your data in a machine-readable format.
  • Objection + restriction — object to or restrict processing.
  • Automated decision-making — the Service uses algorithmic scoring for readiness and training recommendations. You can request human review of any automated output that materially affects you.
  • Withdraw consent — for any consent-based processing.
  • Complain to a regulator — EU/UK users may lodge a complaint with their supervisory authority.

Exercise these rights in-app (Settings → Account) or via our contact form. We respond within 30 days (GDPR) or 45 days (CCPA).

CCPA (CALIFORNIA) + STATE PRIVACY

California residents, and residents of other U.S. states with comprehensive privacy laws (Colorado, Connecticut, Virginia, Utah, and others) have the rights described above, including the right to know, delete, correct, and opt out of the “sale” or “sharing” of personal information. We do not sell or share your personal information as those terms are defined under the CCPA.

A "Do Not Sell or Share My Personal Information" link is not required because we do not engage in such activity. If this ever changes, we will add the link and update this policy with reasonable notice.

COOKIES + TRACKING

SENTINEL FORGE uses cookies (or equivalent local storage) solely for session authentication and user preference storage. We do not use third-party advertising cookies, cross-site trackers, or analytics cookies.

AGE RESTRICTIONS

SENTINEL FORGE is intended for users 18 years of age or older. We do not knowingly collect personal information from anyone under 18. If we become aware that a user under 18 has created an account, we will delete it. Users in the EU/EEA/UK must be at least 16 to provide consent for data processing without parental authorization.

CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time. Material changes will be announced in-app and by email. The “last updated” date at the top reflects the most recent revision. Continued use of SENTINEL FORGE after a change takes effect constitutes acceptance of the updated policy.