Last updated: February 17, 2026
Valentin Lionel Weinert
Sentra (Sole Proprietorship / Einzelunternehmen)
Dr.-Rohmer-Weg 11
65719 Hofheim am Taunus
Germany
Email: hello@sentra.so
The appointment of a Data Protection Officer is not required pursuant to § 38 BDSG, as fewer than 20 persons are regularly involved in the automated processing of personal data.
When you visit our website, the following data is automatically collected in server log files:
Legal basis: Art. 6(1)(f) GDPR (legitimate interest). Our legitimate interest lies in ensuring system security, preventing abuse, and diagnosing technical errors. Log files are deleted after 30 days.
When you sign up for our waitlist, we use a double opt-in process. After entering your email address, you will receive a confirmation email. Your email is only stored as confirmed after you click the confirmation link.
Legal basis: Art. 6(1)(a) GDPR (consent). You may withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. To do so, send an email to hello@sentra.so. Your email address will be deleted immediately.
Retention: until consent is withdrawn or the waitlist closes.
When you register and use our app, the following data is processed:
Legal basis: Art. 6(1)(b) GDPR (contract performance). Providing your email address is necessary to create an account. Without it, we cannot provide our service.
Retention: for the duration of your account plus 30 days after deletion.
Sentra uses AI models to analyze your uploaded data. Your content is transmitted to the API of Anthropic, PBC (USA) for this purpose. Processing is done solely to provide our service. Your data is never used to train AI models.
Legal basis: Art. 6(1)(b) GDPR (contract performance).
Retention at Anthropic: API logs are deleted after 30 days.
If you upload audio files, they are transmitted to AssemblyAI, Inc. (USA) for transcription. Transcription is performed solely to provide our service. Audio files are deleted by AssemblyAI after processing.
Legal basis: Art. 6(1)(b) GDPR (contract performance).
Your data is stored and processed by the following sub-processors:
| Provider | Purpose | Data Location |
|---|---|---|
| Supabase, Inc. (USA) | Database, authentication, file storage | AWS eu-central-1, Frankfurt |
| Vercel, Inc. (USA) | Web hosting, CDN, serverless functions, web analytics, performance monitoring (Speed Insights) | Global edge network, EU regions |
| Anthropic, PBC (USA) | AI analysis of user content | USA |
| AssemblyAI, Inc. (USA) | Audio transcription | USA |
| PostHog, Inc. (USA) | Product analytics, session tracking | AWS eu-central-1, Frankfurt |
| Resend, Inc. (USA) | Transactional emails | USA |
Data processing agreements (Art. 28 GDPR) are in place with all sub-processors.
Some of our sub-processors are based in the USA. The transfer of personal data to the USA is carried out on the basis of EU Standard Contractual Clauses (SCCs) pursuant to Commission Implementing Decision (EU) 2021/914. Additionally, we rely on encryption in transit and at rest as supplementary safeguards.
Your primary data (database, files, authentication) is stored by Supabase in Frankfurt, Germany (EU).
We use technically necessary cookies for authentication and session management. These cookies are required for the operation of the website and cannot be disabled.
Analytics cookies (e.g., PostHog) are only set with your explicit consent (§ 25 TDDDG). Legal basis: Art. 6(1)(a) GDPR (consent). You may withdraw your consent at any time via the cookie settings in the footer.
In addition, we use cookie-less tracking technologies (Vercel Web Analytics, Vercel Speed Insights) that do not store information on your device but transmit usage and performance data to Vercel's servers. These tools are only activated with your consent. Legal basis: Art. 6(1)(a) GDPR (consent).
We use the following tools for website analysis, all of which are only activated when you consent to tracking via our cookie banner. Legal basis: Art. 6(1)(a) GDPR (consent).
You may withdraw your consent at any time via the cookie settings, which will deactivate all analytics and performance monitoring tools.
For transactional emails (e.g., waitlist confirmation), we use Resend, Inc. (USA). Your email address is transmitted to Resend for this purpose. Legal basis: Art. 6(1)(b) GDPR (contract performance).
Automated decision-making including profiling within the meaning of Art. 22 GDPR does not take place. AI-generated analyses and recommendations serve as support tools and do not make automated decisions with legal or similarly significant effect.
| Data Category | Retention Period |
|---|---|
| Server log files | 30 days |
| Waitlist emails | Until consent is withdrawn or waitlist closes |
| Account data | Duration of account + 30 days after deletion |
| Uploaded content and AI results | Duration of account + 30 days after deletion |
| Anthropic API logs | 30 days |
| Vercel Analytics / Speed Insights data | Aggregated, no personal data retained |
| Payment records (Stripe, future) | 10 years (§ 147 AO) |
You have the following rights regarding your personal data:
To exercise your rights, please contact: hello@sentra.so
You have the right to lodge a complaint with a data protection supervisory authority about the processing of your personal data. The supervisory authority responsible for us is:
Der Hessische Beauftragte für Datenschutz und Informationsfreiheit (HBDI)
Postfach 3163, 65021 Wiesbaden, Germany
https://datenschutz.hessen.de
We use SSL/TLS encryption for all data transfers. Stored data is encrypted at rest. Passwords are hashed and never stored in plain text.