GCR Sentinel — Privacy Policy
Effective Date: June 1, 2026 Last Updated: June 1, 2026
This Privacy Policy explains how Sentinel Media Inc. ("we," "us," or "our"), the operator of the GCR Sentinel mobile application and related websites (collectively, the "Service"), collects, uses, shares, and protects information about you. We have written this in plain language wherever possible. Where we use defined terms, they have the same meaning as in our Terms of Service.
If you do not agree with this Privacy Policy, do not download, install, or use the Service.
Table of Contents
- Summary — The Short Version
- Who We Are and How to Contact Us
- Scope of This Policy
- Information We Collect
- Information We Do Not Collect
- How We Use Your Information
- AI and Machine Learning Disclosure
- Third-Party Service Providers (Sub-Processors)
- How We Share Information
- Data Retention
- Data Security
- Your Rights and Choices
- Rights for California Residents (CCPA / CPRA)
- Rights for Users in the EEA, UK, and Switzerland (GDPR)
- International Data Transfers
- Children's Privacy
- Third-Party Content and Links
- Push Notifications, Email, and SMS
- Changes to This Policy
- Contact and Complaints
1. Summary — The Short Version
- We collect the minimum information needed to run the Service: your email address, a Stripe customer ID, a push-notification token (if you enable push), your alert preferences, and basic technical data like IP address and device type.
- We do not collect or store payment card numbers. Stripe and Apple handle all payment data directly.
- We do not collect your location, contacts, microphone, camera, or photos.
- The claims, predictions, and commentary you see in the app are quotes and AI-generated summaries of publicly available content posted by third parties (currency-speculation commentators). We do not endorse that content. We use Anthropic Claude and OpenAI Whisper to process it.
- You can delete your account and your data at any time. See Section 12.
- We are an accountability and fact-tracking service. We are not a financial advisor and we do not provide investment advice.
2. Who We Are and How to Contact Us
The Service is operated by Sentinel Media Inc., a corporation organized under the laws of Wyoming, United States.
For any privacy question, request, or complaint:
- Email: support@gcrsentinel.com
- Subject line for privacy requests: "Privacy Request — [your topic]"
We aim to respond to privacy requests within 30 days, and faster where required by law.
3. Scope of This Policy
This Privacy Policy applies to information we collect through:
- The GCR Sentinel mobile application (iOS and, where available, Android)
- Our marketing and account-management websites
- Emails, SMS messages, and push notifications we send you
- Any API endpoints that you authenticate against
This Policy does not apply to:
- Third-party platforms from which we ingest public content (e.g., YouTube, X / Twitter, Rumble, Telegram, Dinar Recaps RSS, public podcasts). Your interactions with those platforms are governed by their own privacy policies.
- Third-party websites or services we link to, including our payment processor's hosted checkout pages.
- Any content you choose to share publicly outside the Service.
4. Information We Collect
We collect the following categories of information:
4.1 Information You Provide
- Account information: your email address and a password (stored as a salted hash; we never see the plaintext).
- Subscription information: your Stripe customer ID (a token; not a card number) and, for App Store subscriptions, your Apple original transaction identifier. We record whether your subscription is active, the tier, and the renewal date.
- Alert preferences: which currencies, commentators, claim types, and delivery channels (push, email, SMS) you have enabled.
- Communications with us: support tickets, emails, and any feedback you send.
- SMS phone number (only if you opt into SMS alerts).
4.2 Information Collected Automatically
- IP address of API calls, used for rate limiting, security, and abuse prevention.
- Device and app information: device model, operating system version, app version, language, timezone, and a generated device identifier used solely to deliver push notifications to the correct device.
- Push notification token issued by Apple Push Notification service or Pushover (if you have enabled push).
- Usage events: which alerts you opened, what you marked as read, what claims you saved or shared. These are stored in an aggregated and pseudonymous form for product analytics.
- Error and diagnostic data: crash reports and exception traces sent to Sentry. These may include your account ID and the request path, but we strip stack-trace fields that contain user content.
4.3 Information from Third Parties
- Stripe sends us subscription status events (created, renewed, cancelled, payment failed).
- Apple sends us App Store server notifications about your in-app subscription.
- Email and SMS providers send us delivery, bounce, and unsubscribe events.
5. Information We Do Not Collect
We have deliberately designed the Service to minimize data collection. We do not collect:
- Payment card numbers, CVCs, or bank account numbers. Stripe and Apple handle payment data directly under their own PCI-DSS-compliant systems.
- Your precise or approximate geolocation. We do not request location permissions.
- Your contacts, calendar, photos, microphone, or camera.
- Your browsing history outside the app.
- Biometric data.
- Government identifiers (SSN, driver's license, passport).
- Health, racial, religious, political, or other special-category data.
If a future feature requires additional data, we will update this Policy and obtain consent before collecting it.
6. How We Use Your Information
We use your information only for the following purposes:
- Provide the Service — authenticate you, deliver alerts you have subscribed to, manage your subscription tier, and route push, email, and SMS messages.
- Process payments — through Stripe and Apple; we only store transaction references, not card data.
- Improve the Service — analyze aggregated usage to fix bugs, prioritize features, and tune our alert quality.
- Communicate with you — send transactional emails (receipts, password resets, account changes, policy updates) and, only if you opt in, occasional product updates.
- Secure the Service — detect abuse, fraud, scraping, and unauthorized access, and enforce our Terms of Service.
- Comply with law — respond to lawful requests, enforce legal rights, and meet tax, accounting, and regulatory obligations.
We do not sell your personal information. We do not share it with advertising networks. We do not use it to train third-party AI models for general purposes (see Section 7).
7. AI and Machine Learning Disclosure
GCR Sentinel relies heavily on artificial intelligence to do its job, and we want to be explicit about how.
- Transcription: We use OpenAI Whisper (and equivalent transcription services) to convert audio from public podcasts, YouTube videos, Rumble videos, X Spaces, and Telegram voice content into text.
- Claim extraction and summarization: We use Anthropic Claude to read transcripts and public posts and to extract structured "claims" — for example, a predicted exchange rate, a predicted date, or banking instructions allegedly given by a third-party commentator. Claude also writes the short summaries you see in the app.
- All third-party content displayed in the Service has been processed by AI. AI systems can misinterpret, paraphrase imperfectly, or miss context. We attach a link to the original source for every claim so you can verify. Section 8 of our Terms of Service contains the corresponding legal disclaimer.
- Your personal information is not used to train AI models. We send public third-party content to Anthropic and OpenAI for processing under their respective API terms, which prohibit use of API inputs for model training by default. We do not send your account data, your alert history, or your support messages to any AI provider for training.
- We may send the text of your support messages to Anthropic Claude to help us draft responses. We do not send your payment, account-credential, or device-token data.
8. Third-Party Service Providers (Sub-Processors)
We rely on the following sub-processors to operate the Service. Each is bound by contractual data-protection terms.
| Sub-processor | Purpose | Data shared | Location |
|---|---|---|---|
| Supabase | Database, authentication, file storage | Account, subscription, alert, and usage data | United States (US-West-2) |
| Anthropic (Claude) | LLM processing of public third-party content; support-message drafting | Public third-party content; support message text | United States |
| OpenAI (Whisper) | Audio transcription of public third-party content | Public audio files | United States |
| Stripe | Payment processing for web subscriptions | Email, name (if provided), card data (collected by Stripe directly) | United States |
| Apple | App Store subscription processing | Apple ID transaction identifiers | United States |
| Pushover | Push-notification delivery | Push token, alert content | United States |
| Resend | Transactional email delivery | Email address, message content | United States |
| Twilio | SMS alert delivery | Phone number, message content | United States |
| Sentry | Application error monitoring | Account ID, error traces, request metadata | United States |
We may add or change sub-processors. Material changes will be reflected in this Policy and, where required by law, communicated to you.
9. How We Share Information
Mobile Information (SMS Opt-In Data)
No mobile information will be shared with third parties or affiliates for marketing or promotional purposes. All categories of sharing described in this policy exclude text-messaging originator opt-in data and consent; this information will not be shared with, or sold to, any third party. Your phone number and SMS/voice consent records are used solely to deliver the alerts you opted into and to prove the consent you gave (see gcrsentinel.com/sms); reply STOP to any message to withdraw consent at any time.
We share personal information only in the following situations:
- With sub-processors listed in Section 8, strictly to operate the Service.
- For legal reasons — to comply with a subpoena, court order, or other lawful request; to investigate fraud or security incidents; or to protect the rights, safety, or property of users, the public, or Sentinel Media Inc.. Where legally permitted, we will notify you before disclosing your data.
- In a business transfer — if Sentinel Media Inc. is acquired, merged, or sells substantially all assets, your information may transfer to the successor entity, subject to this Policy.
- With your consent — for anything not listed above, we will ask first.
We do not sell or rent personal information. We do not share it with advertisers, data brokers, or analytics resellers.
10. Data Retention
- Account data is retained while your account is active and for up to 12 months after closure for fraud-prevention, dispute-resolution, and legal-compliance purposes, after which it is deleted or anonymized.
- Subscription and billing records are retained for at least 7 years to meet tax and accounting requirements.
- Support correspondence is retained for 24 months.
- Push tokens are deleted within 30 days of account closure or token invalidation.
- Aggregated, non-identifying usage statistics may be retained indefinitely.
- Public third-party content that we have ingested (transcripts, structured claims, source links) is retained indefinitely as part of the accountability record that is the core function of the Service. This content is not personal data of our users.
11. Data Security
We implement administrative, technical, and physical safeguards designed to protect your information, including:
- TLS 1.2+ encryption for all data in transit
- Encryption at rest for our primary database
- Salted password hashing (bcrypt or argon2)
- Principle-of-least-privilege access controls for staff
- Logging and monitoring of administrative access
- Regular review of sub-processor security posture
No system is 100% secure. If we discover a security incident that affects your personal information, we will notify you and the relevant authorities as required by law.
12. Your Rights and Choices
Regardless of where you live, you can exercise the following at any time:
- Access — view the data on your account through the in-app settings or by emailing support@gcrsentinel.com.
- Correction — update your email, alert preferences, and other profile data in-app.
- Deletion — delete your account in-app under Settings → Account → Delete Account, or by emailing support@gcrsentinel.com. Deletion removes your personal information from active systems within 30 days, subject to retention requirements in Section 10.
- Export — request a machine-readable copy of your account data.
- Opt out of marketing email — use the unsubscribe link in any marketing email or change your preferences in-app. You cannot opt out of transactional email (e.g., receipts, security notices) while your account is active.
- Opt out of push or SMS — disable in-app or, for SMS, reply STOP to any message.
Cancelling your subscription does not delete your account; you may keep a free-tier account or delete entirely.
13. Rights for California Residents (CCPA / CPRA)
If you are a California resident, you have the right to:
- Know what categories of personal information we collect, the sources, the business purpose, and the categories of recipients.
- Request a copy of the specific pieces of personal information we hold about you.
- Request deletion of your personal information, subject to legal exceptions.
- Correct inaccurate personal information.
- Limit the use and disclosure of sensitive personal information (we do not collect sensitive PI as defined under CPRA in the ordinary course).
- Opt out of "sale" or "sharing" of personal information. We do not sell or share personal information as those terms are defined under CPRA, and we have not done so in the preceding 12 months.
- Not be discriminated against for exercising any of these rights.
To exercise these rights, email support@gcrsentinel.com with the subject "California Privacy Request." We may need to verify your identity by matching information you provide to information we hold. You may use an authorized agent; we will request proof of authorization.
14. Rights for Users in the EEA, UK, and Switzerland (GDPR)
If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the rights of access, rectification, erasure, restriction, portability, and objection under the GDPR (and UK GDPR). You also have the right to lodge a complaint with your local data-protection authority.
Legal bases on which we process your data:
- Performance of a contract — to provide the Service you have subscribed to.
- Legitimate interests — to secure and improve the Service, prevent fraud, and run our business, balanced against your rights.
- Consent — for marketing email, SMS alerts, and any future processing requiring it. You may withdraw consent at any time.
- Legal obligation — to comply with tax, accounting, and law-enforcement requirements.
Sentinel Media Inc. acts as a data controller for personal information about our users. We act as a data controller (not a processor) for the public third-party content we ingest and analyze, because we determine the purposes and means of that processing.
15. International Data Transfers
Our servers and most sub-processors are located in the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States, which may not provide the same level of data protection as your home jurisdiction. Where required, we rely on Standard Contractual Clauses or other lawful transfer mechanisms.
16. Children's Privacy
The Service is intended for adults aged 18 or older. We do not knowingly collect personal information from anyone under 18. If we learn that we have collected personal information from a person under 18, we will delete that information promptly. If you believe a minor has provided us information, contact support@gcrsentinel.com.
17. Third-Party Content and Links
The Service displays quotes, summaries, transcripts, and analysis of content publicly posted by third parties (currency-speculation commentators, podcasters, YouTube channels, Telegram channels, and similar). These are not authored by Sentinel Media Inc., and we do not endorse them. We provide a link back to the original source for every claim where reasonably possible. Following such a link takes you to a third-party platform whose privacy practices we do not control.
Our display, transcription, and analysis of such content is performed for purposes of news reporting, commentary, criticism, and consumer-protection accountability, which we believe constitute fair use under 17 U.S.C. § 107.
18. Push Notifications, Email, and SMS
- Push notifications are sent through Apple Push Notification service and/or Pushover, using a token we receive from your device. You can disable push notifications at any time in your device settings or in-app.
- Email is delivered through Resend. Transactional email is required while your account is active. Marketing email is opt-in and can be unsubscribed at any time.
- SMS alerts are delivered through Twilio. Standard message and data rates from your carrier may apply. Reply STOP to unsubscribe and HELP for help. We will never send marketing SMS unless you have separately opted in.
19. Changes to This Policy
We may update this Policy from time to time. When we do, we will revise the "Last Updated" date at the top. For material changes, we will notify you by email and through an in-app banner at least 7 days before the changes take effect. Your continued use of the Service after that date constitutes acceptance of the revised Policy. If you do not agree, delete your account before the effective date.
20. Contact and Complaints
For any question, request, or complaint about this Policy or our handling of your information:
Sentinel Media Inc. Email: support@gcrsentinel.com Subject: "Privacy — [your topic]"
If you are not satisfied with our response, you may contact your local data-protection authority or, in the United States, the Federal Trade Commission.
End of Privacy Policy.