The HR manager who gets sued personally is the one using a tool that leaked her data.
Sentel was built for HR leaders who are personally on the hook for compliance outcomes. That changes how we think about security. This page tells you exactly what we do, what we do not do yet, and who we rely on. No marketing adjectives.
1. Security
Every tool that holds your case files claims to be secure. Most rely on one layer of defense and a pile of language. Sentel runs three independent layers, enforces tenant boundaries at the database itself, and guards every AI request against injection.
Multi-tenant isolation at the database layer
Every row of customer data in Sentel lives in a table that enforces Row-Level Security. If a query tries to read a row that does not belong to the company making the request, the database refuses. Not the application, the database. There is no “trust the app code” fallback.
We run the same check a second time in our application middleware. The request is filtered twice, once by the database and once by the code that sits in front of it. Medical notes, termination cases, investigations, accommodations, employee documents, and credentials all enforce this rule.
Three independent layers of rate limiting
Rate limiting is usually a line item on a security page. We treat it as the front door. Every Sentel API route calls a single protection helper that runs three layers in order:
- A network-edge rule that drops abusive traffic before it reaches our application.
- A globally-distributed in-memory sliding window that tracks request patterns per user and per route in real time.
- A database-backed fallback that enforces the same rule if the in-memory layer is unavailable.
Every application route, and every AI endpoint, is wired through this helper. None are exempt. We verified it was working in production on 2026-04-13 by running test requests against a live route and watching the sixth request come back as 429 Too Many Requests with the source header set to our in-memory layer.
AI input guards on every request
Every AI-powered feature in Sentel runs every user message through a prompt injection classifier before the model sees it. The classifier checks the entire conversation history, not just the last message, because injection attacks often hide earlier in a thread. User input is structurally wrapped and told, in a way the model cannot override, to be treated as data rather than as instructions.
Deterministic compliance math
FMLA deadlines are not calculated by an AI model. They are calculated by deterministic code in UTC with explicit awareness of federal holidays through 2028 and the business-day rules specified in 29 CFR 825.300(d)(4). The same inputs produce the same outputs, every time, and any partial-state failure throws rather than silently accepting a bad write.
Automated verification before every deploy
Every code change is checked against an automated test suite before it reaches production. A failing test blocks the deploy. As of the last trust-page update, 133 Sentel tests and 35 StrengthSync tests run on every change. We do not ship past a red light.
Audit trail on every material action
Who did what, when, and against which record. Exportable for legal discovery and DOL audit defense.
2. Privacy
No PHI by design
Sentel tracks the FMLA process, not the diagnosis. Leave reasons are structured categories, not free text. Actual medical detail stays with the employee and their doctor on the paper WH-380-E certification. Sentel does not store Protected Health Information.
Data residency
Customer data is stored in US-region cloud infrastructure. Our primary in-memory layer is hosted in the us-east-1 region (Northern Virginia). If your contract requires a specific region or on-premises deployment, we will discuss that at the Enterprise tier.
What we collect
- The company profile, employees, leave cases, documents, and workflow state your team enters into Sentel.
- Authentication events, API access logs, and rate-limit counters used for security monitoring.
- Audit-trail entries describing who did what, when, and to which record.
What we do not collect
- Medical records, diagnoses, or the clinical detail on a WH-380-E certification.
- Browsing history, device fingerprints, or third-party advertising identifiers.
- Information about your employees beyond what you choose to enter for compliance purposes.
Customer data is not used to train AI models
The model providers Sentel uses operate under API contracts that prohibit training on API inputs by default. Sentel does not fine-tune any model on customer data, does not send customer data to third parties for model improvement, and does not sell, share, or view your data for any purpose other than delivering the service you signed up for.
Who inside Sentel can see your data
You and anyone you grant access to inside your own company. Sentel engineering staff do not have routine access to customer data. The small number of staff who can access production systems in an emergency are logged and audited, and required to document why.
3. Compliance posture
We believe in being specific about what we are and what we are not. Vague compliance claims are how software companies get HR leaders in trouble.
What Sentel is
- ✓Engineered to avoid HIPAA scope. No PHI stored, by design. Sentel is not a HIPAA-covered entity.
- ✓Engineering controls aligned with HIPAA Security Rule safeguards. Access control, audit logging, encryption in transit, tenant isolation, and incident response practices match what a Security Rule review would ask for.
- ✓Business Associate Agreement available on request. Most customers do not need one because Sentel does not touch medical detail. If your legal team still wants one for belt-and-suspenders reasons, a BAA is available on the Enterprise tier.
- ✓Engineering practices aligned with SOC 2 Common Criteria. Access control, change management, logging, backups, and incident tracking follow the same patterns a SOC 2 audit would ask for.
- ✓AI Model Card published. Every AI feature has a public model card documenting model provider, inputs, outputs, limitations, and human oversight.
What Sentel is not yet
- ×Not HIPAA certified. There is no such certification. We are engineered not to need one.
- ×Not SOC 2 audited. A Type I audit is on the roadmap before our first Enterprise contract signs. Until then, we say "aligned with," not "certified."
- ×Not independently penetration tested. One is planned before our first Enterprise contract.
- ×Not GDPR scoped. Sentel currently serves US employers only. If EU data subjects enter the picture, tell us and we will have the conversation.
- ×No "zero breaches" claim. Any vendor that makes one is lying to you or has not been around long enough to know better.
If you need a specific certification on a specific timeline, tell us. We will either commit to it or tell you honestly that we cannot.
Subprocessors
Sentel relies on the following third-party services to deliver the product. Each one processes a specific slice of data. We list them here so your security review has nothing to guess at.
| Provider | Purpose |
|---|---|
| Anthropic | AI model provider. Powers the compliance assistant, risk audit, and FMLA drafting features. |
| Vercel | Application hosting and network-edge firewall. US region. |
| Supabase | Primary database, authentication, and file storage. Row-Level Security enforced on every customer table. |
| Upstash | Rate limiting and ephemeral counters. US East (us-east-1, Northern Virginia). |
| OpenAI | Embeddings for the federal regulation search index. Customer case data is not sent to this endpoint. |
| DocuSign | E-signature routing for FMLA notices and designation forms. Activated only when a customer configures it. |
Adding a new subprocessor is a governance event. When it happens, this list is updated with the same commit that ships the feature.
Incident response
If we discover or are notified of a security incident that affects customer data, we follow an internal runbook covering detection, containment, notification, and post-mortem review. Our notification commitment for confirmed incidents affecting a customer's data is 24 hours from confirmation.
Responsible disclosure
If you believe you have found a security vulnerability in Sentel, we want to hear from you before you tell anyone else. Email security@sentinelhrcompliance.com.
What we promise:
- Acknowledgement within one business day.
- Status update within 72 hours.
- Credit in our security acknowledgements, if you want it.
- No legal action against good-faith researchers who follow responsible disclosure and do not access customer data beyond what is necessary to demonstrate the issue.
What we ask:
- Give us a reasonable window to fix the issue before publishing.
- Do not exfiltrate customer data.
- Do not run denial-of-service attacks against production. Email us and we will set up a staging environment.
Governance contact
Sentel is a small company and security ownership is not diffused. Jacob Panagopoulos, founder, is the accountable party for security, privacy, and AI governance decisions until a dedicated role is named publicly on this page.
Security and trust questions: security@sentinelhrcompliance.com
General contact: jacob@sentinelhrcompliance.com
If you are evaluating Sentel for a company that requires a formal security review, we have a standard vendor questionnaire response and are happy to get on a call with your IT or security team. We would rather answer a hard question today than discover you wanted a different answer after your legal team signs.
Last updated: 2026-04-15.
AI Model Card →