Privacy Policy

Last updated: June 14, 2026

SentryNexus (“SentryNexus,” “we,” “us”) provides a CMMC / NIST SP 800-171 self-assessment and SPRS preparation tool at sentrynexus.io. This policy explains what we collect, how we use it, and the choices you have. SentryNexus is a preparation tool — it does not connect to or submit to SPRS, and it is not designed to store Controlled Unclassified Information (CUI).

Information we collect

  • Account & identity. When you sign in with Google, we receive your name, email address, and Google account identifier. We do not collect or store passwords (sign-in is via Google OAuth).
  • Organization data. Organizations you create or join, team memberships, and invitation email addresses.
  • Assessment preparation data. The information you enter to prepare an assessment — per-requirement findings and objective answers, computed scores and statuses, POA&M notes, CAGE codes and scope details, and Level 3 / Rev 3 readiness answers. This is your own preparation material, not the federal CUI you are protecting.
  • Evidence files. Documents you optionally upload as supporting evidence. Every upload requires you to attest the file contains no CUI. Do not upload CUI.
  • Usage & technical data. Standard server logs (e.g., IP address, request metadata) used to operate and secure the service.

How we use it

To provide and maintain the service, authenticate you, scope data to your organization, send service and reaffirmation-reminder emails, secure the platform, and comply with legal obligations. We do not sell your personal information, and we do not use your assessment data to advertise to you.

No CUI by design

SentryNexus is a non-CUI preparation tool. The platform is not built or authorized to store CUI, and you must not upload CUI. The per-upload no-CUI attestation is a standing control, not a temporary gate.

Service providers

We rely on a small number of processors to run the service: Google (authentication and cloud hosting) and SendGrid (transactional and reminder email). These providers process data on our behalf under their own terms and security commitments.

Cookies & sessions

We use a session cookie to keep you signed in. We do not use third-party advertising cookies.

Data retention & your choices

We retain your account and assessment data while your account is active. You may request access to, correction of, or deletion of your data, or deletion of your account, by contacting us at the address below. Deleting an assessment or organization removes its associated preparation data.

Children

SentryNexus is a business tool intended for use by organizations and is not directed to children under 18.

Changes

We may update this policy from time to time; we will revise the “last updated” date above and, where appropriate, provide additional notice.

Contact

Questions or requests: privacy@sentrynexus.io. SentryNexus is operated by [Company legal name], [jurisdiction].

This policy is informational and is not legal advice.