What is SENTINEL GIP?

SENTINEL GIP is a professional OSINT (Open-Source Intelligence) and GEOINT (Geospatial Intelligence) platform that unifies real-time maritime tracking (AIS), aerial flight tracking (ADS-B), OFAC sanctions screening, satellite imagery acquisition (Sentinel-2, Sentinel-1) and entity pivot graph investigations in a single web console. It is used by investigative journalists, OSINT analysts, compliance teams and government agencies worldwide.

Who is SENTINEL GIP for?

Investigative journalists tracking shadow-fleet vessels and sanction evaders, OSINT analysts running due diligence and entity investigations, compliance teams screening counter-parties against OFAC SDN and EU/UK/UN sanctions lists, and risk-assessment professionals monitoring geopolitical and maritime threats.

How is SENTINEL GIP different from Maltego, Shodan or Bellingcat tools?

SENTINEL GIP combines real-time AIS, ADS-B, satellite imagery, sanctions screening and AI-assisted analysis in one integrated console — eliminating the need to switch between Maltego, Shodan, MarineTraffic, ADS-B Exchange and OFAC search portals. Unlike Maltego's per-transform fees, SENTINEL GIP charges a flat monthly price starting at $29.99.

Does SENTINEL GIP detect dark-fleet and sanction-evading vessels?

Yes. SENTINEL GIP automatically flags vessels with AIS gaps, suspicious STS (ship-to-ship) transfers outside designated anchorages, draft mismatches and ownership obfuscation. It cross-references AIS data with OFAC SDN, EU Consolidated, UK OFSI, UN, Swiss SECO, Canadian SEMA and Australian DFAT sanctions lists, refreshed daily.

What satellite imagery sources does SENTINEL GIP use?

SENTINEL GIP offers on-demand acquisition of Sentinel-2 (10 m optical, cloud-aware) and Sentinel-1 (C-band SAR, all-weather, day/night) imagery from the Copernicus Data Space Ecosystem, with side-by-side compare for change detection on ports, airfields and infrastructure.

Privacy Policy | SENTINEL GIP

This Privacy Policy explains how SentinelGIP ("we", "us", "our") collects, uses, shares and protects personal data when You access or use the Service at sentinelgip.com. It applies in addition to our Terms of Service. "Personal data" means any information relating to an identified or identifiable natural person, as defined in Article 4 of the EU General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR").

1. Data Controller

The data controller of Your personal data is SentinelGIP, reachable at contact@sentinelgip.com. For all questions relating to this policy or to exercise the rights described in Section 9, please contact our Data Protection Officer at dpo@sentinelgip.com.

2. Important Notice — Two Distinct Data Flows

The Service handles two very different categories of information that should not be confused:

Account & usage data — personal data about You, the User. This data is processed by us as data controller and is covered by Sections 3 to 13 below.
OSINT search results — information about vessels, aircraft, sanctioned entities, breach notifications, public records and similar items, retrieved from third-party providers. We do not collect this data ourselves; we display it on Your request from external sources operated by independent third parties. We act as a technical conduit and search interface. Each source is governed by its own privacy policy and legal regime. Where any such item relates to a natural person, the original publisher remains responsible for its collection and lawful basis.

3. Personal Data We Collect About You

3.1 Account data (provided by You or via Google OAuth)

E-mail address and verified status
Display name and profile picture URL (if You sign in with Google)
Stable Google account identifier (sub claim, never the OAuth refresh token alone)
Locale, language preference and theme selection
Password hash (bcrypt) if You register with e-mail/password

3.2 Service-usage and technical data

Truncated IP address, user-agent, referrer, device type
Session identifiers, login timestamps and authentication events
Feature usage (modules accessed, queries executed in aggregate form, credits consumed)
Application logs, error reports and performance metrics
Investigation notes, saved reports and other content You create within the Service

3.3 Billing data

Plan, subscription status, invoice history and credit-transaction log
Billing-name, country, VAT identifier and last-4 card digits returned by our payment processor
We do not store full payment-card numbers or CVV; these are tokenised by Stripe.

3.4 Support & communication data

Messages You send to us through e-mail, chat or feedback forms
Records of any abuse, security or legal incident

4. Purposes & Legal Bases (GDPR Art. 6)

Purpose	Legal basis
Create and maintain Your account; deliver the Service	Performance of contract (Art. 6(1)(b))
Process payments and prevent fraud	Contract + legal obligation (Art. 6(1)(b)(c))
Operate security controls, abuse detection, rate limiting	Legitimate interest (Art. 6(1)(f))
Improve and debug the Service, aggregate analytics	Legitimate interest (Art. 6(1)(f))
Marketing communications and product updates	Consent, revocable at any time (Art. 6(1)(a))
Comply with legal, tax, accounting and sanctions obligations	Legal obligation (Art. 6(1)(c))

5. Third-Party Data Sources We Query On Your Behalf

When You execute an OSINT query, Your input (for example a vessel name, MMSI, e-mail address, domain, person or company name) is transmitted to the relevant third-party data provider in order to retrieve a result. We do not retain copies of upstream personal data beyond what is strictly necessary to return Your search result and, where applicable, to comply with the provider's caching rules. Representative providers include:

Have I Been Pwned (HIBP) — breach-exposure indicators only, no plaintext credentials
OFAC / EU / UN / UK consolidated sanctions lists — public administrative records
AIS / ADS-B feed providers — broadcast public navigation signals
Copernicus / Sentinel Hub / CDSE — Earth-observation imagery (open data)
Corporate registries, OpenCorporates and similar public sources
LLM providers integrated through our universal AI gateway (used solely to produce the response, not for provider-side training when contractually disabled)
Web-scraper relays and proxy providers (e.g. Webshare) used for targeted retrieval

Each provider is responsible for its own privacy compliance regarding the data they publish. Where a third-party source raises a concern about a specific data point, please contact the original publisher; we are not in a position to alter or delete data we do not host.

6. Sub-Processors

We rely on a small number of vetted sub-processors to operate the Service. We require each of them to provide appropriate safeguards under Article 28 GDPR. The current list includes, without limitation:

Cloud hosting & database (EU region)
Google LLC — OAuth authentication
Stripe Payments Europe Ltd. — subscription processing
Transactional e-mail provider (e.g. Resend / SendGrid)
Error monitoring and performance analytics
LLM providers integrated through the Emergent universal key (Anthropic, OpenAI, Google) for AI features only

A current list of sub-processors is available on request from dpo@sentinelgip.com.

7. International Transfers

Some sub-processors are located outside the European Economic Area, in particular in the United States. Such transfers are governed by the European Commission's Standard Contractual Clauses (Decision 2021/914) and, where applicable, the EU-U.S. Data Privacy Framework. We perform a transfer-impact assessment for each provider and apply supplementary technical measures (encryption in transit, encryption at rest, pseudonymisation) as required.

8. Retention

Account data — for the lifetime of Your account, plus thirty (30) days after termination for backup rotation
Authentication logs & security events — twelve (12) months
Application logs & rate-limit counters — ninety (90) days
Billing records & invoices — ten (10) years, as required by French commercial and tax law
Marketing-consent records — three (3) years after last interaction
Investigation notes and saved reports — deleted upon account closure unless legal hold applies

9. Your Rights

Subject to the conditions of GDPR Articles 15 to 22 (and equivalent provisions in the California Consumer Privacy Act, the UK Data Protection Act 2018 and other applicable laws), You have the right to:

Access the personal data we hold about You
Rectify inaccurate or incomplete data
Erase Your data ("right to be forgotten") — also available in one click from Profile → Delete account
Restrict or object to certain processing activities
Request data portability in a machine-readable format
Withdraw consent at any time, without affecting prior lawful processing
Define post-mortem instructions regarding Your data (French Loi Informatique et Libertés)
Lodge a complaint with Your supervisory authority — in France, the CNIL (cnil.fr)

To exercise any of these rights, e-mail dpo@sentinelgip.comfrom the address registered on Your account. We respond within one month, extendable to three months for complex requests as permitted by Art. 12(3) GDPR.

10. Cookies & Similar Technologies

We use only the strictly-necessary cookies and local-storage keys required to authenticate You, maintain Your session, persist Your language and theme preferences and ensure the security of the Service. We do not deploy advertising, cross-site tracking, fingerprinting or third-party analytics cookies on authenticated pages. A cookie banner is presented on the public marketing pages where additional optional measurement cookies may be enabled with Your consent.

11. Children

The Service is not directed to and may not be used by persons under the age of eighteen (18). If we become aware that we have collected personal data from a minor without parental consent, we will delete the account promptly.

12. Security Measures

We apply administrative, technical and organisational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access, including TLS-1.3 in transit, encryption at rest, password hashing with bcrypt, principle-of-least-privilege access, MFA on administrative consoles, ingress filtering, anti-bot middleware, vulnerability scanning and periodic audits. No system is 100 % secure. In the event of a personal-data breach that is likely to result in a risk to Your rights and freedoms, we will notify the competent supervisory authority within 72 hours and, where required, inform You without undue delay.

13. AI Processing

When You use an AI feature, the prompt You submit and the relevant context are transmitted to our LLM provider via the Emergent universal-key gateway solely to generate Your response. Provider-side training on Your inputs is contractually disabled where supported. AI outputs may contain inaccuracies (see Section 5.6 of the Terms) and should not be regarded as personal data about the persons they mention without independent verification.

14. Changes to this Policy

We may update this Privacy Policy from time to time. Material changes will be announced by e-mail and/or by a banner on the Service. The "effective date" at the top of this page always indicates the latest version. Your continued use of the Service after the effective date constitutes acceptance of the updated Policy.

15. Contact & DPO

SentinelGIP — Data Protection Office

DPO: dpo@sentinelgip.com

General contact: contact@sentinelgip.com

Abuse / security: abuse@sentinelgip.com

Supervisory authority (France): CNIL — cnil.fr