Private by design
You are scanning sensitive content - secrets, credentials, personal data. We built NULLO so that the act of scanning cannot itself become a security risk.
Six privacy principles, none of them optional.
Processed in memory, nothing written to disk
When you submit content for scanning, it is loaded into memory on an isolated compute instance. The Fable 5 AI engine analyzes it, the report is generated, and the content is discarded. Nothing touches persistent storage at any point.
Never stored or logged
We do not write your submitted content - text, URLs, or files - to any database, log stream, or object store. Our server logs record only the metadata required to operate the service: timestamp, input type, byte count, and scan duration.
Never used for AI training
Fable 5 AI is not fine-tuned on user submissions. Your content does not influence future model behavior. We have no process by which submitted data could reach the model training pipeline.
Deleted after the scan completes
The compute instance is reset between scans. There is no session state and no residual content that persists from one scan to the next.
No account required
Anonymous scanning on the Free tier means your content is not linked to any identity. We cannot connect a scan to a person if we do not collect one.
Encrypted in transit
All traffic between your browser and NULLO's infrastructure uses TLS 1.3. Connections are rejected below TLS 1.2. HSTS is enforced for the sentinel.dev domain.
Questions & answers
- Do you store the content I scan?
- No. Content is processed entirely in memory. Nothing is persisted to disk, a database, or any other storage medium.
- Do you log what I submit?
- We log operational metadata only: timestamp, input type, byte count, and scan duration. We never log the content of your submission.
- Could my submission end up in a model training dataset?
- No. We have no pipeline that would allow user submissions to reach the Fable 5 training process.
- What happens if I scan a file containing real credentials?
- The file is processed in memory, the credentials are identified in the report, and the file is discarded. No human reviews your submission. You should still rotate the credentials immediately.
- Is this compliant with GDPR / CCPA?
- Because we do not retain personal data from submissions, many of the core GDPR and CCPA obligations around data storage and subject rights do not apply to the scanning process. However, you remain responsible for ensuring your use of NULLO meets your own compliance requirements.
- Do you share data with third parties?
- We do not sell or share submission content with any third party. Infrastructure vendors (cloud compute, CDN) operate under data processing agreements that prohibit them from accessing or retaining user content.
- How do I contact you with a security concern?
- Email security@sentinel.dev. We aim to respond within 24 hours and follow responsible disclosure practices.