Privacy Policy
Sentura — a service of Virtual Caffeine IO LLC
1. Who we are and what this Policy covers
Sentura is an email-authentication monitoring and management service (DMARC, SPF, DKIM, MTA-STS, and related reporting). Sentura is operated by Virtual Caffeine IO LLC ("VCIO," "we," "us"), a Washington limited liability company. In this Policy, "Sentura," "the service," and "we" refer to the Sentura service as operated by VCIO.
This Policy applies to the Sentura websites and application at sentura.io (including app.sentura.io, www.sentura.io, and docs.sentura.io), the Sentura web application, and the free public tools offered on the Sentura site. It describes our own practices as the operator of the service.
If you use Sentura under an agreement between VCIO and your employer or organization, that organization controls the account and its instructions govern data in the account; this Policy describes our practices as the service operator.
Virtual Caffeine IO LLC operates other products under other brands; each has its own separate terms and privacy policy on its own site. This Policy governs Sentura only.
2. Information we collect
Information you provide:
- Account and contact details: name, email address, company/organization name.
- Support and sales communications you send us.
- Configuration and content data you submit while using Sentura — for example, the domains you add for monitoring, the DNS/authentication records and policies you configure, and reports you generate.
Information collected automatically:
- Service logs: IP address, browser/user-agent, timestamps, pages and API endpoints accessed, and error/diagnostic events, used to operate, secure, and troubleshoot the service.
- Authentication and session cookies (see Section 7).
DMARC and email-authentication report data:
Sentura ingests DMARC aggregate reports and related authentication reports for the domains you monitor. These reports are generated by receiving mail providers and describe authentication results — sending IP addresses, the domains claimed in the "From" header, SPF/DKIM/DMARC pass/fail outcomes, message counts, and dates. They do not contain the content or bodies of email messages. We process and store this reporting data to provide the service and your history.
Information from our free public tools:
Sentura offers free tools (for example, domain and email-authentication checkers). When you submit a domain or similar input, we process it to produce your result and we log the submission (input value, timestamp, IP address) for abuse prevention and service improvement. Free-tool submissions are not linked to an account unless you are signed in. We retain free-tool submission logs for 90 days, after which they are deleted or de-identified.
Payment information:
Payments are processed by our third-party payment processor. Your card number is collected by that processor directly and never touches Sentura or VCIO systems. We receive limited billing details (such as name, billing contact, card brand/last four, and transaction status) to manage your subscription.
Information from identity providers:
Sentura uses single sign-on. When you sign in, we receive basic profile details (name, email, organization/tenant identifiers) from your identity provider to create and secure your session.
We do not knowingly collect information from children. Sentura is a business tool intended for adults.
3. How we use information
We use the information above to: provide, operate, and secure Sentura; authenticate users; process payments and manage subscriptions; respond to support requests; send transactional service email (such as authentication alerts, monitoring summaries, account notices, and receipts); prevent abuse and enforce our Terms; comply with law; and improve the service, including analyzing aggregated, de-identified usage.
We do not sell personal information, and we do not use your data for third-party advertising. Our regular emails are transactional — service and security alerts, monitoring summaries, account notices, and receipts — which are part of the service. We may also occasionally send product-update or check-in emails (for example, about new features); these are not required to use Sentura, always include a working unsubscribe link, and you can opt out of them at any time without losing service. We do not send third-party or partner marketing.
A note on how Sentura makes decisions. Sentura's trust-critical determinations — in particular its verdicts about whether a sending source is authenticated — are made by deterministic logic, not AI. Some non-critical features (for example, written summaries in generated reports) may use an AI provider under commercial terms that do not use inputs or outputs to train models; the specific model may change over time.
4. How we share information
We share personal information only with:
- Service providers (sub-processors) who help us run Sentura — for the categories of hosting/infrastructure, DMARC-report and mailbox intake, DNS and content-delivery/edge services, payment processing, transactional email delivery, and optional AI-assisted report text. The specific current providers for each category are listed in Section 11 below, which we keep current and date. Which providers apply can depend on the features you use.
- Your organization, where your account belongs to a business customer.
- Professional advisers, authorities, or successors where required by law, to protect our or our users' rights and safety, or in connection with a merger, acquisition, or sale of assets (with notice where required).
5. Hosting and data location
Sentura runs on VCIO-operated US infrastructure and US-based hosting providers. If you require a specific data-residency arrangement, ask us before purchase.
6. Retention
We keep personal information only as long as needed for the purposes in this Policy:
- Account data for the life of your account.
- After you leave (offboarding): when you offboard from Sentura, we retain your account and reporting data for 60 days, then delete it. This window lets you re-activate, export, or resolve any billing matters, and lets us retain a short record of what we served on your behalf; after 60 days the data is deleted.
- Platform data-lifecycle cap: independent of the above, we do not retain DMARC reporting history indefinitely. A platform-wide data-lifecycle cap of approximately three years applies to all accounts equally, as a privacy and data-minimization measure — we don't hold your data longer than it is useful to you.
- Inactive free accounts: to keep the service and its data footprint clean, a free account that shows no activity of any kind for 90 days — no sign-in, no records served on your behalf, and no reports received for your domains — may be deleted after notice. An account for which we are actively serving records or receiving reports is considered active and is not subject to inactivity deletion, even if you never sign in. We send a reminder email after 30 days without a sign-in so you can return and review new findings.
- Service logs on a rolling basis; billing records as required by tax and accounting law.
When retention ends, we delete or de-identify the data.
7. Cookies and analytics
Sentura uses strictly necessary cookies — session and authentication cookies required to sign you in and keep the service secure, and cookies set by our security/CDN provider to protect against abuse. These are always active because the service cannot function without them.
We also use analytics to understand how our public site and application are used so we can improve them. Analytics may set non-essential cookies or use similar technologies. Where required, we present a cookie-consent control so you can accept or decline non-essential cookies; declining does not affect your ability to use the service. We do not use advertising cookies and we do not sell or share information for cross-context behavioral advertising. This section serves as our cookie disclosure.
8. Security
We use technical and organizational measures appropriate to the data we handle, including encryption in transit, role-based access controls, tenant isolation, and least-privilege administration. No system is perfectly secure; if we learn of a breach affecting your personal information, we will notify you as required by applicable law.
9. Your rights and choices
Depending on where you live, you may have rights to access, correct, delete, or receive a copy of your personal information, and to opt out of sale or sharing (we do not sell or share personal information for cross-context behavioral advertising).
California residents: you may exercise these rights under the CCPA/CPRA. We do not sell or share personal information as those terms are defined by the CCPA/CPRA, and we will not discriminate against you for exercising your rights.
To exercise any right, email [email protected]. We will verify your request (typically by confirming control of the account email) and respond within the time required by applicable law. If your account is managed by your organization, we may direct your request to that organization.
10. Changes to this Policy
We may update this Policy from time to time. Material changes will be noted on this page and, for significant changes affecting account holders, by email or in-product notice. The effective date above always reflects the current version.
11. Sub-processors (current providers)
We use the following categories of third-party providers to operate Sentura. We may change providers within a category; we keep this list current and dated, and material changes are reflected in the effective date above. Customers under a data processing agreement receive notice of new sub-processors as that agreement requires.
As of July 8, 2026:
| Category | Purpose | Current provider(s) |
|---|---|---|
| Hosting / infrastructure | Application and database hosting | VCIO-operated US infrastructure; Hetzner Online GmbH (US) |
| Identity / sign-in | Authentication and session management | Microsoft (Entra ID) |
| DMARC-report & mailbox intake | Receiving and reading DMARC aggregate reports sent to Sentura | Microsoft 365 / Microsoft Graph |
| DNS, CDN & edge | DNS, content delivery, edge security, and hosted DNS records | Cloudflare, Inc. |
| Payment processing | Subscription billing (card data handled by the processor, not by us) | Stripe, Inc. |
| Transactional email | Service and alert emails | Resend |
| AI-assisted report text (optional) | Written narrative in generated reports | Anthropic, PBC (commercial API terms; inputs/outputs not used to train models) |
12. Contact
Virtual Caffeine IO LLC (operator of Sentura)
Camano Island, Washington, USA
[email protected]