GDPR Compliance Statement
Effective Date: July 14, 2026
Sentinel — IP Camera Setup & ONVIF Discovery
Data Controller: 6tSevn BV
Effective Date: July 14, 2026
Last Updated: July 14, 2026
1. Our Commitment
6tSevn BV is committed to protecting the privacy and personal data of all users of the Sentinel app, in full compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and applicable national data protection laws. Sentinel is designed as a local-first application: it communicates only with the devices on your own local network and never transmits your data to 6tSevn BV. This statement explains how we uphold the principles and rights established by the GDPR.
2. Data Controller
Under the GDPR, the data controller is the entity that determines the purposes and means of processing personal data. For the Sentinel app:
Data Controller: 6tSevn BV
Address: Gangboord 11, 3356 DG Papendrecht, The Netherlands
Email: privacy@6tsevn.com
Website: https://6tsevn.com
In practice, 6tSevn BV does not process any personal data from Sentinel users. All data remains under the sole control of the user on their own device and local network.
3. What Data Is Processed
Sentinel processes device and configuration data required to discover, activate, and reconfigure equipment on your local network. This data is processed exclusively on your device and your local network and is never transmitted to 6tSevn BV or any third party.
Most of this data is technical information about network equipment rather than personal data. Depending on your environment, some fields could constitute personal data under the GDPR.
| Category | Examples | Legal Basis |
|---|---|---|
| Device information | Model, firmware, MAC address, serial number, IP address, current network settings | Legitimate interest (Art. 6(1)(f)) — core functionality |
| Configuration you apply | IP address, subnet mask, gateway, DHCP mode | Legitimate interest (Art. 6(1)(f)) |
| Credentials | Administrator passwords set or used during activation, stored in the Keychain | Performance of contract (Art. 6(1)(b)) |
| Preference data | App settings and remembered devices | Legitimate interest (Art. 6(1)(f)) |
Data NOT collected by 6tSevn BV:
- Names, email addresses, or contact details
- Device identifiers or advertising identifiers (IDFA)
- Usage analytics or telemetry
- Cookies or browser data
- Payment or credit card information
- User account credentials (no accounts exist)
- Any discovered device information, credentials, or configuration sent to a 6tSevn server
4. Data Processing — Where and How
4.1 On-Device and Local-Network Processing
All data generated or used by Sentinel is processed on your device and communicated directly with the devices on your local network. It resides in the app's sandboxed container, with credentials held in the iOS/macOS Keychain. 6tSevn BV has no access to this data. The app makes no requests to 6tSevn servers.
4.2 Network Discovery
Sentinel uses standard multicast (ONVIF WS-Discovery and SADP probing) to discover devices on the local network, including devices whose IP is outside your current subnet. It reads publicly reported device details over these standard protocols. ONVIF discovery is performed on a read-only basis; configuration changes are always explicit.
4.3 Activation and Configuration
When you activate a device, Sentinel sets an administrator password using encryption on your device before the credential is sent to the target device over your local network. When you reconfigure a device, the new IP, mask, gateway, or DHCP setting is applied directly to that device. These actions require being on the same subnet as the target device.
4.4 Credentials and the Keychain
Administrator passwords and other credentials are stored in the iOS/macOS Keychain, protected by iOS/macOS Data Protection and, where available, hardware-backed security. 6tSevn BV never receives these credentials.
5. Third-Party Data Sharing
6tSevn BV does not share any personal data with third parties. The Sentinel app:
- Contains no analytics SDKs (no Firebase, Amplitude, Mixpanel, or similar)
- Contains no advertising networks or trackers
- Contains no crash reporting services (no Crashlytics, Sentry, or similar)
- Sends no data to 6tSevn servers — the app communicates only with devices on your local network
6. Data Transfers Outside the EEA
6tSevn BV does not transfer any personal data outside the European Economic Area, because 6tSevn BV does not receive any user data. All data remains on your device and local network within your physical control.
7. Data Retention
Since 6tSevn BV does not collect or store any user data, there is no data retention policy on our end. The user retains full control over their data:
- Remembered devices and credentials persist on-device for as long as the app is installed and you choose to keep them.
- You can remove stored devices and credentials at any time within the app.
- Uninstalling the app permanently removes all local data, including credentials held in the Keychain for the app.
8. Your Rights Under the GDPR
As a data subject under the GDPR, you have the following rights. Because Sentinel is designed as a local-first application and 6tSevn BV holds no personal data, these rights are inherently fulfilled:
| Right | GDPR Article | How It Is Fulfilled |
|---|---|---|
| Right of access | Art. 15 | All data Sentinel holds is visible directly within the app at all times. |
| Right to rectification | Art. 16 | You can edit stored devices, preferences, and credentials directly in the app. |
| Right to erasure ("right to be forgotten") | Art. 17 | You can remove stored devices and credentials, or uninstall the app to erase everything. |
| Right to restriction of processing | Art. 18 | No processing occurs by 6tSevn BV. You control all processing on your device. You can stop scanning at any time. |
| Right to data portability | Art. 20 | No 6tSevn-held data exists to port; the data on your device is under your direct control. |
| Right to object | Art. 21 | No profiling, automated decision-making, or direct marketing is performed. |
| Right to withdraw consent | Art. 7(3) | You can revoke Local Network access or notifications at any time in your device settings. |
9. Data Protection by Design and by Default (Art. 25)
Sentinel is built according to the GDPR principles of data protection by design and by default:
- Data minimization: The app only handles data necessary to discover, activate, and configure devices. No metadata or behavioral data is collected by 6tSevn BV.
- Purpose limitation: Device and configuration data is used solely for the app's core functionality and is never repurposed.
- Storage limitation: Data exists only as long as the user chooses to keep it. No automatic retention occurs at 6tSevn BV.
- Integrity and confidentiality: Credentials are stored in the Keychain, protected by iOS/macOS Data Protection. Activation uses encryption on-device.
- No server surface at 6tSevn: The app sends no data to 6tSevn servers, eliminating server-side breach risk on our part.
10. Data Protection Impact Assessment (DPIA)
Given that 6tSevn BV does not collect, process, or store any personal data from Sentinel users, a formal DPIA under Article 35 GDPR is not required with respect to 6tSevn BV's processing. Users who deploy Sentinel in their own organisations remain responsible for their own compliance obligations regarding the devices and networks they manage.
11. Security Measures (Art. 32)
Although 6tSevn BV does not process personal data from Sentinel users, the app implements the following technical security measures on-device:
- Keychain storage: Credentials are stored in the iOS/macOS Keychain, never in plain text.
- Encrypted activation: Device activation uses encryption on-device before credentials are sent to the target device.
- App sandboxing: iOS/macOS sandboxing ensures no other application can access Sentinel's stored data.
- Local-only communication: The app communicates only with devices on your local network; it sends no data to 6tSevn servers.
- Password-policy enforcement: Sentinel enforces a strong password policy to keep the devices you commission hardened.
12. Breach Notification (Art. 33 & 34)
Since 6tSevn BV does not collect, store, or process personal data from Sentinel users, a data breach at 6tSevn BV cannot expose Sentinel user data. In the unlikely event of a vulnerability affecting the app's security, we will:
- Investigate and address the vulnerability promptly.
- Release an app update with a fix.
- Notify users through the App Store update notes.
- Report to the relevant supervisory authority within 72 hours if required under Article 33 GDPR.
13. Changes to This Statement
6tSevn BV reserves the right to update this GDPR Compliance Statement. Any material changes will be published on our website with an updated "Last Updated" date. We encourage users to review this statement periodically.
14. Contact & Complaints
If you have questions about this GDPR Compliance Statement or wish to exercise your data protection rights, please contact us:
6tSevn BV
Gangboord 11
3356 DG Papendrecht
The Netherlands
Email: privacy@6tsevn.com
Website: https://6tsevn.com
If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local data protection supervisory authority. For users in the Netherlands, this is:
Autoriteit Persoonsgegevens (Dutch Data Protection Authority)
Website: https://autoriteitpersoonsgegevens.nl
Phone: +31 (0)70 888 85 00
This GDPR Compliance Statement applies to the Sentinel app available on the Apple App Store, developed and published by 6tSevn BV.