Data Processing

This Data Processing page explains how SentraRisk Systems approaches customer data when providing fraud-risk intelligence, transaction scoring, alert review, reporting, API access, Xero-supported imports, and related services.

It is intended to support customer due diligence and should be reviewed alongside our Privacy Policy, Terms of Service, and Security Statement.

For customer transaction records, user-managed business data, uploaded files, and connected accounting data, the customer is generally the controller and SentraRisk Systems acts as a processor where it processes that data to provide the service.

For account administration, billing, security, product analytics, support, and service communications, SentraRisk Systems may act as an independent controller for the limited information needed to operate the business and protect the service.

Customer data may include transaction details, supplier or counterparty references, payment amounts, account identifiers, reviewer notes, alert status, uploaded spreadsheet content, Xero-imported supplier bill information, crypto wallet references, and risk-scoring outputs.

Account and operational data may include organisation name, user names, work email addresses, roles, login activity, audit activity, API key records, subscription status, and support messages.

SentraRisk Systems processes customer data to provide and improve the contracted service, maintain security, troubleshoot issues, respond to support requests, manage billing-related access, and comply with legal obligations.

We do not sell customer data. We do not use customer transaction data for unrelated advertising.

SentraRisk is designed with organisation-level data separation, role-based access controls, login protection, audit logs, API key controls, and payment-gated access for unpaid workspaces.

Customers remain responsible for managing their own users, uploaded data, local files, connected accounting permissions, devices, and internal approval processes.

SentraRisk Systems may use trusted service providers for hosting, payment processing, email, analytics, infrastructure, and operational support. These providers are used only where needed to operate, secure, bill, or support the service.

Customers can contact support@sentrarisksystems.com for current information about core providers used for the service.

Customer data is retained for as long as needed to provide the service, meet legal or accounting requirements, resolve disputes, support security, or comply with customer instructions.

On reasonable request, SentraRisk can assist with deletion or export of customer data, subject to technical limits, legal obligations, backup retention, and legitimate business record requirements.

Where SentraRisk acts as processor, the customer is responsible for responding to data subject requests and regulatory enquiries. SentraRisk will provide reasonable assistance where required and technically possible.

Requests relating to SentraRisk account, support, or billing information can be sent to support@sentrarisksystems.com.

This page is intended as a practical operating statement and does not replace a signed data processing agreement where one is required. Customers with specific legal, procurement, or regulatory requirements should contact us before onboarding production data.