These Terms of Service ("Terms") constitute a legally binding agreement between you ("Customer," "you," or "your") and SentinelSMB LLC, a North Dakota limited liability company ("SentinelSMB," "we," "us," or "our"), governing your access to and use of the SentinelSMB cybersecurity monitoring platform, including the website at sentinelsmb.co, the application at app.sentinelsmb.co, and all related services (collectively, the "Service").
By creating an account, connecting a cloud platform integration, or otherwise accessing the Service, you acknowledge that you have read, understood, and agree to be bound by these Terms. If you are accepting these Terms on behalf of a business, organization, or other legal entity, you represent and warrant that you have the authority to bind that entity to these Terms.
Important Notice: SentinelSMB is a monitoring and alerting tool. It is not a managed security service provider (MSSP), a guarantee against security breaches, a compliance certification, legal advice, or a substitute for independent security controls. Please read Section 10 (Disclaimer of Warranties) and Section 11 (Limitation of Liability) carefully.
Definitions
As used in these Terms, the following definitions apply:
- "Alert" means a notification generated by the Service regarding a detected security event, including any AI-generated explanation, severity classification, compliance mapping, or remediation suggestion.
- "AI-Generated Content" means any text, analysis, explanation, compliance citation, severity score, remediation suggestion, security score, or other output produced by artificial intelligence systems integrated into the Service, including but not limited to Anthropic Claude.
- "Cloud Platform" means any third-party service that can be connected to SentinelSMB for monitoring, including Microsoft 365, Google Workspace, Amazon Web Services, and Cloudflare.
- "Compliance Mapping" means the informational references to regulatory frameworks (such as ABA Model Rules, CMMC, FTC Safeguards Rule, PCI-DSS, and state breach notification laws) included in Alerts. Compliance Mappings are informational only and do not constitute legal advice, regulatory guidance, or certification of compliance.
- "Customer Data" means all data originating from or relating to your Cloud Platforms that is processed by the Service, including security event metadata, audit log entries, IP addresses, user identifiers, timestamps, and AI-Generated Content derived from such data.
- "Integration Credentials" means the OAuth tokens, API keys, access keys, or other authentication credentials you provide or authorize to enable the Service to access your Cloud Platforms.
- "Remediation Action" means an action initiated by you through the Service dashboard that affects your Cloud Platform, such as blocking an IP address, forcing a password reset, or suspending a user account.
- "Security Score" means the numerical score (0 to 100) generated by the Service to represent your security posture. The Security Score is an informational metric based on available data and does not constitute an audit, certification, or guarantee of security.
Service Description
SentinelSMB provides automated cybersecurity monitoring for small and mid-size businesses. The Service connects to your Cloud Platforms via authorized API integrations, monitors security event data at regular intervals, enriches detected events with threat intelligence from third-party sources, generates automated analysis and Alerts, and delivers notifications through your configured channels.
What the Service Is: A software tool that monitors, detects, analyzes, and reports on security events in your cloud environments.
What the Service Is Not: The Service is not an MSSP, SOC, incident response service, insurance product, legal advisor, compliance auditor, data backup service, or guarantee that security incidents will be prevented or detected. The Service does not replace the need for independent security controls, employee training, incident response planning, or professional cybersecurity and legal counsel.
Account Registration and Eligibility
To use the Service, you must create an account and provide accurate, current, and complete information. You are responsible for maintaining the security of your account credentials and for all activity that occurs under your account. You must notify us immediately at support@sentinelsmb.co if you become aware of any unauthorized use of your account.
You represent and warrant that: (a) you are at least 18 years of age; (b) you have the legal authority to enter into these Terms; (c) if acting on behalf of an organization, you have the authority to bind that organization; and (d) you have the authority to connect the Cloud Platforms you integrate with the Service.
Subscription Plans and Pricing
SentinelSMB offers the following subscription tiers:
- Starter: $299 per month — 1 cloud integration (Microsoft 365 or Google Workspace), up to 50 users, Plain-English alerts, daily security digest email, Slack and email alerts, NDCC 51-30 compliance mapping, security posture score
- Pro: $599 per month — all 4 integrations (M365, Google Workspace, AWS, Cloudflare), up to 250 users, ABA, CMMC, FTC Safeguards, SOC 2, and PCI compliance mapping, one-click remediation, monthly compliance report (PDF), SMS, Microsoft Teams, and PagerDuty alerts, priority support with 1-hour SLA
Custom pricing is available for organizations requiring unlimited users, custom threat intelligence, or SIEM integration. Contact support@sentinelsmb.co for details.
All prices are in United States dollars and are exclusive of applicable taxes. We reserve the right to modify pricing with at least 30 days advance written notice. Price changes will not apply to your current billing period and will take effect at the start of the next billing period following the notice.
Free Trial and Auto-Renewal
Auto-Renewal Notice: Your subscription will automatically renew at the end of your trial period and at the end of each subsequent billing period unless you cancel before the renewal date. Please read this section carefully.
5.1 Free Trial
Each subscription plan includes a 7-day free trial period ("Trial"). A valid payment method is required to start the Trial. You will not be charged during the 7-day Trial period. If you cancel before the end of the Trial, you will not be charged.
5.2 Automatic Conversion to Paid Subscription
If you do not cancel before the end of the 7-day Trial, your subscription will automatically convert to a paid subscription at the rate for your selected plan. Your payment method on file will be charged the applicable monthly fee beginning on the 8th day after your Trial start date, and on the same day of each subsequent month thereafter.
5.3 Billing
Subscriptions are billed monthly through Stripe. You authorize us to charge your payment method on file for all applicable fees. If a payment fails, we will attempt to collect payment using the information on file. If payment remains unsuccessful after reasonable attempts, we may suspend or terminate your access to the Service.
5.4 Refund Policy
Monthly subscription fees are non-refundable. If you cancel your subscription, you will retain access to the Service through the end of your current billing period. No partial-month refunds will be issued.
Cancellation
You may cancel your subscription at any time through the billing management section of your account dashboard at app.sentinelsmb.co. You may also cancel by accessing the Stripe billing portal through your dashboard settings. Cancellation takes effect at the end of your current billing period.
Upon cancellation: (a) you will retain access to the Service through the end of your current billing period; (b) no further charges will be applied to your payment method; (c) monitoring of your Cloud Platforms will cease at the end of the billing period; and (d) your Customer Data will be retained and deleted in accordance with Section 18 (Data Retention and Deletion) of these Terms and our Privacy Policy. Security event data is retained for 12 months from creation to support compliance and audit obligations.
Authorized Use
You agree to use the Service only for lawful purposes and in accordance with these Terms. You represent and warrant that you have the legal authority and all necessary consents to connect the Cloud Platforms and accounts you integrate with the Service, and that your use of the Service complies with all applicable laws and regulations. You must not:
- Use the Service to monitor accounts, platforms, or systems that you do not own or for which you have not obtained proper authorization to monitor
- Attempt to reverse-engineer, decompile, disassemble, or derive the source code of any part of the Service
- Use the Service to conduct attacks, penetration testing, or unauthorized access against any system
- Share your account credentials with unauthorized individuals
- Resell, sublicense, or redistribute the Service without our prior written consent
- Interfere with or disrupt the integrity or performance of the Service
- Use the Service in any manner that violates applicable laws or regulations
Integration Permissions and Authorization
When you connect a Cloud Platform to SentinelSMB, you explicitly authorize the Service to access that platform using the Integration Credentials you provide or authorize through OAuth. This authorization includes permission to:
- Read audit logs, sign-in activity, security alerts, and administrative events from your Cloud Platforms
- Query threat intelligence services using IP addresses and identifiers found in your security event data
- Submit event metadata to AI services for triage, analysis, and explanation
- Execute Remediation Actions that you explicitly initiate through the dashboard
You may revoke the authorization for any integration at any time by disconnecting the integration from your dashboard or by revoking access directly within your Cloud Platform settings. Upon revocation, SentinelSMB will cease accessing the disconnected platform. We access only the minimum API permissions required for security monitoring and do not access the contents of your emails, documents, files, or messages.
Remediation Actions
The Service offers one-click Remediation Actions, including but not limited to blocking IP addresses in Cloudflare, forcing password resets in Microsoft 365, suspending user accounts in Google Workspace, and deactivating AWS access keys. All Remediation Actions are initiated solely by you through the Service dashboard and require your explicit confirmation before execution.
You acknowledge and agree that: (a) you are solely responsible for the decision to initiate any Remediation Action; (b) Remediation Actions may cause temporary disruption to your business operations; (c) SentinelSMB is not liable for any business disruption, data loss, or other consequences resulting from Remediation Actions you initiate; and (d) you should exercise independent judgment and, when appropriate, consult with qualified professionals before initiating Remediation Actions that may have significant operational impact.
Disclaimer of Warranties
Please read this section carefully. It affects your legal rights.
THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, SENTINELSMB DISCLAIMS ALL WARRANTIES, INCLUDING BUT NOT LIMITED TO:
- IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT
- ANY WARRANTY THAT THE SERVICE WILL DETECT ALL SECURITY THREATS, VULNERABILITIES, OR INCIDENTS
- ANY WARRANTY THAT THE SERVICE WILL PREVENT SECURITY BREACHES, DATA LOSS, OR UNAUTHORIZED ACCESS
- ANY WARRANTY THAT AI-GENERATED CONTENT, INCLUDING TRIAGE ANALYSES, COMPLIANCE MAPPINGS, SEVERITY SCORES, REMEDIATION SUGGESTIONS, AND SECURITY SCORES, WILL BE ACCURATE, COMPLETE, CURRENT, OR SUITABLE FOR ANY PARTICULAR PURPOSE
- ANY WARRANTY THAT THE SERVICE WILL OPERATE WITHOUT INTERRUPTION, ERRORS, OR DELAYS
- ANY WARRANTY THAT COMPLIANCE MAPPINGS CONSTITUTE COMPLIANCE WITH ANY LAW, REGULATION, OR STANDARD
- ANY WARRANTY REGARDING THE ACCURACY OR COMPLETENESS OF THREAT INTELLIGENCE DATA FROM THIRD-PARTY SOURCES
No information or advice, whether oral or written, obtained from SentinelSMB or through the Service, creates any warranty not expressly stated in these Terms. You acknowledge that cybersecurity monitoring is inherently imperfect and that no monitoring system can guarantee detection of all threats.
Limitation of Liability
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW:
(a) IN NO EVENT SHALL SENTINELSMB, ITS OWNER, MEMBERS, EMPLOYEES, CONTRACTORS, OR AGENTS BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING BUT NOT LIMITED TO LOSS OF PROFITS, LOSS OF DATA, LOSS OF BUSINESS OPPORTUNITIES, BUSINESS INTERRUPTION, COST OF PROCUREMENT OF SUBSTITUTE SERVICES, REGULATORY FINES OR PENALTIES, OR DAMAGES ARISING FROM SECURITY BREACHES OR UNAUTHORIZED ACCESS TO YOUR SYSTEMS, REGARDLESS OF THE CAUSE OF ACTION OR THE THEORY OF LIABILITY (WHETHER IN CONTRACT, TORT, NEGLIGENCE, STRICT LIABILITY, OR OTHERWISE), EVEN IF SENTINELSMB HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
(b) THE TOTAL AGGREGATE LIABILITY OF SENTINELSMB FOR ALL CLAIMS ARISING OUT OF OR RELATED TO THESE TERMS OR THE SERVICE SHALL NOT EXCEED THE TOTAL AMOUNT PAID BY YOU TO SENTINELSMB IN THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE CLAIM.
(c) THE LIMITATIONS IN THIS SECTION APPLY TO THE FULLEST EXTENT PERMITTED BY LAW IN THE APPLICABLE JURISDICTION AND SHALL APPLY REGARDLESS OF WHETHER SENTINELSMB HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES AND REGARDLESS OF WHETHER ANY LIMITED REMEDY FAILS OF ITS ESSENTIAL PURPOSE.
AI-Generated Content
The Service uses artificial intelligence, including Anthropic Claude, to analyze security events and generate content including plain-English explanations, severity classifications, compliance mappings, remediation suggestions, and security scores ("AI-Generated Content"). You acknowledge and agree that:
- AI-Generated Content is produced by automated systems and may contain errors, inaccuracies, or incomplete information
- AI-Generated Content is provided for informational purposes only and does not constitute professional cybersecurity advice, legal advice, compliance certification, or regulatory guidance
- Compliance Mappings included in Alerts reference regulatory frameworks for informational purposes only and do not represent a determination of your compliance status or obligations under any law or regulation
- Remediation suggestions are general recommendations and may not be appropriate for your specific environment, configuration, or business requirements
- You are solely responsible for independently evaluating and verifying AI-Generated Content before making decisions or taking action based on it
- SentinelSMB does not warrant the accuracy, completeness, or suitability of any AI-Generated Content
- Security Scores are informational metrics based on available data and algorithmic analysis, not professional security assessments or certifications
Indemnification
You agree to indemnify, defend, and hold harmless SentinelSMB and its owner, members, employees, contractors, and agents from and against any and all claims, damages, losses, liabilities, costs, and expenses (including reasonable attorney fees) arising out of or related to:
- Your use of the Service or any Remediation Action you initiate
- Your violation of these Terms
- Your violation of any applicable law or regulation
- Your breach of any representation or warranty made in these Terms
- Any claim by a third party arising from your use of the Service, including claims related to your Cloud Platform integrations
- Any action you take or fail to take based on AI-Generated Content, Alerts, Compliance Mappings, or Security Scores
Data Ownership and License
You retain all ownership rights in your Customer Data. By using the Service, you grant SentinelSMB a limited, non-exclusive, non-transferable license to access, process, store, and analyze your Customer Data solely for the purpose of providing, maintaining, and improving the Service. This license terminates upon termination of your subscription and deletion of your data in accordance with Section 18.
SentinelSMB may use aggregated, anonymized data that does not identify you or any individual for the purpose of improving the Service, developing threat intelligence, and conducting research. Such anonymized data will not include Integration Credentials or information that could reasonably be used to identify your organization.
Confidentiality and Security Practices
SentinelSMB implements commercially reasonable security measures to protect Customer Data and Integration Credentials, including:
- Encryption in transit using TLS for all web communications
- Encryption at rest for stored data via our database provider
- OAuth 2.0 for Cloud Platform integrations (SentinelSMB does not store your platform passwords)
- Row-level security policies on database tables
- HMAC signature verification for internal system communications
You acknowledge that: (a) no security measure is impenetrable; (b) the security measures described above do not constitute a warranty against security breaches of SentinelSMB infrastructure; and (c) you are responsible for maintaining independent security controls for your own systems and Cloud Platforms. SentinelSMB will promptly notify affected customers if we become aware of a security breach affecting Customer Data or Integration Credentials.
Third-Party Services and Subprocessors
The Service relies on third-party services ("Subprocessors") to operate. Current Subprocessors include:
- Supabase (United States) — Database and authentication
- Vercel (United States) — Frontend hosting and deployment
- DigitalOcean (United States) — Monitoring agent infrastructure
- Anthropic (United States) — Automated event triage and analysis
- Stripe (United States) — Payment processing and billing
- Resend (United States) — Transactional email delivery
- Twilio (United States) — SMS alert delivery
- AbuseIPDB (United States) — IP reputation and threat intelligence
SentinelSMB is not responsible for the acts, omissions, or failures of third-party Subprocessors. We will provide notice of material changes to our Subprocessor list. For additional detail on data handling by Subprocessors, see our Privacy Policy.
Service Availability
We strive to maintain high availability of the Service but do not guarantee uninterrupted or error-free operation. The monitoring agent checks for threats at approximately 5-minute intervals. Alert delivery is subject to the availability of third-party notification channels (Slack, SMS, email, Microsoft Teams, PagerDuty). We are not liable for downtime or service degradation caused by:
- Outages or changes to third-party Cloud Platforms (Microsoft, Google, AWS, Cloudflare)
- Outages or changes to Subprocessor services
- Internet connectivity issues
- Scheduled maintenance (communicated in advance when practicable)
- Force majeure events
- Actions taken by you, including revoking API access or modifying Cloud Platform configurations
Data Retention and Deletion
We retain security event data and AI-Generated Content for twelve (12) months from the date of creation. This retention period applies regardless of subscription status and is designed to satisfy audit and compliance requirements under applicable regulatory frameworks, including the FTC Safeguards Rule, IRS Publication 4557, CMMC 2.0, and state breach notification laws. Data older than 12 months is automatically purged.
Upon cancellation or termination of your subscription:
- Integration Credentials (OAuth tokens, API keys) will be deleted within 7 days
- Security event data and AI-Generated Content will continue to be retained for the remainder of the 12-month retention window from the date each record was created, then automatically purged
- Account information (name, email, company name) may be retained for up to 12 months after cancellation for legal, billing, and compliance purposes
- Anonymized, aggregated data that cannot identify you or your organization may be retained indefinitely
You may request earlier deletion of your data by contacting us at support@sentinelsmb.co. Data deletion requests will be processed within 30 days, subject to any legal retention obligations. Please note that early deletion of security event data may affect your ability to demonstrate compliance with applicable regulatory frameworks.
Termination
We may suspend or terminate your access to the Service immediately and without prior notice if: (a) you materially breach these Terms; (b) you use the Service to monitor systems you are not authorized to monitor; (c) your use of the Service poses a security risk to us or other customers; (d) we are required to do so by law or regulation; or (e) your account is inactive for more than 12 consecutive months.
Upon termination: (a) your right to access and use the Service ceases immediately; (b) your data will be handled in accordance with Section 18; and (c) any provisions of these Terms that by their nature should survive termination will survive, including but not limited to Sections 10, 11, 12, 13, and 20.
Governing Law and Dispute Resolution
These Terms are governed by and construed in accordance with the laws of the State of North Dakota, without regard to its conflict of law provisions. Any dispute, claim, or controversy arising out of or related to these Terms or the Service shall be brought exclusively in the state or federal courts located in Burleigh County, North Dakota, and you consent to the personal jurisdiction of such courts.
Before initiating any formal legal proceeding, you agree to first contact us at support@sentinelsmb.co and attempt to resolve the dispute informally for a period of at least 30 days.
Modification of Terms
We may update these Terms from time to time. If we make material changes, we will notify you by email at least 30 days before the changes take effect. The updated Terms will be posted at sentinelsmb.co/terms with a revised "Last updated" date. Your continued use of the Service after the effective date of updated Terms constitutes your acceptance of the changes. If you do not agree to the updated Terms, you must cancel your subscription before the effective date of the changes.
Legal Industry Customers
Compliance Mappings referencing ABA Model Rules of Professional Conduct (including Rule 1.6 regarding confidentiality of information) are informational only. They do not constitute a legal opinion regarding your ethical obligations, nor do they create an attorney-client relationship. You are solely responsible for determining your professional and ethical obligations under applicable rules of professional conduct.
Operational Transparency
SentinelSMB is founded and operated by Cole Kingsley. Customer service inquiries and support requests are handled by the founder directly. Our standard response time for support requests is within one business day during normal business hours (Monday through Friday, 9:00 AM to 5:00 PM Central Time). Critical security alerts are delivered automatically by the Service and do not depend on manual response.
If SentinelSMB becomes unable to provide the Service for any reason for a period exceeding 7 consecutive days, affected customers will be notified by email and will receive a pro-rated refund for any prepaid service period during which the Service was unavailable.
Severability
If any provision of these Terms is found by a court of competent jurisdiction to be invalid, illegal, or unenforceable, the remaining provisions shall remain in full force and effect. The invalid or unenforceable provision shall be modified to the minimum extent necessary to make it valid and enforceable while preserving the original intent of the provision.
Entire Agreement
These Terms, together with the Privacy Policy and any applicable Business Associate Agreement, constitute the entire agreement between you and SentinelSMB with respect to the Service and supersede all prior or contemporaneous communications, representations, or agreements, whether oral or written. No waiver of any provision of these Terms shall be effective unless in writing and signed by SentinelSMB.
Contact Information
SentinelSMB LLC
Cole Kingsley, Founder
Bismarck, North Dakota
support@sentinelsmb.co
sentinelsmb.co
Questions about these terms?
We are real people in Bismarck, not a chatbot. Reach out anytime.