Sensay Privacy Policy
GENERAL DATA PROTECTION REGULATION (GDPR) POLICY
Sensay operates the Sensay web app and mobile application (hereinafter referred to as "Service"). This policy outlines our practices with respect to collecting, using, maintaining, protecting, and disclosing your Personal Data under the General Data Protection Regulation (GDPR) in the United Kingdom.
1. DEFINITIONS
- Personal Data: Personal Data refers to any information that relates to an identified or identifiable natural person. This includes, but is not limited to, names, identification numbers, location data, online identifiers, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of a natural person. For example, this can include your name, email address, phone number, and any other information that can directly or indirectly identify you.
- Data Controller: The Data Controller is the individual or legal entity (such as a company or organization) that determines the purposes and means of processing personal data. Sensay acts as the Data Controller when it collects and uses your personal data to provide and improve its services, meaning Sensay is responsible for ensuring that your personal data is processed in compliance with GDPR.
- Data Processor: The Data Processor is a person or entity that processes personal data on behalf of the Data Controller. In the context of Sensay, this could include third-party service providers that handle data to support Sensay's services. Data Processors must adhere to strict data processing standards and are only allowed to process data as instructed by the Data Controller.
- Data Subject: A Data Subject is any living individual whose personal data is processed by the Data Controller or Data Processor. If you use Sensay's services, you are a Data Subject. As a Data Subject, you have certain rights regarding your personal data, such as the right to access, correct, and request deletion of your data.
2. PRINCIPLES FOR PROCESSING PERSONAL DATA
Our principles for processing personal data are based on fairness, lawfulness, transparency, purpose limitation, data minimization, and accuracy. These principles ensure that we handle your personal data responsibly and ethically.
- Fairness and Lawfulness: We process personal data in a manner that is fair, lawful, and transparent. This means we only collect and use personal data where we have a legal basis to do so, such as your consent, a contractual necessity, or a legitimate interest. We ensure that you are informed about how your data will be used, and we handle your data with respect and integrity.
- Limited Purpose: We collect and process personal data for specific, explicit, and legitimate purposes. This means we only use your personal data for the purposes we have clearly outlined in this policy or for purposes that are compatible with those initially described. For example, we use your data to provide and enhance our services, communicate with you, and ensure the security of our platform.
- Data Minimization: We ensure that the personal data we collect is adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed. This means we only collect the information we need to achieve the intended purpose. For instance, we will not collect excessive or unnecessary data from you.
- Accuracy: We take every reasonable step to ensure that personal data is accurate and kept up to date. If we become aware that any personal data we hold is inaccurate, we will promptly rectify or delete it. You also have the right to request corrections to your personal data if you believe it is inaccurate or incomplete.
3. DATA WE COLLECT AND PROCESS
We may collect and process a variety of data about you, which can be categorized into several types:
- Personal Identifiers: This includes information that can directly identify you, such as your name, email address, phone number, and any other contact details you provide. We collect these identifiers when you create an account, subscribe to our services, or communicate with us.
- Technical Data: This includes information about the devices you use to access our services, such as your IP address, browser type, operating system, device type, and settings. We collect technical data to enhance your user experience, ensure the security of our platform, and analyze how our services are used.
- Usage Data: This includes information about how you interact with our services. For example, we collect data on your activity on our platform, the features you use, the pages you visit, the actions you take, and the time and duration of your visits. Usage data helps us understand user behavior, improve our services, and provide a better user experience.
- Communication Data: This includes records of our communications with you, such as emails, chat logs, and customer support inquiries. Communication data allows us to respond to your requests, provide support, and keep a record of our interactions for quality assurance and training purposes.
- Profile Data: This includes information you provide when creating a profile or using certain features of our services, such as your preferences, interests, and any content you upload. Profile data helps us personalize your experience and provide relevant content and recommendations.
4. HOW WE USE YOUR DATA
We use your personal data for various purposes to ensure that we provide you with the best possible experience. These purposes include:
- Providing and Improving Our Service: We use your personal data to deliver the services you have requested, such as creating and managing your account, providing access to digital replicas, and ensuring the functionality of our platform. We also use your data to improve our services by analyzing user behavior, identifying areas for enhancement, and implementing new features based on user feedback.
- Communicating with You: We use your contact information to communicate with you about your account, our services, and any changes or updates. This includes sending you service-related notifications, newsletters, promotional materials, and responding to your inquiries and support requests. You can manage your communication preferences through your account settings or by contacting us directly.
- Enhancing User Experience: We use technical and usage data to understand how you interact with our services, personalize your experience, and provide you with relevant content and recommendations. This helps us tailor our services to your needs and preferences, ensuring a more engaging and satisfying experience.
- Ensuring Security and Compliance: We use your personal data to maintain the security of our platform, detect and prevent fraud, and ensure compliance with legal and regulatory requirements. This includes monitoring user activity for suspicious behavior, conducting security audits, and implementing measures to protect against unauthorized access and data breaches.
- Providing Customer Care and Support: We use your personal data to provide you with customer care and support. This includes addressing your questions, resolving issues, and offering assistance with using our services. Our support team may access your data to troubleshoot problems, provide guidance, and ensure that your experience with Sensay is smooth and satisfactory.
- Conducting Research and Analysis: We use aggregated and anonymized data for research and analysis purposes to understand market trends, user behavior, and the effectiveness of our services. This helps us make informed decisions, develop new features, and improve our overall service offering.
- Legal and Regulatory Compliance: We use your personal data to comply with legal obligations and respond to lawful requests from public authorities. This includes maintaining records for regulatory purposes, cooperating with law enforcement, and fulfilling our legal responsibilities.
5. DISCLOSURE OF YOUR DATA
Sensay may disclose your personal data to various parties under specific circumstances. These disclosures are made to support our business operations, comply with legal obligations, or enforce our rights. Detailed scenarios include:
- Subsidiaries and Affiliates: We may share your data with our subsidiaries and affiliates for purposes consistent with this privacy policy. This sharing helps us provide integrated services across our organization.
- Service Providers and Contractors: We engage third-party service providers and contractors to perform certain business functions on our behalf. These may include data hosting, payment processing, customer support, and analytics. We ensure that these third parties are obligated to maintain the confidentiality and security of your data and to use it only for the purposes we specify.
- Legal Compliance: We may disclose your data to comply with applicable laws, regulations, or legal processes. This includes responding to court orders, subpoenas, or requests from government or regulatory authorities. We will ensure that such disclosures are necessary and proportionate.
- Enforcement of Rights: We may disclose your data to enforce our rights arising from any contracts entered into between you and us. This includes actions related to billing, collections, and the protection of our legal interests. In these cases, we take necessary steps to protect your privacy and ensure that disclosures are limited to what is essential.
6. DATA SECURITY
Sensay prioritizes the security of your personal data by implementing robust technical and organizational measures. Our comprehensive approach to data security includes:
- Encryption: We use advanced encryption technologies to protect your data during transmission and storage. This ensures that your data is only accessible to authorized parties.
- Access Controls: We implement strict access controls to ensure that only authorized personnel can access personal data. This includes role-based access controls and multi-factor authentication to prevent unauthorized access.
- Data Minimization: We adhere to the principle of data minimization, collecting only the data necessary for specific purposes and retaining it only for as long as needed.
- Regular Security Audits: We conduct regular security audits and assessments to identify and address potential vulnerabilities. This helps us continuously improve our security practices and stay ahead of emerging threats.
- Incident Response: We have a detailed incident response plan to address potential data breaches. In the event of a breach, we will take immediate action to mitigate the impact and notify affected individuals and relevant authorities as required by law.
7. DATA MANAGEMENT AND PRIVACY LAYERS
Sensay offers multiple layers of privacy to ensure users have control over their data and how it is shared. Our privacy layers include:
- Public Replicas: These replicas are designed for broad interaction and sharing. Public replicas can engage with a wide audience, providing general information and experiences. However, they do not disclose sensitive personal data.
- Private Replicas: Private replicas are restricted to the user and specific whitelisted accounts. These replicas contain more detailed and personal information, ensuring that only trusted individuals have access. Private replicas are ideal for sharing sensitive information within a controlled group.
- Secrets in Public Replicas: Some public replicas include "Secrets", which are pieces of information accessible only to whitelisted accounts. This feature allows users to share certain details selectively, even within a public setting, providing an additional layer of privacy for sensitive information.
- Data Storage and Transfer: Sensay ensures that data storage and transfer processes comply with GDPR and other relevant regulations. Data is stored securely, with appropriate safeguards to protect it during transfer across different systems or geographical locations.
8. USER LEVELS OF CONTROL
Sensay empowers users with various levels of control over their personal data to enhance transparency and trust. The controls available to users include:
- Data Access: Users have the right to access their personal data held by Sensay. This includes the ability to review, download, and understand what data is being processed and for what purposes.
- Data Modification: Users can update or correct their personal data to ensure its accuracy. This is crucial for maintaining the integrity of the digital replicas and the quality of interactions.
- Data Deletion: Users can request the deletion of their personal data under the "Right to be Forgotten." Sensay provides an easy-to-use process for submitting deletion requests, ensuring compliance with legal requirements and honoring user preferences.
- Consent Management: Users can manage their consent for various data processing activities. This includes opting in or out of specific uses of their data, such as marketing communications or participation in research studies. Sensay ensures that consent is obtained transparently and that users can withdraw consent at any time.
- Data Portability: Sensay supports data portability, allowing users to transfer their personal data to another service provider. This is facilitated through standard data formats, ensuring that users can easily migrate their information without loss of integrity.
- Privacy Settings: Sensay provides customizable privacy settings within the platform. Users can adjust these settings to control the visibility of their data, manage whitelisted accounts, and determine the level of interaction for their replicas.
9. COMPANY LEVELS OF CONTROL
Data Processing:
- Consent-Based Processing: SSensay processes personal data based on explicit consent from users. Consent is obtained transparently and users are informed about the specific purposes for which their data will be used.
- Legitimate Business Purposes: In addition to consent, Sensay may process data for legitimate business purposes, such as improving services, conducting research, and ensuring security and compliance.
Data Processing:
- Encryption Protocols: All data, both in transit and at rest, is secured using advanced encryption protocols to prevent unauthorized access and data breaches.
- Access Controls: Strict access control measures are implemented to ensure that only authorized personnel can access sensitive data. This includes multi-factor authentication and role-based access controls.
- Security Audits: Regular security audits are conducted to identify and mitigate potential vulnerabilities. These audits are performed by internal and external experts to ensure comprehensive security coverage.
Data Auditing:
- Regular Audits: Sensay conducts regular audits of its data processing activities to ensure compliance with GDPR and other relevant data protection regulations. These audits assess data handling practices, security measures, and user consent management.
- Transparency Reports: Sensay provides transparency reports to users, outlining data processing activities, security measures, and any incidents or breaches that may have occurred. These reports are part of our commitment to transparency and accountability.
10. END-TO-END ENCRYPTION AND FHE SECURITY
End-to-End Encryption:
- Data Encryption: Sensay uses end-to-end encryption to protect data from the moment it is collected until it reaches its intended destination. This ensures that data remains secure during transmission and storage.
- Secure Channels: CCommunication between users and Sensay's servers is encrypted using secure channels (e.g., TLS/SSL). This prevents unauthorized interception and access to sensitive information.
- Encrypted Storage: Data stored on Sensay's servers is encrypted using advanced encryption standards. This ensures that even if data is accessed unlawfully, it remains unreadable and secure.
Fully Homomorphic Encryption (FHE):
- Data Processing: Sensay employs Fully Homomorphic Encryption (FHE) to perform computations on encrypted data without needing to decrypt it first. This allows for secure data processing while maintaining the privacy and confidentiality of user data.
- Enhanced Security: FHE provides an additional layer of security by ensuring that sensitive information is never exposed during data processing activities. This is particularly important for preserving the confidentiality of user interactions and personal information.
- Compliance and Trust: By using FHE, Sensay ensures compliance with strict data protection regulations and builds trust with users by demonstrating a commitment to the highest standards of data security and privacy.
11. ETHICAL CONSIDERATIONS OF DIGITAL CLONING
Informed Consent:
- Explicit Permission: Sensay obtains explicit permission from individuals before creating digital replicas. Users are fully informed about the process, the data involved, and the potential uses of their digital replicas.
- Transparent Practices: Sensay provides clear and comprehensive information about how digital replicas are created, how data is used, and the rights of the individuals involved. This transparency helps users make informed decisions about their participation.
Privacy Respect:
- User Preferences: Sensay respects the privacy and preferences of individuals, ensuring that data is used in accordance with their wishes. Users have control over what information is included in their digital replicas and can modify or delete data as needed.
- Confidentiality: Sensay takes measures to protect the confidentiality of personal data, ensuring that sensitive information is not disclosed without appropriate authorization.
Transparency:
- Data Usage: Sensay provides detailed information about how user data is collected, processed, and shared. This includes information about third-party involvement and the specific purposes for which data is used.
- User Control: Individuals have control over their data and can manage their digital replicas through Sensay's user-friendly interfaces. This includes options to update, delete, or restrict access to their data.
User Control:
- Access and Management:: Users can access their data and manage their digital replicas through Sensay's platform. This includes the ability to view, update, and delete information as well as control who has access to their replicas.
- Data Portability: Sensay supports data portability, allowing users to transfer their data to other services if they choose to do so. This empowers users to maintain control over their personal information and digital legacy.
12. YOUR RIGHTS UNDER THE GDPR
Right to be Informed:
- Transparency: Sensay ensures that users are fully informed about the collection and use of their personal data. This includes clear explanations of data processing activities and purposes.
- Comprehensive Policies: Our privacy policy provides detailed information about user rights and data handling practices, ensuring that users understand how their data is managed.
Right to Access:
- Data Requests: Users have the right to request access to their personal data. Sensay provides mechanisms for users to view the data we hold about them and understand how it is being used.
- Response Time: Sensay responds to data access requests promptly, typically within one month, in accordance with GDPR requirements.
Right to Rectification:
- Data Accuracy: Users can request corrections to their personal data if it is inaccurate or incomplete. Sensay provides easy-to-use tools for users to update their information.
- Timely Updates: We ensure that data corrections are made promptly to maintain the accuracy and reliability of user information.
Right to be Forgotten:
- Data Deletion: Users can request the deletion of their personal data, also known as the "right to be forgotten." Sensay honors these requests and removes user data from our systems.
- Permanent Removal: Once data is deleted, it is permanently removed from our active systems and backup storage to ensure complete erasure.
Right to Restrict Processing:
- Processing Limitations: Users can request restrictions on the processing of their personal data. This includes limiting the ways in which their data is used while allowing it to remain stored.
- Controlled Access: Sensay respects processing restrictions and ensures that restricted data is only used in accordance with user instructions.
Right to Data Portability:
- Data Transfer: Users have the right to request the transfer of their personal data to another service or platform. Sensay provides data in a structured, commonly used, and machine-readable format to facilitate this process.
- Seamless Transition: We ensure that data transfers are handled securely and efficiently to support user needs.
Right to Object:
- Processing Objections: Users can object to the processing of their personal data for specific purposes, such as direct marketing. Sensay respects these objections and ceases processing activities as requested.
- Respecting User Choices: We prioritize user preferences and ensure that objections are addressed promptly and appropriately.
13. CHANGES TO THIS POLICY
Any changes we make to our GDPR policy in the future will be posted on this page. Please check back frequently to see any updates or changes to our GDPR policy. By adhering to these detailed policies and practices, Sensay is committed to protecting user data and ensuring compliance with GDPR regulations. We strive to provide a secure, transparent, and user-centric experience for all individuals using our services.
14. CONTACT DETAILS
For any queries or requests relating to your personal data, please contact us at: gdpr@sensay.io.
We appreciate your trust in Sensay and are committed to safeguarding your privacy and personal data.
This GDPR Policy was last updated on 18th June, 2024.