Updated 5th May 2025
We are committed to protecting your privacy and ensuring the security of your personal data. This policy is designed to provide you with detailed information about how we collect, use, process, and protect your personal information when you use our web app and mobile application (collectively referred to as our "Service").
We understand that your privacy is important, and we want you to feel confident about the use of your personal data when engaging with our Service. This policy aims to be transparent, comprehensive, and easily understandable, ensuring that you are fully informed about your privacy rights and how we handle your data.
This policy applies to all users of Sensay's Service, including individuals using our public features and enterprise clients utilizing our advanced security measures. We encourage you to read this policy carefully to understand our practices regarding your personal data.
Sensay is a private company limited by shares, registered in Singapore under the name Sensay Pte Ltd, Number 202516659M, and address: 6A Shelton Way, Downtown Gallery, Singapore, 068815.
This Policy is governed by the laws of Singapore and you agree to submit to the exclusive jurisdiction of the Singapore courts.
To help you better understand this policy, we've defined some key terms:
Any information relating to an identified or identifiable natural person ('data subject'). This includes, but is not limited to, names, identification numbers, location data, online identifiers, or factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.
The entity that determines the purposes and means of processing personal data. In this context, Sensay acts as the Data Controller for the personal data you provide to us.
A person or entity that processes personal data on behalf of the Data Controller. This may include third-party service providers that we engage to perform certain functions.
Any living individual whose personal data is being processed. If you use Sensay's services, you are a Data Subject.
Any operation performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
A digital representation or clone of an individual created using personal data and AI technology, capable of simulating aspects of that person's behavior, knowledge, or personality.
At Sensay, we adhere to the following principles when processing your personal data:
We process personal data lawfully, fairly, and in a transparent manner. We ensure that you are informed about how your data will be used and that we handle your data with integrity.
We collect personal data for specified, explicit, and legitimate purposes. We do not process your data in ways that are incompatible with these purposes.
We ensure that the personal data we collect is adequate, relevant, and limited to what is necessary for the purposes for which it is processed. We strive to minimize the amount of data we collect and retain.
We take reasonable steps to ensure that personal data is accurate and, where necessary, kept up to date. We have processes in place to address inaccurate or incomplete data.
We keep personal data in a form that permits identification of data subjects for no longer than necessary for the purposes for which the data is processed.
We process personal data in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical and organizational measures.
We are responsible for and can demonstrate compliance with the above principles.
Sensay collects and processes various types of personal data to provide and improve our Service. The categories of data we collect include:
We collect this data through various means, including:
It's important to note that while we collect this range of data, we only process what is necessary for the specific purposes outlined in this policy. You have control over much of the data you provide and can manage your privacy settings within our Service.
Sensay uses your personal data for various purposes to provide, maintain, and improve our Service. Here's a detailed breakdown of how we use your data:
It's important to note that we always strive to use the minimum amount of data necessary to accomplish these purposes. We also provide you with controls to manage how your data is used, as detailed in the "User Levels of Control" section of this policy.
We collect, use and disclose your Personal Data only where permitted under Singapore's Personal Data Protection Act 2012 ("PDPA") or (for users located in the European Economic Area or United Kingdom) the GDPR.
You have given clear consent for a specific purpose (e.g. when you tick a box or connect a social‑media account).
Your consent is deemed when:
Where we notify you of a new purpose and give you a reasonable opportunity to opt‑out before proceeding (PDPA s.15A).
We may rely on the statutory "legitimate interests" exception where the benefits to you or us outweigh any adverse effect on you, and we implement appropriate safeguards (PDPA Second Schedule, Para 1(e); s.13(1)(d)). AGC Singapore
Including:
Withdrawal of consent. You may withdraw your consent at any time by emailinginfo@sensay.ai. We will process the request within a reasonable period and inform you of any likely consequences (e.g. loss of service functionality).
Note for EEA/UK users. Where GDPR applies, we will continue to rely on the GDPR legal bases (Art. 6 & 9) in parallel and you retain all GDPR rights described in Section 16 below.
Sensay may disclose your personal data to various parties under specific circumstances. We ensure that any third parties with whom we share your data are contractually bound to protect your data with the same level of care and security that we provide. Here's a detailed overview of how we may disclose your data:
We take great care to ensure that any disclosures of your personal data are necessary and proportionate. We implement appropriate safeguards to protect your data during any transfers or disclosures, including data encryption and contractual obligations for recipients to protect your data.
If you have concerns about how your data is shared, please contact us using the information provided in the "Contact Details" section of this policy.
At Sensay, we prioritize the security and privacy of our clients' data. Our robust security measures are designed to protect sensitive information at every stage of the data lifecycle. We continuously update our security protocols to stay ahead of potential threats and meet the evolving needs of our users, including our enterprise clients.
We implement reasonable administrative, physical and technical safeguards to prevent unauthorised access, collection, use, disclosure, copying, modification or disposal of your personal data, and to protect against similar risks, as required by PDPA s.24.
Here's a comprehensive overview of our security measures:
We are excited to announce an upcoming security feature that will provide an unprecedented level of data protection for our enterprise clients:
Enterprise-Run Nodes with Fully Homomorphic Encryption (FHE)
Key benefits of this feature include:
If a data breach occurs that: (a) is likely to result in significant harm to you, or (b) affects 500 or more individuals, we will:
We keep an incident register and review our security controls after every reportable event.
We are committed to continuously improving our security measures and providing our clients with the highest level of data protection available. If you have any questions about our security practices or the upcoming Enterprise Node with FHE feature, please contact our security team.
At Sensay, we understand that different types of data require different levels of privacy and protection. To address this, we have implemented a multi-layered approach to data management and privacy:
By implementing these privacy layers and management practices, we aim to provide our users with flexible, powerful tools to control their data while ensuring the highest standards of privacy and security.
At Sensay, we believe in empowering our users with comprehensive control over their personal data. We provide various tools and settings that allow you to manage your privacy preferences and data usage. Here's a detailed overview of the control you have:
These controls are accessible through your account settings on our platform. We are committed to continually improving and expanding these controls to give you the utmost transparency and authority over your personal data.
If you need assistance with any of these controls or have questions about managing your data, please contact our support team. We're here to help you understand and exercise your data rights effectively.
As a data controller, Sensay implements various organizational and technical measures to ensure the proper handling and protection of user data. These company-level controls are designed to comply with data protection regulations and maintain the trust of our users. Here's an overview of our internal controls:
These company-level controls demonstrate our commitment to protecting user data and maintaining the highest standards of privacy and security. We continuously evaluate and enhance these controls to adapt to the evolving data protection landscape and to meet the expectations of our users.
At Sensay, we employ advanced encryption technologies to ensure the highest level of data protection for our users. Our approach includes both end-to-end encryption providing robust security for sensitive information.
We retain personal data only for as long as it is reasonably necessary to fulfil the purpose for which it was collected, or as required for legal or business purposes. When retention is no longer necessary, we will destroy or anonymise the data in a secure manner in compliance with PDPA s.25.
Sensay Data Retention and Usage policies are compliant with both PDPA for Singaporean users and GDPR for European users.
We are committed to being transparent about our data retention practices. If you have any questions about how long we retain specific types of data, please contact our Data Protection Officer using the information provided in the "Contact Details" section of this policy.
Remember that even after data is deleted from our active systems, it may persist in backups for a limited time. However, we ensure that all backups are securely deleted according to our retention schedule.
Cookies are small text files that are placed on your device when you visit our website or use our services. They help us provide you with a better experience and allow certain features to function properly. At Sensay, we use cookies and similar technologies (like web beacons and pixels) for various purposes. Here's a detailed explanation of our cookie usage:
By continuing to use this site, you consent to the collection, use and disclosure of cookies data in accordance with the Singapore PDPA.
For more detailed information about the specific cookies we use and their purposes, please visit our Cookie Settings panel, accessible through the Service. If you have any questions about our use of cookies, please contact us using the information in the "Contact Details" section.
At Sensay, we recognize that the creation and use of digital replicas (or "digital clones") raise important ethical considerations. We are committed to addressing these concerns transparently and responsibly. Here's an overview of our approach to the ethical aspects of digital cloning:
By adhering to these ethical principles, we aim to ensure that our digital cloning technology is developed and used in a way that respects individual rights, promotes transparency, and contributes positively to society. We recognize that ethical considerations in this field are complex and evolving. We are committed to ongoing dialogue with users, experts, and stakeholders to continually refine our approach to these important issues.
In this field are complex and evolving. We are committed to ongoing dialogue with users, experts, and stakeholders to continually refine our approach to these important issues.
As a data subject under the General Data Protection Regulation (GDPR), you have several rights concerning your personal data. At Sensay, we are committed to facilitating the exercise of these rights. Here's a detailed explanation of your rights and how you can exercise them:
To exercise any of these rights, please use the relevant features in your account settings or contact our Data Protection Officer using the information provided in the "Contact Details" section of this policy. We will respond to all requests within one month. In complex cases, we may extend this period by two months, but we will inform you of any such extension within the first month.
Please note that while we will always strive to accommodate your rights, there may be situations where we are legally obligated to retain certain data. We will explain any such limitations when responding to your requests.
Right | What it means | How to exercise |
---|---|---|
Access | Obtain a copy of the personal data we hold about you and information on how we use or disclose it. | Email info@sensay.ai with the subject line "Data Access Request" |
Correction | Correct any error or omission in your personal data. | Email corrections to info@sensay.ai |
Data Portability | Ask us to transmit a copy of your data in machine‑readable form to another organisation (when this obligation comes into force). | Submit a portability request form (available on request) |
Withdrawal of Consent | Stop us from using your data for one or more purposes. | See Section 6 above |
Opt‑out of Targeted Advertising | Object to the use of your data for targeted ads. | Toggle the preference centre in your account or email us |
Complaint to PDPC | Lodge a complaint with Singapore's Personal Data Protection Commission if you believe we have breached the PDPA. | Visit https://www.pdpc.gov.sg |
We will respond within 30 calendar days or explain why more time is needed.
If you reside in the EEA or UK you also have the GDPR rights to erasure, restriction of processing, objection, and data portability in accordance with Articles 17–22 GDPR. Requests may be sent to the same DPO contact.
Sensay operates globally, which means that your personal data may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from the laws of your country.
We are headquartered in Singapore but use cloud infrastructure and service providers around the world. Whenever we transfer personal data outside Singapore, we will ensure that:
The recipient country or organisation provides a standard of protection that is comparable to the PDPA, for example through:
For data originating from the EEA or UK we rely on the EU‑approved Standard Contractual Clauses ("SCCs")or the UK Addendum, together with supplementary measures where necessary, to ensure GDPR‑level protection.
Third‑party recipients must obtain our written consent before making any onward transfer unless required by law.
We do not participate in the (now‑invalid) EU‑U.S. Privacy Shield framework. A copy of our standard data‑transfer agreement is available on request.
Here's how we handle international data transfers:
If you have any questions or concerns about our international data transfer practices, please contact our Data Protection Officer using the information provided in the "Contact Details" section.
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, and other factors. When we do, we will update the "last updated" date at the top of this policy. If we make significant changes to this policy, we will notify you through a prominent notice on our Service or by sending you a direct communication.
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please don't hesitate to contact us. Here are the ways you can reach us:
We are committed to addressing your concerns and respecting your privacy rights. If you are unsatisfied with our initial response, please let us know, and we will escalate your concern to the appropriate team for further review.
Thank you for trusting Sensay with your personal data. We are committed to protecting your privacy and ensuring a secure, enjoyable experience with our Service.