Privacy Policy & ToS

Last Updated: Mar, 2024.

Purpose of GDPR policy

The purpose of the GDPR Policy would be to explain clearly how you collect, process and store data at Sentisum. Sentisum is the data controller for the purpose of this policy. The Data Protection officer at Sentisum is Sharad Khandelwal and you can reach out to him at sharad@sentisum.com

Data processors

At Sentisum, we understand the importance of protecting personal data, and we take data privacy seriously. As part of our business operations, we use external cloud providers as data processors to store and process personal data on our behalf. We mainly use AWS in the Ireland region.

When using external cloud providers as data processors, we ensure that they comply with our data privacy and security standards and that they provide appropriate safeguards to protect personal data. 

We regularly review our data processing activities and take appropriate measures to maintain the security and integrity of personal data.

How we collect data

We do not collect personal information, the personal data which is received from our clients is first redacted of all personal data to the best of our ability.

We collect personal information like name, email address which are gotten from our users.

How we use data

We process the user data for login and user usage analytics. We may use personal data to improve our products and services or to analyze trends and patterns in user behavior. However, we will not use personal data for any other purposes without the explicit consent of the individual concerned, except where required by law or where it is necessary to protect the vital interests of the individual or another person.

We collect and use personal data for specific purposes only, such as evaluating job applications or providing our products and services.

We collect personal data only when it is necessary for the purpose for which it is being processed, and we do not collect more data than is necessary.

How we disclose data

We control access to all data with a clear authentication and authorisation policy. Not every employee has equal access and customers are only able to see their own data.

Access to our servers must go through our VPN, which only a restricted number of people have admin access to.

When our dashboard interacts with the APIs we use, we ensure secure access under the OAuth standard.

We use mixpanel for user analytics, Hotjar helps us analyze how users interact with our website, while Sentry helps us identify and fix errors in our software. They have access only to user data like email. Mixpanel, Hotjar and Sentry are GDPR compliant.

No other 3rd parties have access to the personal data collected from the users.

How we store data

We store the personal data in encrypted data storage and it is encrypted during transfer as well. Only authorized people can access the data only on a need basis such as handling of production incidents. We store data for 2 years followed by 5 years of archival.

We have full-disk encryption when data is at rest on our production AWS servers. These servers are located in Ireland.

We use 256-bit Advanced Encryption Standard (AES-256) which is compliant with standards outlined in FIPS 140. When data is in transit, we apply encryption using TLS v1.2+.

We tightly control our encryption keys using AWS Key Management Service (AWS KMS). AWS KMS keys are protected by hardware security modules that are validated by the FIPS 140-2 Cryptographic Module Validation Program

The data subject’s rights

  1. Right to be informed: The data subject has the right to know what data is being collected, how it is being used, and why.
  2. Right of access: The data subject has the right to request access to their personal data and obtain a copy of it.
  3. Right to rectification: The data subject has the right to request that any inaccurate or incomplete data be corrected.
  4. Right to erasure: The data subject has the right to request that their personal data be deleted or erased under certain circumstances, such as when the data is no longer necessary for the purposes it was collected or when the data subject withdraws their consent.
  5. Right to restrict processing: The data subject has the right to request that the processing of their personal data be restricted under certain circumstances, such as when the accuracy of the data is being contested.
  6. Right to data portability: The data subject has the right to receive their personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.
  7. Right to object: The data subject has the right to object to the processing of their personal data for certain purposes, such as direct marketing.
  8. Right not to be subject to automated decision-making: The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.

How to complain

If you want to complain about anything related to your data, you can reach out to our Data Protection Officer, Sharad Khandelwal at the Email: sharad@sentisum.com. Alternatively, you can reach out to our support at support@sentisum.com

Changes of privacy policy

We reserve the right to modify this privacy policy as needed to reflect changes in our business practices, technology, or legal requirements. Any changes to this policy will be posted on our website www.sentisum.com and will become effective immediately upon posting. We encourage you to review this policy periodically to stay informed about how we are protecting your information.