Last updated: July 23, 2025
Company: SenSec LLC, 30 N Gould St Ste N, Sheridan, WY 82801, USA
Contact: privacy@sensec.app | security@sensec.app (security incidents)

This public statement summarizes how SenSec LLC ("SenSec," "we," "us," "our") addresses key European regulatory requirements, including the NIS2 Directive and the EU Artificial Intelligence Act (AI Act), in connection with our AI‑enabled security management platform. It complements—without replacing—our Terms of Service, Privacy Policy, Data Processing Addendum (DPA), Service Level Agreement (SLA), and internal compliance documentation.

1. Scope & Applicability

• NIS2: We assess whether SenSec (and/or certain EU customers relying on our Service) falls within the sectors and size thresholds triggering NIS2 obligations. Where applicable, we implement security and incident‑reporting measures aligned with NIS2 Articles 21–23.

• AI Act: Our platform includes AI components that may qualify as high‑risk AI systems (e.g., workforce/task management, incident assessment). We therefore follow the risk management, transparency, and post‑market monitoring obligations set out in the AI Act (Titles III & IV).

• This Statement applies to our EU/EEA and UK operations and data subjects, while similar controls also support compliance with other jurisdictions.

2. Governance & Roles

• Legal Entity: SenSec LLC is a Wyoming (USA) limited liability company.

• EU/EEA & UK Representatives (GDPR/AI Act Art. 27): Sentinel Security s.r.o., Jičínská 226/17, Žižkov, 130 00 Praha 3, VAT ID: CZ19997604

• Internal Ownership: We maintain a cross‑functional compliance team (legal, security, engineering) responsible for NIS2 and AI Act adherence. An internal privacy lead can be reached at privacy@sensec.app.

• Customer Roles: For Customer Data, our customers act as Controllers/Businesses and we act as Processor/Service Provider under our DPA.

3. Information Security (NIS2 Alignment)

We employ a security management framework consistent with industry standards (e.g., ISO 27001, NIST CSF) that addresses:

• Risk Management & Policies: Documented security policies, asset management, supplier risk controls.

• Technical & Organizational Measures: Encryption in transit/at rest, RBAC & MFA, network segmentation, logging and monitoring, vulnerability management, secure SDLC.

• Business Continuity & Disaster Recovery: Backups, redundancy, tested recovery procedures.

• Incident Response: Defined playbooks, 24/7 monitoring, rapid containment and notification processes.

• Awareness & Training: Security and privacy training for employees with access to systems or data.

3.1 Incident Reporting under NIS2

Where SenSec is required to notify competent authorities or CSIRTs under NIS2, we will follow the directive’s timelines (early warning within 24 hours / incident notification within 72 hours, etc.). Customers will be informed without undue delay in line with contractual obligations.

4. AI Governance (EU AI Act Alignment)

For AI components that fall under the AI Act’s high‑risk category, we maintain:

• Risk Management System: Identification, evaluation, and mitigation of AI‑related risks across the lifecycle.

• Data & Data Governance Controls: Documentation of datasets, bias testing, data quality checks, and provenance tracking.

• Technical Documentation: Model cards, architecture descriptions, performance metrics, limitations—prepared according to Annex IV requirements.

• Logging & Traceability: Automated logging of inputs/outputs/events to enable auditability and incident investigation.

• Human Oversight: Controls and guidance for customers to apply human review where decisions may significantly impact individuals.

• Post‑Market Monitoring & Incident Reporting: Procedures to monitor real‑world performance, collect feedback, and report “serious incidents” to authorities within mandated timelines.

• Fundamental Rights Impact Assessments (FRIA): Conducted where required to evaluate potential impacts on rights and freedoms.

4.1 EU Deployment & Feature Availability

Where a functionality qualifies (or is reasonably likely to qualify) as a high‑risk AI system under the EU AI Act, SenSec may delay, limit, or disable its availability in the EU/EEA or UK until all required steps are completed (e.g., risk management, conformity assessment/CE marking, registration in the EU database, or approvals by competent authorities). Equivalent or alternative features may be offered outside the EU or launched later in the EU. We will inform affected customers of material changes in feature availability.

4.2 Transparency to Users

We provide clear information that certain features are AI‑driven, outline their purpose and limitations, and offer channels for human intervention or contestation. See our AI Transparency Notice (to be published) and product documentation.

5. Data Protection & Privacy

Our Privacy Policy and DPA describe:

• Lawful bases, roles (Controller/Processor), and data subject rights (GDPR/UK GDPR).

• International transfer mechanisms (EU SCCs, UK Addendum).

• Cooperation with customers to fulfill access/erasure/objection requests.

• Retention limits, security measures, and breach notification procedures.

6. Subprocessors & Supply Chain Security

We maintain and regularly update a list of authorized Subprocessors. Each is vetted for security and privacy compliance and engaged under contracts that include confidentiality, security, and data protection obligations. Customers may subscribe to change notifications as set out in our DPA.

7. Contact & Reporting Channels

• General privacy/AI questions: privacy@sensec.app

• Security vulnerabilities & incidents: security@sensec.app (PGP key available upon request)

• Data subject requests: Use in‑product tools or email privacy@sensec.app

• Regulatory inquiries: legal@sensec.app

8. Continuous Improvement & Updates

We monitor regulatory developments (e.g., delegated acts under the AI Act, national NIS2 transpositions) and update our controls, documentation, and this Statement accordingly. The latest version will always be available on our website.