Last updated: July 23, 2025

This Privacy Policy explains how SenSec LLC, a Wyoming limited liability company ("SenSec," "we," "us," "our"), collects, uses, discloses, and protects Personal Data when you visit sensec.app or use any of our software-as-a-service applications, mobile apps, APIs, and related services (collectively, the "Service"). It also outlines your privacy rights under United States, European Union/EEA, United Kingdom and other applicable laws.

Plain‑English note (not legally binding): You (or your company) control the data you put in our platform. For that operational data, we usually act as your processor. We use your data to run, secure, and improve the Service (including training our AI) in ways allowed by our contracts and privacy laws—typically using aggregated or de‑identified data. You can exercise rights of access, deletion, etc. We protect your info with appropriate security, and we use recognized mechanisms for cross‑border transfers.

1. WHO WE ARE & CONTACT DETAILS

Controller (primary point of contact):
SenSec LLC
30 N Gould St Ste N
Sheridan, WY 82801, USA
Email: privacy@sensec.app

EU/EEA Representative (Art. 27 GDPR): Sentinel Security s.r.o., Jičínská 226/17, Žižkov, 130 00 Praha 3, VAT ID: CZ19997604
UK Representative (Art. 27 UK GDPR): To be appointed – details will be added here once designated.

Data Protection Officer (if required): We have appointed an internal privacy lead reachable at privacy@sensec.app.

2. SCOPE & OUR ROLES

We act in two distinct roles:

• As a "Controller" (GDPR) / "Business" (CPRA) for data we determine the purposes and means of processing—e.g., our website analytics, marketing contacts, account administration, billing, and product telemetry we use to improve the Service.

• As a "Processor" (GDPR) / "Service Provider" (CPRA) for Customer Data that our business customers input into the Service (e.g., guard schedules, patrol logs, visitor records). In that case, the customer is the Controller/Business and is responsible for providing any required notices and obtaining a lawful basis. Our processing of such data is governed by our Data Processing Addendum (DPA).

If you are an end user (employee, client, visitor) whose information was submitted by a SenSec customer, please direct privacy requests to that customer first. We will support them per our DPA.

3. CATEGORIES OF PERSONAL DATA WE COLLECT

3.1 Account & Contract Data

• Name, business email, phone, job title, company name

• Login credentials, authentication tokens, role/permission data

• Billing contacts, subscription details (payment data handled by our payment processor)

3.2 Platform / Operational Data (Customer Data)

• Guard location and patrol tracking data

• Incident and task records, reports, uploaded media (photos, audio, video, documents)

• Visitor/client information entered by our customers

• System access logs and audit trails

3.3 Device & Usage Data (Automatically Collected)

• IP address, device identifiers, OS/browser type and version

• Referrer URLs, feature usage, timestamps, clickstream, performance metrics

• Cookies and similar technologies (see Section 10)

3.4 Third‑Party / Customer‑Provided Sources

• Background check or identity verification results (if a customer uses such integrations)

• Public records, sanctions/watch lists

• Data synchronized from customer systems (HR, CRM, payroll, dispatch, access control, etc.)

We may combine information from different sources to the extent permitted by law.

4. PURPOSES & LEGAL BASES FOR PROCESSING

4.1 Purposes

We process Personal Data to:

1. Provide and operate the Service (authentication, workflow execution, reports, communications).

2. Secure the Service and individuals (fraud detection, access control, incident investigation).

3. Improve, research, and develop the Service and our AI/ML models (using aggregated, de‑identified, or anonymized data where feasible).

4. Communicate with you (transactional notices, product updates, support responses, surveys; marketing with consent or where permitted by law).

5. Comply with laws (tax, accounting, law enforcement requests, audits) and enforce our agreements.

6. Protect vital interests in rare emergencies affecting safety.

4.2 Legal Bases (where GDPR/UK GDPR applies)

• Contract performance (Art. 6(1)(b)) – running the Service per our agreement.

• Legitimate interests (Art. 6(1)(f)) – securing and improving the Service, preventing abuse, B2B marketing (balanced with your rights).

• Consent (Art. 6(1)(a)) – for optional cookies/marketing or specific data categories when required.

• Legal obligation (Art. 6(1)(c)) – responding to regulators, tax authorities, and legal process.

• Vital interests (Art. 6(1)(d)) – protecting someone’s life/safety.

4.3 U.S. State Privacy Laws (e.g., CPRA, VCDPA)

Our purposes include: providing the Service, debugging, security, internal R&D, short-term transient use, quality control, and other purposes permitted by those laws. We do not “sell” Personal Data as defined by CPRA. We only “share” data for cross-context behavioral advertising with your consent, and you may opt out (see Section 12).

5. DISCLOSURE OF PERSONAL DATA

We may disclose Personal Data to:

• Service Providers / Subprocessors (cloud hosting, storage, analytics, communications, background-check vendors, payment processors) under written contracts limiting their use.

• Integration Partners / APIs when you connect third-party systems at your direction.

• Affiliates and Successors in a merger, acquisition, or corporate restructuring (subject to confidentiality and continuation of protections).

• Authorities, courts, and law enforcement when legally required or to protect rights, safety, or property.

• Other parties with your consent or instructions.

We may share aggregated or anonymized data that does not reasonably identify you.

6. DATA SECURITY

We implement reasonable and appropriate technical and organizational measures, including (without limitation):

• Encryption in transit and at rest (where applicable)

• Role-based access control, MFA for administrative access

• Network and application monitoring, logging, and intrusion detection

• Regular vulnerability scanning and security reviews

• Employee confidentiality agreements and security training

No system can be 100% secure. If we learn of a breach affecting Personal Data, we will notify affected customers and/or authorities as required by applicable law and our contractual obligations.

7. DATA RETENTION

We retain Personal Data for as long as necessary to fulfill the purposes described above or as required by law. Typical retention periods:

• Contract/Account data: for the subscription term plus up to 6 years (audit, tax, legal defense).

• Operational records (Customer Data): as directed by the customer; if not specified, we delete or anonymize within 30–90 days after termination, subject to legal holds.

• Analytics & logs: 26 months, unless needed longer for security or legal reasons.

• Backups: rolling backups are generally retained 30–60 days.

We may keep anonymized/aggregated data indefinitely.

8. RIGHTS OF INDIVIDUALS

Your rights depend on your jurisdiction and our role (Controller vs Processor).

8.1 EU/EEA & UK (GDPR/UK GDPR)

You may request: access, rectification, erasure, restriction, portability, and to object to certain processing. You may withdraw consent at any time (without affecting prior processing). You can also lodge a complaint with your local supervisory authority.

8.2 California (CPRA) & Other U.S. States (CO, CT, VA, UT, etc.)

You may have the right to: know/access, correct, delete, opt out of “sharing” for cross‑context advertising, and limit use/disclosure of sensitive Personal Data. We will not discriminate against you for exercising rights.

8.3 Exercising Rights

• If SenSec is Controller: Email privacy@sensec.app or use in-product tools (where available). We may need to verify your identity and request additional details.

• If SenSec is Processor: Contact the relevant SenSec customer; we will assist them to fulfill requests per our DPA.

Agents (California): You may authorize an agent; we require proof of authorization and may still verify you directly.

9. AUTOMATED DECISION-MAKING & AI

Our platform employs AI/ML to assist with task assignment, pattern detection, prioritization, and analytics. Where decisions could have significant effects on individuals, customers are encouraged to include human oversight. You may request human review or challenge an automated decision where required by law. Contact privacy@sensec.app.

10. COOKIES & SIMILAR TECHNOLOGIES

We use cookies, local storage, SDKs, pixels, and similar technologies for:

• Strictly necessary purposes (session management, security, preferences)

• Performance/analytics

• (Optional) Marketing/advertising – only with consent where required

Manage preferences via our cookie banner and browser settings. Blocking certain cookies may affect functionality.

11. INTERNATIONAL DATA TRANSFERS

We process data in the United States and may transfer to other countries where our Service Providers operate. For transfers from the EU/EEA/UK to the U.S. or other third countries, we rely on recognized mechanisms such as:

• EU Standard Contractual Clauses (SCCs) and the UK Addendum

• Data Processing Addendum with customers and vendors

• Additional safeguards (encryption, strict access controls)

Copies of relevant transfer mechanisms can be requested (subject to redactions for security and confidentiality).

12. "DO NOT SELL" / "DO NOT SHARE" (U.S. State Laws)

We do not sell Personal Data. We only share data for cross‑context behavioral advertising with your consent. You may opt out at any time by emailing privacy@sensec.app or using the "Do Not Sell or Share My Personal Information" link (where available).

We use Sensitive Personal Information only as necessary to provide the Service and for security/compliance, not to infer characteristics.

13. CHILDREN’S PRIVACY

The Service is not intended for individuals under 18, and we do not knowingly collect Personal Data from children. If you believe we have collected data from a minor, contact us and we will delete it.

14. THIRD-PARTY LINKS & SERVICES

The Service may contain links to or integrations with third‑party services. Their privacy policies govern those services. We are not responsible for their practices.

15. CHANGES TO THIS POLICY

We may update this Policy from time to time. We will post the new version with an updated "Last updated" date. For material changes, we will provide additional notice (e.g., email or in‑app notification). Continued use after the effective date constitutes acceptance. If you object, stop using the Service and contact us regarding your data.

16. DISPUTE RESOLUTION & COMPLAINTS

Disputes with us are governed by the dispute resolution provisions in our Terms of Service (including arbitration in Sheridan, Wyoming, USA).
You may also have the right to lodge a complaint with a supervisory authority (e.g., an EU data protection authority) if you believe our processing violates applicable law.

17. DATA PROCESSING ADDENDUM (DPA)

When we act as Processor, our DPA (incorporated by reference into your contract or available upon request) governs:

• Subject matter, duration, nature, and purposes of processing

• Types of Personal Data and categories of Data Subjects

• Our obligations (confidentiality, security, assistance with rights, breach notice)

• Sub‑processor engagement and notification process

• Data return/deletion at end of services

• International transfer mechanisms (SCCs/UK Addendum)

• Audit/cooperation terms

If you need a signed DPA, contact privacy@sensec.app.

18. HOW TO CONTACT US

Primary contact: privacy@sensec.app
Mailing address: SenSec LLC, 30 N Gould St Ste N, Sheridan, WY 82801, USA
If you are in the EU/UK, you may also contact our representative listed in Section 1 once appointed.