Privacy Statement

Sensent.ai Inc. ("Sensent.ai", "we", "us", "our") is a Delaware-incorporated company that develops and operates the Sensent AI-powered enterprise intelligence platform. Our registered address is 1209 Orange Street, Wilmington, Delaware 19801, United States.

For the purposes of applicable data protection law, Sensent.ai acts as a data controller with respect to personal data collected through our website, marketing, and sales activities, and as a data processor with respect to Customer Data processed on behalf of our enterprise customers through the Sensent platform.

Where Sensent.ai acts as a data processor on behalf of an enterprise customer, that customer's own privacy policy and data processing agreements govern the treatment of personal data within their deployment. This Privacy Statement covers Sensent.ai's activities as a data controller.

This Privacy Statement applies to:

• Visitors to sensent.ai and all associated subdomains;
• Individuals who contact us through our website, email, or social channels;
• Prospective customers who engage with our sales and marketing activities;
• Authorised Users of the Sensent platform who are employees or contractors of our enterprise customers;
• Individuals whose personal data is included in Customer Data processed through the Sensent platform, to the extent Sensent.ai acts as a data controller for such data.

This statement does not apply to third-party websites, services, or applications that may be linked from our platform or website. We encourage you to review the privacy policies of any third-party services you use in connection with Sensent.

Depending on how you interact with Sensent.ai, we may collect the following categories of personal data:

Identity & Contact Data

Name, job title, employer organisation, professional email address, telephone number, and business postal address. This data is collected when you register for an account, complete a contact form, attend a webinar, or engage with our sales team.

Account & Credentials Data

Platform login credentials (stored as hashed values — we never store plain-text passwords), account configuration preferences, role and permissions settings, and authentication logs. For enterprise deployments using Single Sign-On (SSO), we receive only the identity attributes passed by your organisation's identity provider.

Usage & Interaction Data

Log data recording your interactions with the Sensent platform, including features accessed, queries submitted to the AI Command Interface, modules visited, export actions taken, and session duration. This data is used to improve platform performance, troubleshoot issues, and inform product development.

Technical & Device Data

IP address, browser type and version, operating system, device identifiers, screen resolution, timezone, and referral URL. This data is collected automatically through server logs and analytics tools when you access the platform or website.

Communications Data

The content of emails, support tickets, chat messages, and other communications you send to us. This includes feedback, feature requests, and responses to surveys or research invitations.

Marketing & Preference Data

Your marketing communication preferences, subscription choices, and engagement with our marketing emails (open rates, click-throughs). We only send marketing communications where we have a lawful basis to do so.

Customer Data (as Processor)

When acting as a data processor, we handle Customer Data on behalf of enterprise customers. This may include personal data relating to the customer's employees, IT systems, and business operations — the nature of which is determined by the customer's configuration of the Sensent platform. Sensent.ai does not control the types of personal data customers choose to process through the platform.

We collect personal data through the following means:

We will not use your personal data for purposes incompatible with those stated above without providing prior notice and, where required, obtaining your consent.

Where the GDPR or similar legislation applies, Sensent.ai processes personal data on the following legal bases:

• Contract performance: Processing necessary to perform the contract between us, including delivering the Sensent platform and supporting Authorised Users.
• Legitimate interests: Processing necessary for our legitimate business interests — such as platform security, fraud prevention, product improvement, and B2B marketing — where those interests are not overridden by your rights and interests.
• Legal obligation: Processing required to comply with applicable laws, regulations, or court orders.
• Consent: Processing based on your explicit consent, including certain marketing communications and non-essential cookies. You may withdraw consent at any time without affecting prior processing.
• Vital interests: In exceptional circumstances where processing is necessary to protect a person's life.

For California residents, we process personal information as described under the California Consumer Privacy Act (CCPA) as amended by the CPRA. Sensent.ai does not sell personal information. We may share certain data with service providers as described in Section 7.

Sensent.ai does not sell, rent, or trade your personal data. We share personal data only in the following circumstances:

Service Providers & Sub-Processors

We engage trusted third-party service providers to support our operations — including cloud infrastructure providers, analytics platforms, customer support tools, email delivery services, and payment processors. All service providers are contractually bound to process data only on our instructions, maintain appropriate security, and not use your data for their own purposes.

A current list of our sub-processors is available upon request at privacy@sensent.ai.

Enterprise Customer Organisations

If you access Sensent as an Authorised User of an enterprise customer, we may share usage and account information with that customer organisation in accordance with our contract. Your employer or the contracting organisation is the data controller for such information in the context of your employment relationship.

Professional Advisors

We may share data with lawyers, accountants, auditors, and insurers where necessary for the conduct of their professional services, subject to appropriate confidentiality obligations.

Corporate Transactions

In the event of a merger, acquisition, asset sale, or business reorganisation, personal data may be transferred to the relevant parties. We will provide notice of any such transfer and ensure appropriate protections are in place.

Legal Requirements & Law Enforcement

We may disclose personal data where required by applicable law, regulation, court order, or valid legal process. Where permitted, we will attempt to notify you of such requests before complying.

The Sensent platform uses artificial intelligence — including our proprietary Semantic Engine and AI Command Interface — to synthesise data from connected systems and generate insights. This section explains how AI processing intersects with your privacy rights.

AI Processing of Customer Data

When acting as a data processor, Sensent.ai's AI components process Customer Data on behalf of enterprise customers to deliver the platform's intelligence features. The enterprise customer, as data controller, determines what data is connected to the platform and is responsible for ensuring appropriate lawful bases exist for the processing of personal data within their datasets.

Automated Decision-Making

The Sensent platform generates AI-powered insights, predictions, and recommendations. These outputs are designed to support human decision-making, not to replace it. Sensent.ai does not make automated decisions with solely automated processing that produces legal or similarly significant effects on individuals without human review. All significant decisions informed by AI outputs remain with your organisation's leadership team.

AI Model Training

Sensent.ai may use aggregated and fully anonymised usage data — stripped of all identifying information — to improve the performance, accuracy, and capabilities of our AI models. We will not use Customer Data that contains identifiable personal data to train AI models that are deployed to other customers without the explicit written consent of the customer whose data is involved.

Profiling

Sensent.ai may use usage data to create aggregate profiles of how the platform is used across customers for product improvement purposes. This profiling does not produce decisions about individual users and does not involve sensitive personal data.

We retain personal data only for as long as necessary for the purposes described in this Privacy Statement, or as required by applicable law. Our retention approach is summarised below:

Upon expiry of the applicable retention period, personal data is securely deleted or anonymised in accordance with our data deletion procedures. Backup copies may persist for a short additional period in accordance with our infrastructure backup schedule, but are not accessible for operational use and are overwritten on rotation.

You may request deletion of your personal data at any time (see Section 13). Certain data may be retained beyond your request where we have a legal obligation or legitimate overriding interest to do so.

Sensent.ai is headquartered in the United States. If you are located in the European Economic Area (EEA), United Kingdom, or another jurisdiction with data transfer restrictions, your personal data may be transferred to and processed in countries that may not provide the same level of data protection as your home country.

Transfer Mechanisms

Where we transfer personal data from the EEA or UK to countries not recognised as providing adequate protection, we rely on the following safeguards:

• Standard Contractual Clauses (SCCs) approved by the European Commission or UK Information Commissioner's Office, incorporated into our contracts with sub-processors and enterprise customers as applicable;
• EU-US Data Privacy Framework where Sensent.ai or its sub-processors participate;
• Binding Corporate Rules where applicable for transfers within corporate groups;
• Other derogations permitted under applicable law (explicit consent, performance of contract, legal claims) in limited circumstances.

Data Residency Options

For enterprise customers with specific data residency requirements, Sensent.ai offers deployment configurations that restrict data processing to agreed geographic regions. Please discuss your requirements with your account manager or contact privacy@sensent.ai.

You may request information about the specific transfer mechanisms applied to your data by contacting our Data Protection Officer at the details in Section 17.

Sensent.ai takes the security of personal and organisational data seriously. We implement a comprehensive set of technical and organisational security measures aligned with industry standards and regulatory requirements:

Technical Safeguards

• Encryption in transit: All data transmitted between your systems and the Sensent platform is encrypted using TLS 1.2 or higher;
• Encryption at rest: Customer Data and personal data stored within the platform is encrypted at rest using AES-256 encryption;
• Access controls: Role-based access control (RBAC) enforces least-privilege access; Authorised User access requires multi-factor authentication;
• Audit logging: All access to Customer Data is logged with timestamps, user identifiers, and action details, creating a complete audit trail;
• Penetration testing: Regular third-party security assessments and penetration tests are conducted to identify and remediate vulnerabilities;
• Vulnerability management: We maintain an active vulnerability disclosure programme and patch management process.

Organisational Safeguards

• Security awareness training for all staff with access to personal data;
• Background checks for employees in roles with access to sensitive data;
• Documented data handling procedures and a formal information security policy;
• An incident response plan with defined escalation procedures and notification timelines.

Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, Sensent.ai will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, where required under applicable law. We will also notify affected individuals and enterprise customers without undue delay where the breach is likely to result in a high risk. Notifications will be sent to the contact details held in your account.

If you believe your personal data may have been compromised, please contact security@sensent.ai immediately.

Sensent.ai uses cookies and similar technologies on our website and platform. A cookie is a small text file placed on your device by a web server. We use the following categories of cookies:

Managing Your Cookie Preferences

When you first visit our website, you will be presented with a cookie consent banner allowing you to accept or decline non-essential cookies. You can update your preferences at any time by clicking the "Cookie Settings" link in the footer of our website, or by clearing your browser cookies and revisiting.

Most browsers also allow you to control cookies through browser settings. Note that disabling certain cookies may affect the functionality of our website and platform. For guidance on managing cookies in your specific browser, visit allaboutcookies.org.

We do not use cross-site tracking technologies or participate in behavioural advertising networks. Our cookie usage is limited to the purposes described above.

Depending on your location and applicable privacy law, you may have some or all of the following rights with respect to your personal data:

Exercising Your Rights

To exercise any of these rights, submit a request to privacy@sensent.ai or through our contact form. We will respond within 30 days of receiving a valid request, or within any shorter period required by applicable law. We may ask you to verify your identity before processing your request to protect against fraudulent or unauthorised access.

There is no charge for making a privacy rights request unless requests are manifestly unfounded, repetitive, or excessive, in which case we may charge a reasonable fee or decline to respond.

Right to Lodge a Complaint

If you believe we have not handled your personal data in accordance with applicable law, you have the right to lodge a complaint with your local data protection supervisory authority. For EU residents, this is the data protection authority in your member state. For UK residents, this is the Information Commissioner's Office (ICO). We would, however, appreciate the opportunity to address your concerns directly before you contact a supervisory authority.

The Sensent platform is an enterprise B2B service designed exclusively for use by organisations and their adult employees and contractors. We do not knowingly collect, process, or retain personal data from individuals under the age of 16 (or the applicable age of digital consent in their jurisdiction).

If you are a parent or guardian and believe a child has provided personal data to Sensent.ai without appropriate consent, please contact us immediately at privacy@sensent.ai. We will take prompt steps to delete any such data.

Our website and platform may contain links to third-party websites, resources, and integrations. These include documentation references, integration partner sites, and technology ecosystem links. Sensent.ai is not responsible for the privacy practices of third-party sites or services.

When you connect a third-party system to the Sensent platform (such as a project management tool, ITSM system, or financial platform), that connection is governed by the third party's terms of service and privacy policy, as well as the permissions you or your organisation have configured. Sensent.ai processes data from connected systems as described in Section 3 and Section 8.

We recommend reviewing the privacy policies of any third-party services you use in conjunction with Sensent before connecting them to the platform.

We may update this Privacy Statement periodically to reflect changes in our data practices, legal requirements, or platform capabilities. The updated date at the top of this document indicates when the statement was last revised.

For material changes — those that significantly affect your rights or how we use your data — we will provide advance notice by:

• Sending an email to the registered contact address for your account, at least 30 days before the changes take effect;
• Displaying a prominent notice on our website and within the platform;
• Where required by law, seeking renewed consent for any new processing activities.

For non-material changes (such as clarifications, corrections, or formatting updates), we will update the statement and revise the effective date without additional notice. The current version of this Privacy Statement is always available at sensent.ai/privacy-statement.

For questions, requests, or concerns related to this Privacy Statement or your personal data, please use the appropriate contact channel below:

Data Protection Officer (DPO)

Sensent.ai has appointed a Data Protection Officer for GDPR compliance purposes. You may contact our DPO directly at dpo@sensent.ai for matters relating to European data protection law, complaints about our processing activities, or requests for guidance on exercising your rights under GDPR.

Our DPO operates independently of our commercial and technical teams to provide objective oversight of data protection compliance.

EU / UK Representative

For EU and UK data subjects where GDPR or UK GDPR applies, Sensent.ai has appointed a European representative and a UK representative respectively. Details are available on request at privacy@sensent.ai.