Sense7ai

Privacy Policy

Last updated: May 13, 2026 · Effective date: May 11, 2026

1. Overview

Sense7ai Inc. ("Sense7ai", "we", "our") is a Delaware corporation with its principal office at 611 Commerce Street, Suite 2611, Nashville, TN 37203, USA. This Privacy Policy describes how we collect, use, disclose, and protect personal data of visitors to sense7ai.com and individuals who interact with us in the course of our customer engagements.

This Policy is governed by S7AI-POL-002 Data Privacy & Protection Policy (Version 2.1, effective May 11, 2026), available on request to privacy@sense7ai.com.

2. Information We Collect

From website visitors:

  • Information you provide on contact forms (name, email, company, phone, message)
  • Server logs (IP address, browser type, pages visited, referrer)
  • Cookies and similar technologies (see Section 7)

From customers and prospective customers:

  • Business contact information (name, title, email, phone, company)
  • Engagement information (project scope, technical requirements, contractual data)
  • Personal data your organisation entrusts to us under a Data Processing Agreement (processed only as Data Processor — see Section 4)

3. How We Use Information

We process personal data for the following purposes:

  • Responding to inquiries and scheduling scoping calls
  • Delivering services under master services agreements
  • Sending operational communications (security notices, contract renewals)
  • Complying with legal, regulatory, and contractual obligations
  • Improving our website and services in aggregate, anonymised form

We do not sell personal information and we do not share personal information for cross-context behavioural advertising within the meaning of the California Consumer Privacy Act.

4. Data Processor / Controller Role

For data your organisation provides to us under a Data Processing Agreement, Sense7ai acts as Data Processor on documented instructions from your organisation. Your organisation is the Data Controller. Sense7ai will not use such data for any purpose other than the agreed services.

5. Legal Basis (GDPR / UK GDPR)

Where the EU or UK GDPR applies, we process personal data on the following bases:

  • Contract — to perform our services or take steps before entering a contract
  • Legitimate interest — to operate, secure, and improve our services (balanced against your rights)
  • Consent — where required (e.g., marketing communications)
  • Legal obligation — to comply with applicable law

6. Sharing of Information

We share personal data only with:

  • Our affiliated delivery entity, Sense7ai Data Solutions Private Limited (India), under our Intercompany Services Agreement
  • Sub-processors necessary to deliver our services (cloud providers, security tooling) — bound by data-protection obligations equivalent to this Policy
  • Regulators and authorities when required by law
  • Customers (where you are the Data Subject and the customer is the Data Controller)

A current list of sub-processors is maintained in our Sub-Processor Register, available on request to privacy@sense7ai.com.

7. Cookies

We use a minimal set of cookies:

  • Strictly necessary cookies (session, security, load balancing)
  • Analytics cookies (Google Analytics 4, anonymised IP) — opt-in
  • No marketing or behavioural advertising cookies

You can manage cookie preferences via our cookie banner or your browser settings.

8. Cross-Border Data Transfers

Personal data may be transferred from the U.S. or EU to India for engineering and delivery purposes. Where required, transfers are covered by the European Commission's Standard Contractual Clauses (Commission Implementing Decision (EU) 2021/914) or equivalent transfer mechanisms.

9. Data Retention

  • Website contact-form submissions: 3 years from last interaction
  • Customer engagement records: duration of engagement plus 7 years (US tax records) or as required by applicable law
  • Personal data we process as Data Processor: per the Data Processing Agreement with the relevant customer (see S7AI-POL-002 §8)
  • Server logs and analytics data: 14 months

10. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access — request a copy of personal data we hold about you
  • Correction — request correction of inaccurate personal data
  • Deletion — request deletion (subject to legal hold exceptions)
  • Restriction — request restriction of processing
  • Portability — receive personal data in a machine-readable format
  • Objection — object to processing based on legitimate interest

To exercise these rights, contact privacy@sense7ai.com. We acknowledge requests within 10 calendar days and substantively respond within 45 calendar days.

11. Security

We maintain an information security program mapped to SOC 2 Trust Services Criteria, ISO/IEC 27001:2022, NIST CSF 2.0, GLBA Safeguards Rule (16 CFR Part 314), FFIEC IT Examination Handbook, and 23 NYCRR Part 500. Sense7ai is not yet certified under SOC 2 or ISO/IEC 27001; both audits are planned, with readiness work in progress. Our security policies are documented in S7AI-POL-001 (Information Security & Access Control) and S7AI-POL-008 (Cloud, DevOps & Infrastructure Security), both effective May 11, 2026. See security for details.

12. Privacy Contact

For privacy inquiries, data subject requests, or to receive our Sub-Processor Register or Data Processing Agreement template, contact:

Privacy Contact: privacy@sense7ai.com
Sense7ai Inc., 611 Commerce Street, Suite 2611, Nashville, TN 37203, USA

(No formal Data Protection Officer is appointed under GDPR Article 37; the Privacy Contact is the data-subject and regulator point of contact for DPDPA, CCPA, GDPR, and other applicable privacy laws.)

13. Changes to This Policy

We will post material changes to this Policy on this page and update the "Last updated" date. Continued use of the website following changes constitutes acceptance.