Last amended: 05 February 2025
We acknowledge the importance of protecting personal data. This Privacy Policy outlines how Sensemitter Services Limited (“Company,” “we,” “us,” or “our”), acting as a data controller for the purpose of the General Data Protection Regulation (the “GDPR”), processes the personal information of our Customers (“Customer” or “you”), in connection with the use of our website, https://sensemitter.com, and any materials accessible therein (the “Website”), our Platform accessible at https://app.sensemitter.com (the “Platform”), and any related Platform or Managed Services (collectively, the “Services”).
Please read this Policy carefully to understand our privacy practices and your rights under applicable data protection laws. By accessing or using our Services, you confirm that you understand and agree to the processing of your personal information as described in this Policy.
This Privacy Policy is written and available only in English, and all communications regarding data privacy and your rights will be conducted in English, unless otherwise is provided by mandatory data protection laws of your jurisdiction.
Capitalized terms not explicitly defined herein shall have the meaning given to them in our Terms of Service.
1. Categories information we collect
We collect the following categories and types of personal information about you, whether you are conducting business as a sole trader or acting as a representative of an Entity:
- Personal information you provide to us when you register a Customer Account on our Platform, request information or materials about us (including by submitting the “Start Now” form on our Website), interact with us via third-party social media channels (e.g., LinkedIn), engage with our lead generation forms on third-party platforms, or communicate with us through our Services (e.g., submitting inquiries, comments, feedback, or contact requests), by post, email, or phone, or by subscribing to our marketing communications. This includes:
- Your identifiers, such as your full name, place of work, job title within the Entity, and any official documents confirming this data (e.g., ID card, driver’s license, or company registry documents), as well as your postal address, email address, IP address, phone number, and user account details for messengers or social networks.
- Identifiers of your colleagues, including full name, email address, and job title of your Entity’s director, CEO, or other official, or any colleague you invite to co-use the Customer Account created on our Platform.
Mandatory information required for interactions with us is marked with an asterisk (*). Failure to provide mandatory information may prevent us from offering you our Services or fulfilling your requests. You are free to provide any non-mandatory information at your discretion.
- Personal information we collect automatically through cookies and web beacons, including usage data such as browsing history, search history, online behavior, interests, and interactions with our Services and advertisements. This may include data such as your internet service provider, browser type, language preferences, browsing session duration, clicks, and links you followed. For more details, please see the section below titled “Cookies and Other Tracking Technologies.”
- Your Business Content, including any content you submit through our Services or via third-party platforms (e.g., social networks) related to our Services. This content may include comments, feedback, reviews, and any associated metadata (e.g., timestamps, location, and authorship information). We also collect text, photos, or videos submitted by you or made accessible through links provided in your Order Forms for the purpose of delivering and improving our Services.
- Information received from third parties. From time to time, we may obtain your personal data from legitimate sources, including but not limited to:
- Advertising, Measurement, and Strategic Partners: Our advertising and analytics partners may provide us with information about your activities outside our Services, such as interactions on other websites and mobile applications. These partners may also share data such as mobile advertising identifiers, hashed email addresses, phone numbers, and cookie identifiers, which we use to link your external activities to your account on our Platform.
- Payment Processors: When you conduct Transactions through the Platform, you are required to provide financial account details, such as credit card numbers, directly to our third-party payment processors. We do not collect or store full credit card details but may receive limited payment-related information, such as Transaction dates, amounts, and payment methods used.
- Other Sources: We may also collect information about you from other sources as permitted or required by applicable law, including:
- Contractors engaged in facilitating or providing Services, business, and identity verification providers, as outlined in clause 3.2 of our Terms of Service.
- Your authorized agents or third-party representatives.
- Publicly available sources.
Sensitive Personal Data. Under no circumstances do we collect or process special categories of personal data, such as information related to your race or ethnicity, religious or philosophical beliefs, sexual life, political opinions, trade union membership, health, genetic or biometric data.
No Minors Data: Our Services are intended solely for individuals over the age of 18 who possess a valid business tax ID. Consequently, we do not knowingly collect personal data from individuals under the age of 18. If it comes to our attention that such data has been collected due to misleading or false information provided by a Customer, we will promptly delete it.
Use of AI components. Our Platform integrates third-party AI technologies, including: (a) OpenAI’s GPT-4o (or other versions of OpenAI LLC’s large language models (“LLM”); and (b) Intercom’s Fin AI agent (“ChatBot”). For detailed information on how these technologies function, please refer to the official overviews of OpenAI’s technology and Intercom’s ChatBot.
We utilize LLMs to enhance your experience on the Platform, specifically to assist in generating or refining interview scripts, hypotheses, and related comments, creating illustrative images, and producing other relevant content generated in connection with our Services (“Generated Content”). By creating Generated Content, you agree to adhere to the rules and guidelines established by OpenAI LLC for End Users, including:
We will share your inputs for Generated Content with OpenAI LLC exclusively to enable content generation on the Platform. OpenAI LLC will process and store your inputs in accordance with its Enterprise privacy commitments, and will use them only as necessary to facilitate generation of content, comply with applicable laws, or enforce OpenAI’s Usage Policies.
We employ the ChatBot to provide customer support on the Platform. The ChatBot serves as the primary point of contact for customers who wish to ask questions or provide feedback. If you provide personal information via the ChatBot, we may share it with Intercom under the terms outlined in the Data Processing Agreement. This data is shared solely to facilitate real-time, 24/7 customer support. Intercom does not store your personal data. However, it may collect and process certain technical and usage data related to your interactions with the ChatBot. This data will always be anonymized to remove any personally identifiable information and will be used strictly for analyzing, improving, supporting, and operating the ChatBot.
You SHALL NOT input any personal information to LLM, and SHALL NOT share any sensitive information via ChatBot. While we take measures to protect your data, you are responsible for exercising caution when interacting with AI-driven systems to prevent unintended disclosure of sensitive information.
2. Purposes and legal bases of your personal data processing. Sharing of your personal data.
We collect and process your personal data for a range of purposes, as specified in the table below. The legal bases under which we process your personal data include:
- Consent: We collect and process your personal data based on your explicit consent, which is obtained through consent forms or checkboxes provided during your interactions with our Services. Your consent is documented and securely stored in our systems. You may withdraw your consent at any time by contacting us at [email protected].
- Contractual necessity: Processing of your personal data may be necessary for the performance of a contract to which you are a party or to take pre-contractual steps at your request.
- Legitimate interest: We may process your personal data where it is necessary for our legitimate interests, such as improving our products and Services, ensuring the security of our Platform, and maintaining business relationships. When relying on legitimate interest, we always conduct a balancing test to ensure that our interests do not override your fundamental rights and freedoms.
- Legal obligation: We process your personal data when it is necessary to comply with our legal and regulatory obligations, including tax, accounting, anti-money laundering (AML), and data protection laws.
- Vital interests and other legal bases: In exceptional cases, we may process your personal data to protect your vital interests or those of another person, or when processing is otherwise permitted under Article 6 of the GDPR.
We do not sell, rent, or trade your personal data to third parties under any circumstances.
Data Sharing
We may share your personal data with third parties only to the extent necessary to fulfill the purposes outlined in this section. Specifically, your data may be shared with the following categories of recipients:
- Business partners, vendors, service providers, and subcontractors – for the fulfillment of contractual obligations and to deliver our Services effectively.
- Analytics and search engine providers – to support the improvement, personalization, and optimization of our Services.
- Advertising networks – to enable the selection and delivery of relevant advertisements, subject to your explicit consent where required.
- Potential investors and their professional advisors – to facilitate investment and due diligence processes, subject to confidentiality obligations.
Compliance with legal obligations. We may disclose your personal data when required to comply with legal obligations, including responding to subpoenas, court orders, or lawful requests from governmental or regulatory bodies. This may include compliance with tax, banking, anti-corruption, AML, accounting regulations, or other applicable laws.
Legal rights and safety. Your personal data may also be shared if it is necessary to establish, exercise, or defend our legal rights, protect our property, enforce our agreements, or prevent fraud or other illegal activities.
We require all third parties with whom we share your data to maintain appropriate security measures and comply with applicable data protection laws. Third parties are only permitted to process your personal data for specified purposes in accordance with our instructions.
Summary Table of Processing Purposes and Legal Bases
The table below provides a summary of the purposes for processing your personal data, the corresponding legal bases, and the third parties with whom data may be shared to achieve each processing purpose.
Purpose of Processing | Legal Basis | Sub-processors with whom we share your personal information and their Privacy Policies |
To provide, customize, facilitate, and support the Services we provide to you, including performance of our contractual obligations and managing your registered user account. | Performance of a Contract | Hosting and backend service providers: Google Cloud, https://cloud.google.com/terms/cloud-privacy-notice Task tracking: Asana, lhttps://asana.com/privacy Internal communication and project discussion: Slack, https://slack.com/privacy-policy Test Design Documentation: Notion, https://www.notion.com/help/privacy Customer data management: HubSpot, https://legal.hubspot.com/privacy-policy Scheduling automation: Calendly, https://calendly.com/privacy. Creating Generated Content: GPT-4o, https://openai.com/enterprise-privacy/ |
To analyze your engagement with our Services, to improve and develop our features, and to secure our systems and applications. | Legitimate Interest | Analytics services provider: Google Cloud, https://cloud.google.com/terms/cloud-privacy-notice |
To provide you with customer support, including responding to your inquiries and requests about our Services, company, or practices. | Performance of a Contract / Legitimate Interest | Internal communication and project discussion: Slack, https://slack.com/privacy-policy Customer data management: HubSpot, https://legal.hubspot.com/privacy-policy Email service provider: Gmail, https://policies.google.com/privacy Сustomer support Chatbot service: Intercom, https://www.intercom.com/legal/privacy |
To provide you with important information about our Services, such as updates, bugs, errors, subscription renewals, changes to the ToS, or other documents constituting our contract with you. | Performance of a Contract / Other legal basis | Email service provider: Gmail, https://policies.google.com/privacy Customer data management: HubSpot, https://legal.hubspot.com/privacy-policy Brevo, https://www.brevo.com/legal/privacypolicy/ MailChimp, https://mailchimp.com/gdpr/ |
To send you marketing communications to which you have subscribed, to conduct marketing activities, including retargeting and remarketing campaigns, and to instruct our partners to identify audiences with similar characteristics to yours. | Consent | MailChimp, https://mailchimp.com/gdpr/ HubSpot, https://legal.hubspot.com/privacy-policy Apollo, https://legal.hubspot.com/privacy-policy Meta, https://www.facebook.com/privacy/policy/ Google, https://policies.google.com/technologies/ads?hl=en-US Lemlist, https://lemlist.com/privacy-policy Brevo, https://www.brevo.com/legal/privacypolicy/ |
To verify if your age or place of residence allows you to use our Services. | Legitimate Interest | None (processed internally). |
To process your payments and issue invoices | Performance of a Contract | Stripe, https://stripe.com/en-cy/privacy |
3. Cookies and other Tracking Technologies
Technologies that we use are:
Cookies are small pieces of text entered into the memory of your browser by a website, allowing the website to store information on your device and later retrieve it. They help maintain website functionality and collect information about website usage. We use this information to improve our website, present content in the most efficient and engaging manner and assist in our marketing efforts.
Web beacons are tiny images with a unique identifier, which are not stored on the hard-drive of your device, but are embedded invisibly on web pages. We use web beacons in our marketing HTML-based emails to our subscribers. This allows us to collect information about how subscribers engage with emails and analyze statistics, including open rates and click-through rates. We use this information to improve our email communications and effectiveness of marketing campaigns.
The types of cookies we use are:
(1) Session and persistent cookies:
- Session cookies last as long as your online session and disappear from your device when you close your browser.
- Persistent cookies stay on your device after you close your browser and last for a time specified in the cookie (unless deleted by you earlier).
(2) First-party and third-party cookies:
- First party cookies are set by the website. Only we can read them.
- Third-party cookies are set by someone other than our website. You may adjust your browser settings to prevent the receipt of third-party cookies, or to provide notification whenever such third-party cookies are sent to you.
While the cookies that we use may change from time to time as we improve and update the website, they serve the following main purposes:
- Strictly necessary cookies are essential for the operation of the website, so that you can navigate it and use its features. Without them some parts of the website will not work.
- Functionality cookies allow the website to remember choices you make to provide better functionality and personalized features. These cookies may be set by us or by third-party services we have added to our pages. If you do not allow them then some or all of these services may not function properly.
- Analytics and performance cookies help us improve the performance of the website based on the information about how the website is used, for example, page views and traffic sources.
- Advertising and marketing cookies may be used to build a profile of your interests and show you relevant adverts on other websites. These cookies can be set through the website by us or our partners.
The list of cookies used on our Website and Platform is continuously monitored and displayed in real-time through Cookie Script and/or Cookiebot. You can view the complete list of cookies, including their purpose, duration, and data usage details, at any time. Additionally, you can manage your cookie preferences in real-time via the cookie pop-up available on the Website and Platform landing pages.
From time to time we may also use third party cookies, including to display remarketing/retargeting advertisements across the internet. We engage Google Ads, MS Bing Ads, LinkedIn Ads, X Business Ads, (based upon the user’s previous visits to this site or based on email addresses that we have collected).
You can delete the cookies installed in the past and manage preferences for cookies in your browser settings. How to manage cookies in the most popular browsers:
- Safari: https://support.apple.com/guide/safari/manage-cookies-and-website-data-sfri11471/mac
- Google Chrome: https://support.google.com/chrome/answer/95647?hl=en
- Firefox: https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer
- Internet Explorer: https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies
You can manage preferences for third-party cookies via the tools provided by those parties. For example, you can manage Google’s cookies by visiting Google Ad Settings or installing Google Analytics Opt-out Browser Add-on.
You may also follow the instructions provided by the EDAA (EU), the Network Advertising Initiative (US), the Digital Advertising Alliance (US), DAAC (Canada), DDAI (Japan) or other similar services. Such initiatives allow you to select tracking preferences for most of the advertising tools.
If you block or delete cookies in your browser settings, this may mean that the website preferences will be lost and that you might not be able to access or use some of its features.
4. Where we process and transfer your information
We host and process your data in Europe (and the hosting services are purchased by us from Google Cloud. We may transfer personal data to jurisdictions outside of your home country and outside of European Economic Area (EEA) as necessary for the purposes of processing. You are entitled to learn about the legal basis of data transfers to a country outside the EU and about the security measures we take to safeguard your information. If we transfer personal data originating from the EEA to countries with not adequate level of data protection, we use one of the following legal bases: (i) Standard Contractual Clauses approved by the European Commission, or (ii) the European Commission adequacy decisions about certain countries.We take all steps necessary to provide suitable safeguards to protect your personal data during the cross-border transfer and to ensure that your data is treated in accordance with this Privacy Policy.
5. How we protect your information
We are committed to safeguarding your personal and confidential information (“PCI”) through robust technical and organizational measures. Our security framework is designed to protect PCI from unauthorized access, use, disclosure, copying, modification, destruction, and accidental loss or misuse.
5.1. Security Measures in Place. We implement industry-standard security controls, including but not limited to:
- Access Controls: we enforce strict access controls to ensure that only authorized personnel and contractors can access your PCI, based on the principle of least privilege: (i) Reports, Customer Materials, research hypotheses, are accessible only to authorized personnel, such as analysts and account managers, based on operational necessity; (ii) any Reports, analyses, or insights shared with you are protected through password-protected documents and restricted access protocols.
- Data Encryption: to prevent unauthorized access, tampering, or interception of PCI, we employ strong encryption mechanisms: (i) in transit: we utilize 256-bit SSL/TLS 1.2 encryption to secure data while it is transmitted from us to you; (ii) at rest: all data stored within our infrastructure is encrypted using AES-256 industry standards, ensuring an additional layer of protection; (ii) backups: regular encrypted backups are maintained to ensure data availability and integrity in the event of an incident.
- Secure Infrastructure: all our Services’ infrastructure is hosted within Google Cloud, utilizing state-of-the-art security controls to protect against unauthorized network requests. Google Cloud is ISO/IEC 27001, SOC 1/2/3, and GDPR-compliant, providing a secure environment for our services. More details on Google Cloud’s security standards can be found in their Compliance Programs.
- Regular Security Audits: we conduct regular penetration testing, vulnerability assessments, and security audits to proactively identify and mitigate potential risks.
- Antivirus and Intrusion Prevention Systems (IPS): deployed to monitor and prevent unauthorized access and potential threats in real-time.
- Incident Response: we have established protocols to promptly address any suspected data breaches and will notify you and applicable regulators within legally required timeframes if a breach occurs.
5.2. Privacy Commitment. We are fully dedicated to compliance with the GDPR and other applicable data protection laws. Our privacy measures include:
- Mandatory Non-Disclosure Agreements for all employees, Respondents and contractors handling your PCI.
- Regular employee training on data protection best practices and GDPR compliance.
6. How you can control your information
If you reside in one of EEA jurisdictions, you have the following rights in relation to the processing of your information:
- Right to request access. You may obtain confirmation as to whether or not we process your information, learn about the details of such processing and obtain a copy of the information that we process.
- Right to request correction. You may verify the accuracy of your information and ask us to update or correct it. We may need to verify the accuracy of the new data you provide to us.
- Right to request erasure. You may ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing, where we may have processed your information unlawfully or where we are required to erase your personal data to comply with the law. However, we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
- Right to object to processing. At any time on grounds relating to your particular situation you have a right to object to processing of your personal data where we are relying on a legitimate interest (or those of a third party). You have the right to object to processing of your personal data for direct marketing purposes and unsubscribe (opt out) from marketing communications at any time by clicking the unsubscribe link in any of these emails or by contacting us at the email specified at the bottom of this section.
- Right to request restriction of processing. You may ask us to suspend the processing of your personal data where one of the following applies: (a) if you want us to establish the data’s accuracy; (b) if the processing of personal data is unlawful but you do not want us to erase it; (c) if we no longer require your personal data but you need us to hold the data since you need it to establish, exercise or defend legal claims; (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- Right to request the transfer of your personal data to you or to a third party. You may ask us to provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. This right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Right to withdraw consent. If you have previously provided us with your consent to collect and process your personal data, you can change your mind and withdraw such consent at any time. However, this will not affect the lawfulness of any processing carried out before withdrawal. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time of withdrawal.
- Right to complaine to a supervisory authority. If you are unhappy with the way in which your personal data has been processed, you may contact us. If you remain dissatisfied, you may lodge a complaint to your national data protection supervisory authority: https://edps.europa.eu/.
To exercise these rights, you can contact us by submitting an access request by emailing us by email address at the bottom of this section.
If you reside in the United States of America (USA), you have rights under certain USA state data protection laws. However, these rights are not absolute, and in certain cases, we may decline your request as permitted by law. These rights include:
- Access. Right (1) to know whether or not we are processing your personal information, (2) to access your personal information, and (3) to obtain a copy of the personal information you disclosed to us, and as permitted by applicable law, including the "Shine The Light" law, (4) to obtain a list of specific third parties to which we have disclosed personal information, (5) to obtain a list of categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year.
- Rectification. Right to correct inaccuracies in your personal information.
- Erasure. Right to request the deletion of your personal information. Please notice, that we have to keep certain personal information in our files after fulfilling such request, including data required to be kept in accordance with the law or to protect our rights, in particular in the context of court proceeding. The right to delete data may be limited by law or provisions related to freedom of expression and information.
- Opt out of sale and sharing. Right to opt out, under certain applicable laws, of (1) the sharing, meaning the processing for targeted advertising, of your personal information, (2) the sale of personal information, or (3) profiling in furtherance of decisions that produce legal or similarly significant effects (profiling).
You can opt out from the selling of your personal information of internet or other electronic network activity, targeted advertising, or profiling by disabling cookies in your browser’s cookie preference settings.
- Right to limit use and disclosure of sensitive personal information, namely, to direct us to limit the use of your sensitive personal information that you disclose to us, to that use which is necessary to provide our services and granted by certain applicable laws.
- Withdrawing your consent. If we are relying on your consent to process your personal information, which may be express and/or implied consent depending on the applicable law, you have the right to withdraw your consent at any time.
- Non-discrimination. Right to not been discriminated for exercising your rights. Please notice that because to the nature of our services, opting out of sharing and sale of your personal information restricts us from providing your application to lenders.
Under certain US state data protection laws, you can designate an authorized agent to make a request on your behalf. We may deny a request from an authorized agent that does not submit proof that they have been validly authorized to act on your behalf in accordance with applicable laws. If you submit the request through an authorized agent, we may need to collect additional information to verify your identity before processing your request and the agent will need to provide a written and signed permission from you to submit such request on your behalf.
Under certain US state data protection laws, if we decline to take action regarding your request, you may appeal our decision by emailing us by email address at the bottom of this section. We will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If your appeal is denied, you may submit a complaint to your state attorney general.
If you wish to exercise any of the rights set out above, please contact us at [email protected]. We will process your request free of charge and as early as possible, but always within one month. Note that before acting on any such request, we will need to verify your identity and may ask you for additional information. We will only use personal information provided in your request to verify your identity or authority to make the request. However, if we cannot verify your identity from the information already maintained by us, we may request that you provide additional information for the purposes of verifying your identity and for security or fraud-prevention purposes. We may not be able to honor your request if we won’t verify your identity.
7. How long we keep your information
We keep your information for as long as it is necessary for the purposes outlined in the section 2 above. We may retain your information if required to do so by law or upon an order of a state authority.
8. Links to third-party websites
The Website may contain links to third-party websites that are not administered by us and are not governed by this Privacy Policy. We encourage you to familiarize yourself with the privacy policies and security practices of the linked third-party websites before providing them any personal data.
9. Marketing Practices
We will send you marketing communications only if you consented to receive such messages and materials. You can unsubscribe from our marketing and promotional communications at any time by clicking on the unsubscribe link in the emails that we send, replying "STOP" to the SMS messages that we send, or by clicking “Unsubscribe” at the bottom of the marketing email. You will then be removed from the marketing lists. Please notice that we may still communicate on other matters, such as Service-related messages that are necessary for the administration and use of your account, response to service requests, other non-marketing purposes.
10. Changes to the Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our data processing practices, regulatory requirements, or to address feedback received from our customers. Any changes will be published on this page, and we encourage you to review it regularly to stay informed about how we protect your information. When we post changes, we revise the "Last Updated" date at the top of this policy.
If we make any material changes in the way we collect, use or share your information, we will notify you by prominently posting notice of the changes on our Website and Platform, and if required by applicable law we will request your consent for such changes.
11. Contact Information
If you have questions or comments regarding this Privacy Policy and our privacy practices, or you have any requests to exercise your legal rights, please contact us at: [email protected]
Registered address: Spyrou Araouzou, 2, FAYSA HOUSE, 2nd floor, Flat/Office 201, 3036, Limassol, Cyprus
Main Definitions
Personal data, personal information: Any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier.
Data subject: The natural person to whom the personal data refers.
Processing of personal data: Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. For the purposes of CCPA 2018 “sharing” of personal data shall not be read or mean “sale” of personal data.