Legal

Privacy Policy

Last updated: May 2025

SensiHub ("we", "our", "us") operates the SensiHub data governance platform. This policy explains what information we collect, how we use it, and your rights.

1. Information We Collect

Account information: When you register, we collect your name, email address, and password (stored as a hash).

Scan metadata: The SensiHub agent and cloud integrations scan your files and report metadata — file names, paths, sizes, modification dates, and detected data categories (e.g. "PII", "HIPAA"). We do not store raw file contents on our servers.

Usage data: We collect standard server logs including IP addresses, browser type, pages visited, and timestamps to operate and improve the service.

Payment information: Billing is handled by Stripe. We do not store credit card numbers. We receive confirmation of subscription status from Stripe.

2. How We Use Your Information

To provide and operate the SensiHub service
To send scan completion notifications and alerts you configure
To send account-related emails (password resets, team invitations)
To detect abuse and enforce our Terms of Service
To improve the platform based on aggregated, anonymised usage patterns

We do not sell your data to third parties. We do not use your scan results for advertising.

3. Data Sharing

We share data only with the following service providers who process it on our behalf:

Railway — cloud infrastructure and database hosting
Stripe — payment processing
Resend — transactional email delivery

Each provider is contractually bound to protect your data and use it only to provide services to us.

4. Data Retention

We retain your account data and scan findings for as long as your account is active. If you delete your account, your data is purged within 30 days. Quarantined findings follow your organisation's configured retention policy.

5. Security

All data is transmitted over HTTPS. Credentials (API keys, cloud tokens) are stored encrypted at rest. We apply role-based access controls so team members only see data scoped to their organisation.

6. Your Rights

Depending on your location, you may have rights to access, correct, delete, or export your personal data. To exercise these rights, email us at privacy@sensihub.app. We will respond within 30 days.

EU/UK users: SensiHub processes personal data under a legitimate interests basis for service operation and with consent for marketing communications. You may withdraw consent at any time.

7. Cookies

We use a single session cookie required for authentication. We do not use advertising or tracking cookies.

8. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes by email or by posting a notice in the application. Continued use after changes constitutes acceptance.

9. Contact

Questions about this policy? Email privacy@sensihub.app.