Senzor Platforms Inc. is fully committed to compliance with the General Data Protection Regulation (GDPR). We have architected our platform, operational protocols, and legal frameworks to ensure that the data of European Union (EU) and United Kingdom (UK) residents is handled with the highest standards of privacy and security.
Cross-Border Transfers
We utilize Standard Contractual Clauses (SCCs) approved by the European Commission to ensure adequate protection for data transferred outside of the EEA/UK to our US-based infrastructure.
Data Minimization
Our platform strictly enforces per-document Time-To-Live (TTL) indexes. Telemetry data is automatically expunged from our databases at the end of your plan's retention window (3 to 90 days), minimizing your compliance footprint.
1. Data Processing Agreement (DPA)
Senzor offers a comprehensive Data Processing Agreement (DPA) that governs the relationship between you (the Data Controller) and Senzor (the Data Processor) under the GDPR.
Our DPA includes the necessary Standard Contractual Clauses (SCCs) and details our technical and organizational measures (TOMs). Enterprise Customers may request a countersigned copy of our DPA by contacting our support team.
2. Lawful Basis for Processing
When acting as a Data Controller (managing your administrative account data), we process personal data based on the following lawful bases:
- Performance of a Contract: Processing necessary to provide the Senzor platform and fulfill our Terms of Service.
- Legitimate Interests: Processing necessary to secure our platform, prevent fraud, and improve our services.
- Compliance with Legal Obligations: Processing necessary for tax, accounting, and legal requirements.
3. Data Subject Access Requests (DSAR)
The GDPR grants specific rights to individuals regarding their personal data. We support your ability to honor these rights.
- Right of Access & Portability: You can export your operational dashboards and metrics directly from the platform.
- Right to Erasure (Right to be Forgotten): You may delete your account, servers, and entire workspaces from the dashboard. This triggers a cascading, hard deletion of all associated telemetry and metadata across our databases.
- Assistance: If an end-user submits a DSAR to you regarding telemetry data captured by Senzor, we will provide reasonable technical assistance to help you fulfill the request, though telemetry data is inherently anonymized and ephemeral.
4. Prohibited Data (The Customer's Obligation)
Senzor is an infrastructure and application observability platform, not a secure vault for Personal Data. To maintain compliance and limit liability, Customers are strictly prohibited by our Terms of Service from sending Personally Identifiable Information (PII) into Senzor logs, traces, or custom metrics.
You must sanitize, mask, or redact PII (e.g., clear-text email addresses, social security numbers, passwords) at the edge before it is transmitted to our ingestion APIs.
5. Incident Response & Breach Notification
In the event of a personal data breach impacting our systems, Senzor will notify affected Customers without undue delay (and within the timeframe required by the GDPR) after becoming aware of the breach. We will provide necessary information to assist you in meeting your own regulatory reporting obligations.