Privacy Policy

Last updated: May 2025 · Version 1.0 · Seneca Systems Ltd

Contents

Who we are
Data we collect and how we collect it
How we use your data
Lawful basis for processing
Who we share your data with
International transfers
How long we keep your data
Your rights
Cookies
Security
Children
Changes to this policy
Contact and complaints

1. Who we are

AiSensa is a product of Seneca Systems Ltd, a company incorporated in Scotland (Company Number: SC882090), with its registered office at:

Seneca Systems Ltd
Wavell Drive, Carlisle, CA1 2SA
Scotland, United Kingdom

In this policy, "we", "us", and "our" refer to Seneca Systems Ltd. We are the data controller for personal data collected through the AiSensa website (aisensa.ai) and in connection with our services.

We are subject to the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Where we process the personal data of individuals in the European Economic Area (EEA), we are also subject to the EU GDPR.

We are not currently required to register with the Information Commissioner's Office (ICO) as a data controller, but we are committed to full compliance with applicable data protection law. If our processing activities change and registration becomes required, we will do so promptly.

2. Data we collect and how we collect it

We collect personal data in the following ways:

2.1 Data you provide directly

When you book a Discovery Session or Consultation through our website (via Cal.com), or when you contact us by email, you provide us with:

Your name
Your email address
Your job title or role
Your firm or organisation name
Your sector
Firm size (approximate)
Any information you choose to share in free-text fields (e.g. the problem you are trying to solve)

2.2 Data collected automatically

When you visit our website, we may collect certain technical data automatically, including:

IP address
Browser type and version
Operating system
Pages visited and time spent
Referring URL

This data is collected through standard web server logs and, where applicable, cookies (see Section 9).

2.3 Data from third-party scheduling tools

We use Cal.com to manage meeting bookings. When you book a session, your data is processed by Cal.com in accordance with their privacy policy. We receive the data you submit as part of the booking process and store it in our own systems for the purposes set out in Section 3.

3. How we use your data

Purpose	Data used
To confirm and manage meeting bookings	Name, email, role, firm, sector
To prepare for and conduct Discovery Sessions and Consultations	All booking form data including free-text responses
To respond to enquiries sent by email	Name, email, message content
To follow up after meetings where there is a legitimate business interest in doing so	Name, email, firm, notes from the meeting
To improve our website and services	Anonymised technical and usage data
To comply with legal obligations	As required by applicable law

We do not use your personal data for automated decision-making or profiling.

4. Lawful basis for processing

We rely on the following lawful bases under UK GDPR Article 6:

Contract (Article 6(1)(b)): Processing necessary to take steps prior to entering into a contract — for example, managing a Discovery Session booking.
Legitimate interests (Article 6(1)(f)): Following up with prospective clients after an initial meeting, where we have assessed that our interests are not overridden by your rights and interests.
Legal obligation (Article 6(1)(c)): Where processing is required to comply with a legal obligation to which we are subject.
Consent (Article 6(1)(a)): Where we rely on your consent, for example for the use of non-essential cookies. You may withdraw consent at any time.

We do not sell your personal data to third parties. We share your data only in the following circumstances:

Cal.com — our scheduling tool, which processes booking data on our behalf as a data processor.
Microsoft 365 — we use Microsoft Teams for meetings and Microsoft 365 for business communications and productivity. Data processed within Microsoft 365 is subject to Microsoft's data processing terms.
Professional advisers — including legal advisers, accountants, or insurers, where necessary and subject to confidentiality obligations.
Law enforcement or regulatory authorities — where required by law or a court order.

Where we share your data with third-party processors, we ensure that appropriate data processing agreements are in place.

6. International transfers

Our primary infrastructure is hosted on Microsoft Azure UK South. All data processed in connection with the AiSensa platform is stored within the United Kingdom.

Some of our third-party service providers may process data outside the UK or EEA. Where this occurs, we ensure that appropriate safeguards are in place, including:

Transfers to countries recognised by the UK Secretary of State as providing adequate protection (adequacy regulations under the UK GDPR);
UK International Data Transfer Agreements (IDTAs) or EU Standard Contractual Clauses (SCCs) where applicable; or
Other lawful transfer mechanisms as recognised under UK GDPR.

The UK has been granted adequacy status by the European Commission, meaning that transfers of personal data from the EEA to the UK are permitted without additional safeguards.

7. How long we keep your data

Data type	Retention period
Booking and meeting data (where no contract follows)	12 months from the date of the meeting
Booking and meeting data (where a client engagement follows)	Duration of the engagement plus 6 years
Email correspondence	3 years from last contact, unless part of an active engagement
Website technical/usage data	13 months
Data held for legal compliance purposes	As required by applicable law

We will securely delete or anonymise personal data when it is no longer needed for the purposes for which it was collected.

8. Your rights

Under UK GDPR (and EU GDPR where applicable), you have the following rights in relation to your personal data:

Right of access — to request a copy of the personal data we hold about you.
Right to rectification — to request that inaccurate or incomplete data is corrected.
Right to erasure — to request deletion of your data where there is no longer a legitimate reason for us to hold it.
Right to restrict processing — to request that we limit the way we use your data in certain circumstances.
Right to data portability — to receive your data in a structured, machine-readable format where processing is based on consent or contract and is carried out by automated means.
Right to object — to object to processing based on legitimate interests, or to direct marketing.
Right to withdraw consent — where processing is based on consent, to withdraw that consent at any time without affecting the lawfulness of processing prior to withdrawal.
Rights related to automated decision-making — we do not carry out automated decision-making or profiling that produces legal or similarly significant effects.

To exercise any of these rights, please contact us at info@aisensa.ai. We will respond within one calendar month. We may need to verify your identity before processing your request.

9. Cookies

Our website may use cookies and similar tracking technologies. Cookies are small text files stored on your device when you visit a website.

Essential cookies

Some cookies are strictly necessary for the website to function. These do not require your consent.

Analytics and performance cookies

Where we use analytics tools to understand how visitors use our site, we will obtain your consent before setting these cookies. You may withdraw consent by adjusting your browser settings or using our cookie preference centre where available.

We do not currently use advertising or targeting cookies.

10. Security

We take the security of your personal data seriously. We implement appropriate technical and organisational measures to protect your data against unauthorised access, loss, destruction, or alteration. These measures include:

Hosting on Microsoft Azure with enterprise-grade security controls
Access controls limiting who within our organisation can access personal data
Encryption of data in transit and at rest where appropriate
Regular review of our security practices

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office (ICO) within 72 hours where required, and will inform affected individuals without undue delay where the risk is high.

11. Children

Our website and services are directed at business professionals and are not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us and we will delete it promptly.

12. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically.

Continued use of our website following any changes constitutes acceptance of the updated policy.

13. Contact and complaints

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us:

Seneca Systems Ltd — Data Controller

Email: info@aisensa.ai

Registered in Scotland · Company Number: SC882090

For data protection enquiries, please include "Data Protection" in your subject line.

If you are not satisfied with our response, or believe we are processing your data unlawfully, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Website: ico.org.uk
Telephone: 0303 123 1113
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

If you are located in the EEA, you also have the right to lodge a complaint with your local supervisory authority.