Our policies
Learn about our policies and how we protect your data.
Privacy policy
Last updated: 2025-10-03
1. About This Policy
This Privacy Policy explains how we collect, use and protect personal data when you visit this website.
2. Data We Collect
• Information you submit via forms (e.g. name, email, company)
• Basic technical data such as IP address, browser type, device, and usage analytics (if enabled)
• Cookies or similar technologies used for essential site functions and optional analytics
3. Legal Basis for Processing (GDPR Art. 6)
We process your personal data based on:
• Legitimate interest – to improve our website and respond to visitor inquiries
• Consent – for optional analytics or marketing cookies
• Legal obligations – to comply with EU/EEA law
4. Purpose of Processing
We use the data to operate the site, improve functionality, and (if you opt in) contact you about updates or services.
5. Data Retention
Personal data is retained only as long as necessary for the purposes described above, after which it is securely deleted or anonymised.
6. Your GDPR Rights
You have the right to:
• Access and receive a copy of your data
• Rectify inaccurate or incomplete data
• Request deletion (“right to be forgotten”)
• Restrict or object to processing
• Withdraw consent at any time
• Lodge a complaint with your local Data Protection Authority
7. Data Security
We apply appropriate technical and organisational measures to protect personal data against accidental loss, unauthorised access, or misuse.
8. Data Sharing & Transfers
We do not sell personal data. Data may be shared only with trusted service providers who act on our behalf under strict confidentiality and comply with GDPR.
If data is transferred outside the EEA, adequate safeguards such as EU Standard Contractual Clauses will apply.
9. Updates to This Policy
We may update this Privacy Policy from time to time. The “Last updated” date at the top will reflect the latest version.
10. Contact
For privacy-related questions or requests, please contact us.
Terms of Service
Last updated: 2025-10-03
1. Acceptance of Terms
By accessing or using this website you agree to these Terms of Service.
2. Website Purpose
This website provides information about our AI-driven solutions for the insurance industry.
It may also offer waitlist forms features.
3. Intellectual Property
All text, logos, graphics, and other content on this website are protected by intellectual property laws.
You may not reproduce or distribute them without prior permission.
4. User Responsibilities
You agree not to misuse the website or attempt to disrupt its operation.
5. Disclaimers
This site and its content are provided “as is”, without warranties of any kind.
We do not guarantee that the website will be error-free or uninterrupted.
6. Limitation of Liability
To the fullest extent permitted by law, we will not be liable for any indirect, incidental or consequential damages arising from use of this site.
7. Governing Law
These Terms are governed by and construed in accordance with the laws of the European Union and applicable national law.
Disputes shall be handled by the competent courts of Sweden.
8. Contact
Questions about these Terms can be addressed through our contact form.
Cookie Policy
Last updated: 2025-10-03
1. What Are Cookies
Cookies are small text files stored on your device that help websites function or collect information about usage.
2. Types of Cookies Used
• Essential cookies – required for core site functions (e.g. security, basic load balancing)
• Analytics cookies – help us understand visitor interactions to improve the website (used only with your consent)
• Optional/marketing cookies – not currently in use, but if introduced will require prior consent
3. Cookie Management
You can adjust or withdraw your cookie consent at any time using the cookie banner (if displayed) or by changing browser settings.
You may also delete cookies already stored on your device.
4. Third-Party Cookies
If we use third-party analytics or embedded services, their cookies may also be stored. These providers are required to comply with GDPR.
5. Contact
For questions about cookies or your preferences please contact us through our contact form.
Privacy policy for Sensa application
Last updated: October 9, 2025
1. Introduction
Sensa AI AB ("we", "us", "our") is committed to protecting your privacy and personal data in accordance with the EU General Data Protection Regulation (GDPR) and Swedish Data Protection Act (Dataskyddslagen 2018:218).
This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you use our Service.
Data Controller: Sensa AI
Email: support@getsensa.io
Privacy Contact: privacy@getsensa.io
2. Personal Data We Collect
2.1 Data You Provide Directly
When you create an account and use our Service, we collect:
Account Information: Email address, password (hashed), display name
Organization Information: Organization name, role within organization
Profile Data: Avatar image (optional), user preferences, language settings
Communication Data: Support requests, feedback, correspondence
2.2 Data Collected Automatically
Usage Data: Features accessed, messages sent, documents processed, timestamps
Technical Data: IP address, browser type and version, device information, operating system
Audit Logs: All actions within the system (for security, compliance, and accountability)
Performance Data: Error logs, crash reports, API response times
2.3 Data You Upload or Process
Important: When you upload documents or process data through our Service, this data belongs to your organization (you are the Data Controller). We process this data on your behalf as a Data Processor.
Documents: Insurance claims, policies, evidence packs, and other files you upload
Extracted Data: Information extracted from documents via AI processing
Chat Messages: Conversations with our AI assistant, including queries and responses
Structured Data: Tables, cells, columns created in tabular reviews
3. Lawful Basis for Processing (GDPR Article 6)
We process your personal data based on the following lawful bases:
3.1 Contract Performance (Art. 6(1)(b))
Processing necessary to provide the Service you signed up for, including account management, authentication, and service delivery.
3.2 Legal Obligation (Art. 6(1)(c))
Processing required by Swedish and EU law, including:
Tax and accounting requirements (Bokföringslagen)
Anti-money laundering regulations
Data breach notification obligations
3.3 Legitimate Interest (Art. 6(1)(f))
Processing necessary for our legitimate interests, including:
Security monitoring and fraud prevention
Service improvement and analytics
Technical troubleshooting and support
Business intelligence and product development
We have balanced these interests against your rights and determined that processing is necessary and proportionate.
3.4 Consent (Art. 6(1)(a))
Where required, we obtain your explicit consent, such as for:
Marketing communications (which you can withdraw at any time)
Optional features that require additional data processing
4. How We Use Your Personal Data
We use your personal data for the following purposes:
4.1 Service Provision
Authenticate and manage your account
Process AI requests and generate analyses
Store and retrieve your documents
Provide customer support
Send service-related communications (password resets, security alerts)
4.2 Security and Compliance
Detect and prevent fraud, abuse, and security incidents
Maintain comprehensive audit logs for accountability
Enforce our Terms of Service
Comply with legal obligations and respond to law enforcement requests
4.3 Service Improvement
Analyze usage patterns to improve features
Conduct research and development
Perform quality assurance testing
Generate anonymized analytics and statistics
Note: We do NOT use your uploaded documents or processed data to train AI models or for any purpose other than providing the Service to you.
5. Data Sharing and Disclosure
5.1 Sub-Processors
We share data with the following sub-processors who assist in providing the Service:
OpenAI (USA): AI processing (GPT-5 model). Data Processing Agreement in place. Transfer basis: EU-US Data Privacy Framework and Standard Contractual Clauses.
Supabase (USA): Database hosting and authentication. Data Processing Agreement in place. Transfer basis: Standard Contractual Clauses and appropriate safeguards.
All sub-processors are contractually required to implement appropriate security measures and process data only as instructed by us.
5.2 Legal Requirements
We may disclose your data if required by Swedish or EU law, including:
Court orders or legal process
Requests from Integritetsskyddsmyndigheten (IMY) or other regulatory authorities
Protection of our rights, property, or safety
Prevention of fraud or criminal activity
5.3 Business Transfers
If Sensa AI is involved in a merger, acquisition, or asset sale, your personal data may be transferred. We will provide notice and ensure the new entity honors this Privacy Policy.
5.4 No Selling of Data
We do NOT sell, rent, or trade your personal data to third parties for marketing purposes.
6. International Data Transfers
Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA), specifically the United States.
Safeguards: We ensure adequate protection through:
Standard Contractual Clauses (SCCs) approved by the European Commission
EU-US Data Privacy Framework (for certified organizations like OpenAI)
Technical and organizational measures (encryption, access controls)
Data Processing Agreements with all processors
You may request copies of the safeguards by contacting privacy@getsensa.io.
7. Data Security
We implement industry-standard security measures to protect your personal data:
7.1 Technical Measures
Encryption: All data encrypted at rest (AES-256) and in transit (TLS 1.3)
Access Control: Row-level security, multi-factor authentication, role-based access
Network Security: Firewalls, intrusion detection, DDoS protection
Secure Development: Code reviews, security testing, vulnerability scanning
7.2 Organizational Measures
Employee confidentiality agreements
Security training and awareness programs
Incident response procedures
Regular security audits and penetration testing
Data minimization and pseudonymization where possible
7.3 Data Breach Notification
In the event of a data breach affecting your personal data, we will notify you and Integritetsskyddsmyndigheten (IMY) within 72 hours as required by GDPR Article 33, providing:
Nature of the breach and categories of data affected
Likely consequences of the breach
Measures taken to address the breach
Recommended actions for affected individuals
8. Data Retention
We retain your personal data for as long as necessary to fulfill the purposes described in this Policy:
Account Data: Retained while your account is active, plus 30 days after account deletion
Uploaded Documents: Retained while your account is active, deleted 30 days after account deletion
Audit Logs: Retained for 7 years (required by Swedish accounting law - Bokföringslagen)
Financial Records: Retained for 7 years (tax and accounting obligations)
Support Correspondence: Retained for 3 years
Usage Analytics: Aggregated and anonymized after 24 months
You may request deletion of your data at any time (subject to legal retention requirements) by contacting privacy@getsensa.io or using the account deletion feature.
9. Your Rights Under GDPR
You have the following rights regarding your personal data:
9.1 Right of Access (Art. 15)
You may request a copy of all personal data we hold about you. We will provide this within 30 days at no charge (unless the request is manifestly unfounded or excessive).
9.2 Right to Rectification (Art. 16)
You may correct inaccurate or incomplete personal data through your account settings or by contacting us.
9.3 Right to Erasure / "Right to be Forgotten" (Art. 17)
You may request deletion of your personal data. We will comply unless we have a legal obligation to retain it (e.g., tax records, audit logs required by law).
9.4 Right to Restriction of Processing (Art. 18)
You may request that we limit how we process your data in certain circumstances, such as while verifying data accuracy.
9.5 Right to Data Portability (Art. 20)
You may request your data in a machine-readable format (JSON, CSV) and transfer it to another service. This feature is available in your account settings under "Export Data".
9.6 Right to Object (Art. 21)
You may object to processing based on legitimate interests. We will stop processing unless we have compelling legitimate grounds that override your interests.
9.7 Right to Withdraw Consent (Art. 7(3))
Where processing is based on consent, you may withdraw it at any time. This does not affect the lawfulness of processing before withdrawal.
9.8 Right to Lodge a Complaint
You have the right to lodge a complaint with the Swedish Data Protection Authority (Integritetsskyddsmyndigheten):
Integritetsskyddsmyndigheten (IMY)
Box 8114
104 20 Stockholm, Sweden
Phone: 08-657 61 00
Email: imy@imy.se
Website: www.imy.se
How to Exercise Your Rights
To exercise any of these rights, contact us at:
Email: privacy@getsensa.io
We will respond within 30 days and may request additional information to verify your identity.
10. Cookies and Tracking
10.1 Strictly Necessary Cookies
We use essential cookies for authentication and security. These cannot be disabled as they are necessary for the Service to function:
Session Cookies: Maintain your login session
Security Cookies: Detect fraud and abuse
Preferences: Remember your language and display settings
10.2 Analytics (Optional)
With your consent, we may use analytics to improve our Service. You can opt out in Settings.
10.3 No Third-Party Advertising
We do NOT use advertising cookies or share data with advertising networks.
11. Children's Privacy
Our Service is not directed to individuals under 18 years of age. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us at privacy@getsensa.io, and we will delete it promptly.
12. Automated Decision-Making and Profiling
AI-Generated Outputs: Our Service uses AI to analyze documents and generate insights. However:
We do NOT use AI for automated decision-making that produces legal effects or similarly significantly affects you (GDPR Article 22)
All AI outputs are advisory and require human review and validation
We do NOT engage in profiling for marketing or behavioral prediction
You have the right to obtain human intervention, express your point of view, and contest AI-generated decisions
Important: If you use our AI outputs in your own decision-making processes affecting individuals, YOU are responsible for ensuring GDPR compliance, including transparency and safeguards for automated decisions.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or Service features.
Notification: We will notify you of material changes by:
Email to your registered email address
Prominent notice in the Service
At least 30 days before changes take effect
Your continued use of the Service after changes become effective constitutes acceptance. If you do not agree with changes, you may terminate your account.
14. Contact Information
For questions or concerns about this Privacy Policy or our data practices, contact:
Email: privacy@getsensa.io
Support: support@getsensa.io
Response Time: We will respond to all privacy inquiries within 30 days.
15. Data Processing Agreement (DPA)
If you are processing personal data through our Service (i.e., you are a Data Controller and we are your Data Processor), a separate Data Processing Agreement is available upon request at privacy@getsensa.io. The DPA includes:
Subject matter, nature, and purpose of processing
Types of personal data and categories of data subjects
Your instructions to us regarding data processing
Our obligations regarding security, confidentiality, and sub-processors
Data subject rights assistance
Data breach notification procedures
International data transfer mechanisms
Audit rights and compliance verification
This Privacy Policy is compliant with GDPR (Regulation EU 2016/679), Swedish Data Protection Act (Dataskyddslagen 2018:218), and Swedish Electronic Communications Act (Lag om elektronisk kommunikation 2022:482).
Terms of Service for Sensa application
Last updated: October 9, 2025
Introduction
These Terms of Service ("Terms") govern your access to and use of Sensa AI ("Service", "Platform", "we", "us", or "our"), a software-as-a-service platform that provides artificial intelligence-powered tools for insurance claims and policy analysis.
By accessing or using our Service, you agree to be bound by these Terms and our Privacy Policy. If you do not agree to these Terms, you may not access or use the Service.
Operator: Sensa AI
Contact: support@getsensa.io
Service Description
Sensa AI provides AI-powered document analysis, claims processing assistance, and policy review tools specifically designed for insurance professionals. The Service includes:
AI-powered chat interface for policy and claims analysis
Tabular review and data extraction from insurance documents
Document database management and search
Audit logging and compliance tracking
Important Notice: Sensa AI is a decision-support tool and does not replace professional judgment. All AI-generated outputs must be reviewed and validated by qualified insurance professionals before being used in decision-making processes.
Eligibility and Account Registration
To use the Service, you must:
Be at least 18 years old
Be authorized to represent and bind your organization
Provide accurate, current, and complete information during registration
Maintain the security of your account credentials
Notify us immediately of any unauthorized access to your account
You are responsible for all activities that occur under your account. We reserve the right to suspend or terminate accounts that violate these Terms or applicable laws.
Acceptable Use Policy
You agree NOT to:
Use the Service for any unlawful purpose or in violation of Swedish or EU law
Upload or process documents containing malware, viruses, or malicious code
Attempt to gain unauthorized access to our systems or other users' data
Reverse engineer, decompile, or disassemble any part of the Service
Use the Service to discriminate against individuals based on protected characteristics
Circumvent usage limits, rate limiting, or access controls
Share your account credentials with unauthorized persons
Use the Service to process personal data in violation of GDPR
Violation of this policy may result in immediate suspension or termination of your account and may be reported to relevant authorities, including Datainspektionen (Swedish Data Protection Authority).
Data Processing and GDPR Compliance
5.1 Controller-Processor Relationship: Your organization acts as the Data Controller for any personal data you upload or process through the Service. Sensa AI acts as a Data Processor on your behalf.
5.2 Data Processing Agreement: By using the Service, you agree to our Data Processing Agreement (DPA), which is incorporated into these Terms by reference. The DPA governs how we process personal data on your behalf in compliance with GDPR and Swedish Data Protection Act (Sw: Dataskyddslagen 2018:218).
5.3 Your Responsibilities: As Data Controller, you are responsible for:
Ensuring you have a lawful basis for processing personal data through our Service
Obtaining necessary consents from data subjects
Providing required privacy notices to data subjects
Responding to data subject rights requests (access, erasure, portability, etc.)
Ensuring uploaded documents do not contain excessive or irrelevant personal data
5.4 Sub-processors: We use the following sub-processors: OpenAI (for AI processing), Supabase (for data storage and infrastructure). A complete list is available in our Privacy Policy.
Intellectual Property Rights
6.1 Your Data: You retain all ownership rights to the documents, data, and content you upload to the Service ("Your Data"). You grant us a limited license to process Your Data solely to provide the Service.
6.2 Our Platform: The Service, including all software, algorithms, interfaces, and documentation, is protected by intellectual property laws. We retain all rights, title, and interest in the Service.
6.3 AI-Generated Content: AI-generated outputs (analyses, summaries, extracted data) are provided to you for your use, but you acknowledge that similar outputs may be generated for other users processing similar inputs.
6.4 Feedback: If you provide feedback or suggestions about the Service, we may use such feedback without obligation or compensation to you.
Confidentiality and Security
7.1 Confidential Information: All data processed through the Service is considered confidential. We implement appropriate technical and organizational measures to protect your data, including:
Encryption at rest and in transit (TLS 1.3)
Row-level security and access controls
Regular security audits and penetration testing
Employee confidentiality agreements
Incident response procedures
7.2 Data Breaches: In the event of a data breach affecting personal data, we will notify you within 72 hours as required by GDPR Article 33, providing details to help you fulfill your own notification obligations.
7.3 Insurance Sector Confidentiality: We recognize the sensitive nature of insurance data and comply with Swedish insurance secrecy laws (Sw: Försäkringssekretess).
Service Availability and Support
8.1 Service Level: We strive to maintain 99.5% uptime excluding scheduled maintenance. We do not guarantee uninterrupted access and are not liable for service disruptions beyond our control.
8.2 Maintenance: We may perform scheduled maintenance with advance notice. Emergency maintenance may be performed without notice.
8.3 Support: Support is provided via email at support@sensa.ai during Swedish business hours (Monday-Friday, 09:00-17:00 CET).
Fees and Payment
9.1 Pricing: Fees for the Service are as agreed in your subscription plan. All fees are in Swedish Kronor (SEK) unless otherwise specified.
9.2 VAT: All prices are exclusive of Swedish VAT (moms) at the applicable rate (currently 25%), which will be added to invoices for Swedish customers unless you provide a valid VAT number.
9.3 Payment Terms: Payment is due within 30 days of invoice date. Late payments may incur interest at the Swedish statutory rate (currently 8% above the Swedish reference rate).
9.4 Usage Limits: Your subscription includes usage limits (messages per day, processing jobs per hour). Excess usage may be subject to additional fees or rate limiting.
Term and Termination
10.1 Term: These Terms remain in effect as long as you use the Service.
10.2 Termination by You: You may terminate your account at any time through the Settings page or by contacting support@sensa.ai. Termination is effective at the end of your current billing period.
10.3 Termination by Us: We may suspend or terminate your access immediately if you violate these Terms, fail to pay fees, or if required by law.
10.4 Data Retention After Termination: Upon termination, your data will be retained for 30 days to allow for data export, after which it will be permanently deleted unless we are required by law to retain it (e.g., for tax or audit purposes).
10.5 Export Your Data: You may export your data at any time through the Settings page before termination.
Warranties and Disclaimers
11.1 AI Outputs: AI-generated content may contain errors, inaccuracies, or hallucinations. YOU ARE SOLELY RESPONSIBLE for validating all AI outputs before using them in decision-making. We do not warrant that AI outputs are accurate, complete, or suitable for any particular purpose.
11.2 No Professional Advice: The Service does not provide legal, financial, or professional insurance advice. It is a tool to assist professionals, not to replace them.
11.3 AS-IS Provision: THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT.
Limitation of Liability
TO THE MAXIMUM EXTENT PERMITTED BY SWEDISH LAW:
12.1 WE SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING LOSS OF PROFITS, DATA, OR GOODWILL, ARISING OUT OF YOUR USE OF THE SERVICE.
12.2 OUR TOTAL AGGREGATE LIABILITY FOR ALL CLAIMS ARISING OUT OF THESE TERMS SHALL NOT EXCEED THE AMOUNT YOU PAID US IN THE 12 MONTHS PRECEDING THE CLAIM.
12.3 NOTHING IN THESE TERMS LIMITS OUR LIABILITY FOR GROSS NEGLIGENCE, WILLFUL MISCONDUCT, FRAUD, DEATH OR PERSONAL INJURY, OR ANY OTHER LIABILITY THAT CANNOT BE EXCLUDED UNDER SWEDISH LAW.
12.4 Insurance Recommendations: We strongly recommend maintaining appropriate professional liability and cyber insurance coverage for your organization.
Indemnification
You agree to indemnify and hold harmless Sensa AI, its affiliates, and their respective officers, directors, employees, and agents from any claims, losses, damages, liabilities, and expenses (including reasonable attorneys' fees) arising out of:
Your use of the Service in violation of these Terms
Your violation of any applicable laws or regulations
Your violation of third-party rights, including intellectual property or privacy rights
Your processing of personal data without lawful basis
14. Governing Law and Dispute Resolution
14.1 Governing Law: These Terms are governed by the laws of Sweden, without regard to conflict of law principles.
14.2 Jurisdiction: Any disputes arising out of these Terms shall be subject to the exclusive jurisdiction of the Swedish courts, with the Stockholm District Court (Stockholms tingsrätt) as the court of first instance.
14.3 Mandatory Consumer Rights: If you are a consumer under Swedish law, nothing in these Terms affects your mandatory statutory rights under Swedish consumer protection law (Konsumentköplagen).
Changes to Terms
We may update these Terms from time to time. If we make material changes, we will notify you by email and/or through a notice on the Service at least 30 days before the changes take effect. Your continued use of the Service after changes become effective constitutes acceptance of the updated Terms.Miscellaneous
16.1 Entire Agreement: These Terms, together with the Privacy Policy and DPA, constitute the entire agreement between you and Sensa AI.
16.2 Severability: If any provision is found unenforceable, the remaining provisions remain in full effect.
16.3 No Waiver: Our failure to enforce any right does not waive that right.
16.4 Assignment: You may not assign these Terms without our prior written consent. We may assign these Terms without restriction.
16.5 Language: These Terms are provided in English. In case of conflict between translated versions, the English version prevails.
Contact Information
For questions about these Terms, please contact us at:
Email: support@getsensa.io