Privacy policy

The data controller responsible for processing personal data under this policy is:

Legal entity

SentaView - Emil Zawadzki

Address

Türkenstr. 97, 80799 Munich, Germany

Represented by

Emil Zawadzki

Email

emil.zawadzki@sentaview.de

Data Protection Officer

Emil Zawadzki — reachable at emil.zawadzki@sentaview.de. You may contact the DPO directly for any question related to this policy or the processing of your data.

If you have any questions about how your data is handled, please write to the privacy or DPO email address above. We will acknowledge receipt promptly and respond within 30 days, as required by Art. 12 (3) GDPR.

We collect three broad categories of personal data, each with a different purpose and a different legal basis.

Marketing-site visitors

Server logs (IP address, user agent, timestamp, requested URL) retained for up to 14 days for security and abuse-prevention purposes. We do not use advertising trackers. If you submit the contact form, we store the name, email address and message you provide so we can reply.

Customer admins and users

When a customer signs up, we store work email addresses, names, role assignments and organisation metadata for the individuals who access the platform on behalf of the customer.

Employee pulse submissions

In the anonymous phase (Version A), submissions never carry an author ID — only the tenant ID, a department reference, a submission timestamp, and the free-text or rating content. In the identified phase (Version B), each submission carries a per-post visibility flag; when that flag is "identified", and only then, the submission carries the employee's user ID. The client cannot override this — the rule is enforced server-side in the database.

Under the General Data Protection Regulation (GDPR), we rely on the following legal bases:

• Performance of a contract (Art. 6(1)(b) GDPR) for processing that is necessary to provide the SentaView service to our customers.
• Legitimate interest (Art. 6(1)(f) GDPR) for securing our systems, preventing abuse, and improving the product. Where we rely on legitimate interest, we have balanced our interest against your rights and concluded that the processing is necessary and proportionate.
• Consent (Art. 6(1)(a) GDPR) where we ask for it explicitly — for example, when an employee switches a specific pulse submission to "identified" in Version B.
• Legal obligation (Art. 6(1)(c) GDPR) where we must retain data to comply with accounting, tax, or other statutory requirements.

• To operate the SentaView platform (authentication, tenancy, pulse delivery, aggregation, advisor routing).
• To let our customers administer their tenant, including inviting and managing users.
• To enable the anonymous follow-up channel between department heads and submission authors, without ever linking a submission to its author server-side.
• To keep the service secure and to prevent abuse (rate limiting, anomaly detection, fraud prevention).
• To improve the product based on aggregated, de-identified usage metrics.
• To respond to support requests and to the contact form on the marketing site.

SentaView uses a small number of sub-processors to operate the service. All of them are bound by a data-processing agreement and are listed below.

Google Cloud / Firebase

Primary infrastructure: authentication, database (Firestore), serverless functions, file storage. All customer data is stored in the europe-west3 (Frankfurt) region. Google Ireland Limited acts as our sub-processor.

Vercel

Hosting for the marketing site and the Next.js application layer. Edge traffic may pass through Vercel's European regions. Vercel acts as our sub-processor.

Email provider

[TRANSACTIONAL EMAIL PROVIDER, e.g. Postmark / SendGrid — EU region] for sending pulse notifications, magic-link sign-ins and account emails.

We do not sell personal data, and we do not share it with third parties for advertising purposes.

SentaView is an EU-first product. Customer data is stored in Frankfurt (europe-west3) and processed primarily within the European Economic Area. Where a sub-processor is US-headquartered (e.g. Google, Vercel), transfers are covered by the EU-US Data Privacy Framework and, where applicable, by the European Commission's Standard Contractual Clauses.

Marketing-site server logs

Up to 14 days, then deleted.

Contact-form messages

Up to 12 months after the last reply in the thread, unless a longer retention is required by law.

Customer account data

For as long as the customer maintains an active contract with SentaView, plus up to 30 days after termination to allow for data export. After that, data is deleted or anonymised unless a statutory retention rule applies.

Anonymous pulse submissions

Retained for as long as the customer's tenant exists. Since these submissions carry no author ID, they cannot be linked back to an individual.

Identified pulse submissions (Version B only)

Retained for as long as the author's account exists on the tenant. On account deletion, the author ID is removed and the submission becomes anonymous, unless the customer has configured a shorter retention window.

Under GDPR, you have the following rights regarding your personal data:

• The right to access the personal data we hold about you.
• The right to rectify inaccurate or incomplete personal data.
• The right to erase your personal data ("right to be forgotten"), subject to statutory retention requirements.
• The right to restrict processing in certain circumstances.
• The right to data portability — to receive your personal data in a structured, commonly used format.
• The right to object to processing that relies on legitimate interest.
• The right to withdraw consent at any time, where processing is based on consent.
• The right to lodge a complaint with a supervisory authority — typically the data-protection authority in your country of residence.

To exercise any of these rights, contact us at emil.zawadzki@sentaview.de. We will respond within 30 days of receiving a verified request, as required by Art. 12 (3) GDPR. Where the request is complex or we receive a high volume, this may be extended by a further two months — in which case we will tell you within the first 30 days.

Please note that employee pulse submissions in the anonymous phase cannot be attributed to an individual, which limits our ability to respond to access or deletion requests for them specifically — this is by design.

The SentaView marketing site (sentaview.com) does not use cookies or similar technologies. No data is written to your browser's cookie store, local storage, session storage or IndexedDB when you browse the marketing pages — verified on the current build. Because no cookies or similar technologies are used, no consent banner is required under §25 TDDDG / ePrivacy Directive.

The SentaView application (behind the sign-in) uses session cookies and authentication tokens that are strictly necessary to keep you signed in and to protect your session. These are exempt from consent requirements under the "strictly necessary" exception of §25 (2) TDDDG.

If we ever introduce analytics, A/B testing or any cookie or similar technology that is not strictly necessary, we will add a compliant consent banner with a genuine reject option before the first byte of such technology is loaded, and we will update this section accordingly.

SentaView applies technical and organisational measures appropriate to the sensitivity of the data we process. These include encryption in transit (TLS) and at rest, strict database access rules enforced server-side, audit logging of administrative actions, and minimum-group thresholds to prevent re-identification from aggregates.

We align our controls with the ISO/IEC 27001 framework and intend to pursue formal certification once our scale warrants it. A detailed description of the measures we apply — infrastructure, access controls, sub-processors, backups, incident response — lives on the separate Security page.

In the event of a personal-data breach that is likely to result in a risk to the rights and freedoms of affected individuals, we will notify the competent supervisory authority without undue delay and, where feasible, no later than 72 hours after becoming aware of it, in line with Art. 33 GDPR. Affected customers are notified as soon as the scope is established, and in parallel with — not after — authority notification.

SentaView is a workplace product and is not directed at individuals under 16. We do not knowingly collect personal data from children. If you believe that a child has provided us with personal data, please contact us at emil.zawadzki@sentaview.de and we will delete the data promptly.

We may update this policy from time to time — for example, when we add a new sub-processor or change how a product area works. When we make a material change, we will update the "Last updated" date at the top and, where appropriate, notify affected customers by email.