We believe the trust of our customers and partners is earned through three essential building blocks: privacy, security, and good intent.
This Trust Center provides you with information about our commitment to protect the data of our many stakeholders – our customers, their customers, regulators, employees, suppliers, business partners and most importantly the community we work in.
As well as being based on industry standards, these principles have been built up on the basis of operating principles developed since the businesses inception in 2007.
We implement multiple layers of protection for civilian data, including strict data minimization, de-identification, and secure hosting environments.
Our security measures include strict access controls, robust asset management, network security, and comprehensive operational protocols.
Our AI development follows strict ethical principles including compliance with regulations, clear responsibility, data protection, and fairness.
SenSen takes multiple approaches to protect our customer's data. At the first level, we only keep data that is essential to achieve the outcome required – for as short a time as possible – meaning we hold the smallest possible dataset for each solution.
SenSen performs de-identification on data. In the case of images, we remove objects from the scene that are not required, such as the faces or licence plates of surrounding people and vehicles. In the case of personally identifiable information, the data is only used for a specific purpose and workflow controls make it impossible be re-used for any other purpose.
SenSen's solutions are only deployed on industry-standard ISO27001 environments in the jurisdiction of the customer unless otherwise requested. This provides assurance that our customer's data is subject to overarching regulation associated with their jurisdiction. As an example of the controls available in these environments, SenSen configures its hosting providers to enforce indiscriminate technical blocks on all known bad actors.
Your privacy is incredibly important to us. At SenSen, we value, protect, and defend data privacy. We believe in transparency, so that people and organisations can control their data and have meaningful choices in how it's used. We empower and defend the data privacy choices of every person who uses our products and services.
We are committed to safeguarding individuals' privacy by implementing policies and practices that prioritise trust and transparency. With advanced encryption, SenSen helps protect your data both at rest and in transit. Industry-standard encryption protocols erect barriers against unauthorised access to the data, including two or more independent encryption layers to safeguard against compromises of any one layer.
SenSen employs a wide range of industry-standard encryption capabilities, giving you the flexibility to choose the solution that's best for your business.
SenSen uses and enables the use of industry-standard encrypted transport protocols, such as Transport Layer Security (TLS) and Internet Protocol Security (IPsec).
All SenSen-managed APIs are secured using industry-standard techniques such as OAuth to help you control access to your data.
| Privacy Concerns | Compliance |
|---|---|
|
Personal Identifiable Information (PII): Risk of capturing individuals or identifiable details inadvertently. |
SenSen anonymizes data to ensure individuals can't be identified in images or videos. How: Blurring faces and license plates in images. |
|
Data Minimization: Collecting only the necessary data to achieve project objectives, avoiding excessive data collection. |
Only the necessary data is collected to achieve project objectives. How: Only data relevant to violations or detected objects is kept, all other data will be deleted. |
|
Retention and Deletion Policies: Establishing clear policies for how long data is retained and ensuring timely deletion of unnecessary data. |
Data is only kept for as long as necessary and then securely deleted. How: Automatically delete data after transmission to the city, unless required for ongoing investigations. |
|
Unauthorized Access: Protecting data from being accessed by unauthorized personnel. |
We implement strong access controls and encryption to protect data from unauthorized access. How: Role-based access control (RBAC) and AES-256 encryption for data at rest and in transit. |
|
Data Usage for AI Training: Concern over data being used to train AI systems, potentially leading to misuse or unintended consequences. |
SenSen ensures that no data collected from this system is used for AI training purposes. |
|
Standard Regulations: Ensuring adherence to all relevant local, state, and federal regulations to protect privacy. |
SenSen complies with all relevant local, state, and federal regulations to protect privacy. How: Compliance with GDPR, CCPA and other relevant US privacy laws. |
The security of data is critical to the success of our business and we know that it is important for our customers. So you can be assured we take security extremely seriously.
We make security a priority in our business practices and throughout the development process, maintaining effective controls over the security, availability, confidentiality and processing integrity of the platform. This creates a highly secure platform that allows our customers and partners to access information in a safe and secure way.
Establish an Access Control Policy for every application or system that describes how to manage risks from user account management, access enforcement and monitoring, separation of duties, and remote access.
Assign access rights based on a business need-to-know basis. Privileged access should be assigned carefully and with the least amount of privilege required. Revoke rights when there is no longer a business need for the employee or contractor to have the access.
Use secure logon procedures to control access to applications and systems, including multi-factor authentication.
Register and inventory assets. Establish an acceptable use policy for each asset or group of assets.
Assign the appropriate classification and controls to information, data and assets categories. Apply appropriate access controls to restrict access on a business need-to-know basis.
Design and operate networks with the following objectives:
Maintain operating procedures and make these available to relevant users. Operating procedures may include:
SenSen has a dedicated team is responsible for leading enterprise-wide information security strategy, policy, standards, architecture, and processes. The team works across all of the organisations within the Company to protect SenSen, its brand and its customers against cybersecurity risks.
Place infrastructure assets in controlled access areas, with the exception of those intended for public use. Apply risk-based access controls, which may include locking or guarding areas to:
SenSen has established security and use standards for SenSen personnel and their workstations and mobile devices used to conduct SenSen business or that connect to the SenSen internal network. The focus of these standards is to protect data and information technology assets from loss, modification, or destruction. SenSen’s internal policies summarise the most critical steps employees must take to protect workstations and mobile devices. Further, the standards outline employee responsibilities for protecting SenSen Confidential information and provide security and appropriate use requirements.
SenSen employees are provided with specific guidance intended to maintain the physical security of their workstations, mobile devices and work areas, and maintain security while traveling.
Access management is required to protect information and systems at both individual and role-based levels. Passwords are expected to be changed regularly and comply with password complexity standards.
SenSen employees receive guidance and education regarding the safe use of information technology assets. Further, SenSen has implemented annual mandatory IT security education to help employees understand security risk and comply with IT policies. Employees also receive education on SenSen’s Business Conduct Guidelines that requires SenSen employees to conduct business observing high ethical standards and in accordance with data security and confidentiality policies. Employees are expected to report illegal or unethical behaviour.
Evaluate suppliers based on their ability to meet business and security requirements. The supplier must demonstrate security and privacy practices, for example, through certifications or third-party attestations.
Use encryption based on risk criteria, such as information sensitivity or classification:
| Security Measures | Our Implementations |
|---|---|
|
Identity & Access Management |
|
|
Network Security |
|
|
Application Security |
|
|
Data Security |
|
|
Detection |
|
|
Incident Response Plan |
|
While we are optimistic about the potential of AI, we must uphold an unwavering commitment to developing these powerful technologies responsibly and ethically. The transformative potential of AI goes hand-in-hand with intricate challenges that demand nuanced consideration and proactive governance.
These AI Principles describe our commitment to developing technology responsibly and outline a principled framework to steer our organisational pursuit and global deployment of AI solutions.
Our AI systems and processes will be architected from the ground up to comply with all relevant national and international laws, policies, and human rights standards, including the EU's AI Act, GDPR, and other relevant guidelines.
Accountability is a cornerstone of our approach to AI development. We establish clear lines of responsibility for the deployment and operation of our AI systems. This commitment to clear responsibility ensures that there is always someone accountable for the AI systems' actions and decisions.
The privacy and security of citizen data are paramount. Our AI technologies are built with robust privacy measures to safeguard personal information. We prioritise data sovereignty, ensuring that all data handling complies with governmental regulations. By protecting your data, we help maintain trust and confidence in our AI systems and the services they support.
We believe in creating AI solutions that promote fairness and inclusivity. Our systems are designed to serve all citizens equally, without bias or discrimination. By focusing on equitable access, we aim to enhance public services, ensuring that everyone benefits from the advancements in AI technology. This commitment to fairness helps build a more just and inclusive society.
Safety and reliability are non-negotiable in our AI solutions. We implement stringent safety protocols to ensure that our AI systems operate securely and effectively, especially in critical government applications. By prioritising safety and reliability, we ensure that our technologies can be trusted to perform consistently and without failure, supporting the crucial functions they are designed for.
Collaboration is key to the success of AI in government. We create interoperable AI systems that facilitate seamless cooperation between different government agencies and international partners. By fostering a collaborative ecosystem, we enable more efficient and effective solutions to complex challenges, promoting global cohesion and better outcomes for all.
Education and public engagement are essential to the responsible deployment of AI. We promote AI literacy among government employees and the general public, ensuring that everyone is informed about the benefits and risks of AI technologies. Through continuous education and transparent communication, knowledgeable & engaged community can make informed decisions about AI.
In addition to the above objectives, we will not design or deploy AI in the following application areas:
As our experience in this space deepens, this list may evolve.
We maintain rigorous standards of compliance with industry regulations and certifications to ensure the highest levels of security and privacy.
Certified for information security management systems (ISMS), ensuring systematic approach to managing sensitive information.
Our services and operations comply with the European Union's General Data Protection Regulation for enhanced privacy protections.
Verified compliance with SOC 2 security, availability, and confidentiality principles, ensuring trust in our operations.
Find answers to common questions about our privacy, security, and compliance practices.
sensen.ai takes multiple measures to protect PII, including:
sensen.ai uses industry-standard encryption protocols to secure data in transit. This includes AES-256 encryption, secure TLS connections, and VPN tunneling for all data transmissions. Additionally, we implement secure API endpoints with authentication and authorization checks to ensure only authorized systems can send or receive data.
sensen.ai retains data only for as long as necessary to fulfill the specified purpose. For most use cases, once data is transmitted to city systems, it is automatically deleted from our platform unless required for specific compliance or ongoing investigation purposes. Our standard data retention period is configurable based on customer requirements and local regulations, typically ranging from 30 to 90 days for non-violation data.
Yes, sensen.ai is compliant with major international data protection regulations including GDPR (European Union), CCPA (California), PIPEDA (Canada), and other regional data protection laws. We regularly review and update our practices to ensure ongoing compliance with evolving regulatory requirements in all the jurisdictions where we operate.
sensen.ai has a comprehensive Incident Response Plan that includes:
No, sensen.ai does not use customer data collected from operational systems for AI training purposes without explicit consent. Our Live Awareness Platform is pre-trained on dedicated training datasets that are separate from customer operational data. This ensures that sensitive information from cities and municipalities is never used to train our AI systems unless specifically agreed upon with clear terms and conditions.
Our team is available to answer any questions about our security, privacy practices, or compliance certifications.
