Back to About

Trust Center

We believe the trust of our customers and partners is earned through three essential building blocks: privacy, security, and good intent.

This Trust Center provides you with information about our commitment to protect the data of our many stakeholders – our customers, their customers, regulators, employees, suppliers, business partners and most importantly the community we work in.

As well as being based on industry standards, these principles have been built up on the basis of operating principles developed since the businesses inception in 2007.

Data Protection

We implement multiple layers of protection for civilian data, including strict data minimization, de-identification, and secure hosting environments.

Security Commitment

Our security measures include strict access controls, robust asset management, network security, and comprehensive operational protocols.

AI Ethics

Our AI development follows strict ethical principles including compliance with regulations, clear responsibility, data protection, and fairness.

How is civilian data protected?

1

Data Minimization

SenSen takes multiple approaches to protect our customer's data. At the first level, we only keep data that is essential to achieve the outcome required – for as short a time as possible – meaning we hold the smallest possible dataset for each solution.

2

De-identification

SenSen performs de-identification on data. In the case of images, we remove objects from the scene that are not required, such as the faces or licence plates of surrounding people and vehicles. In the case of personally identifiable information, the data is only used for a specific purpose and workflow controls make it impossible be re-used for any other purpose.

3

Secure Hosting Environment

SenSen's solutions are only deployed on industry-standard ISO27001 environments in the jurisdiction of the customer unless otherwise requested. This provides assurance that our customer's data is subject to overarching regulation associated with their jurisdiction. As an example of the controls available in these environments, SenSen configures its hosting providers to enforce indiscriminate technical blocks on all known bad actors.

Privacy

Your privacy is incredibly important to us. At SenSen, we value, protect, and defend data privacy. We believe in transparency, so that people and organisations can control their data and have meaningful choices in how it's used. We empower and defend the data privacy choices of every person who uses our products and services.

How we respect your privacy

We are committed to safeguarding individuals' privacy by implementing policies and practices that prioritise trust and transparency. With advanced encryption, SenSen helps protect your data both at rest and in transit. Industry-standard encryption protocols erect barriers against unauthorised access to the data, including two or more independent encryption layers to safeguard against compromises of any one layer.

Data at rest

SenSen employs a wide range of industry-standard encryption capabilities, giving you the flexibility to choose the solution that's best for your business.

Data in transit

SenSen uses and enables the use of industry-standard encrypted transport protocols, such as Transport Layer Security (TLS) and Internet Protocol Security (IPsec).

APIs

All SenSen-managed APIs are secured using industry-standard techniques such as OAuth to help you control access to your data.

Privacy Concerns & Data Retention - SenSen's Compliance

Privacy Concerns Compliance

Personal Identifiable Information (PII):

Risk of capturing individuals or identifiable details inadvertently.

SenSen anonymizes data to ensure individuals can't be identified in images or videos.

How: Blurring faces and license plates in images.

Data Minimization:

Collecting only the necessary data to achieve project objectives, avoiding excessive data collection.

Only the necessary data is collected to achieve project objectives.

How: Only data relevant to violations or detected objects is kept, all other data will be deleted.

Retention and Deletion Policies:

Establishing clear policies for how long data is retained and ensuring timely deletion of unnecessary data.

Data is only kept for as long as necessary and then securely deleted.

How: Automatically delete data after transmission to the city, unless required for ongoing investigations.

Unauthorized Access:

Protecting data from being accessed by unauthorized personnel.

We implement strong access controls and encryption to protect data from unauthorized access.

How: Role-based access control (RBAC) and AES-256 encryption for data at rest and in transit.

Data Usage for AI Training:

Concern over data being used to train AI systems, potentially leading to misuse or unintended consequences.

SenSen ensures that no data collected from this system is used for AI training purposes.

Standard Regulations:

Ensuring adherence to all relevant local, state, and federal regulations to protect privacy.

SenSen complies with all relevant local, state, and federal regulations to protect privacy.

How: Compliance with GDPR, CCPA and other relevant US privacy laws.

Security

The security of data is critical to the success of our business and we know that it is important for our customers. So you can be assured we take security extremely seriously.

We make security a priority in our business practices and throughout the development process, maintaining effective controls over the security, availability, confidentiality and processing integrity of the platform. This creates a highly secure platform that allows our customers and partners to access information in a safe and secure way.

Access Control

Access Control Policy

Establish an Access Control Policy for every application or system that describes how to manage risks from user account management, access enforcement and monitoring, separation of duties, and remote access.

User Access Management

Assign access rights based on a business need-to-know basis. Privileged access should be assigned carefully and with the least amount of privilege required. Revoke rights when there is no longer a business need for the employee or contractor to have the access.

Application and System Access Control

Use secure logon procedures to control access to applications and systems, including multi-factor authentication.

Asset Management

Register and inventory assets. Establish an acceptable use policy for each asset or group of assets.

Data and Asset Classification and Protection

Assign the appropriate classification and controls to information, data and assets categories. Apply appropriate access controls to restrict access on a business need-to-know basis.

Network Security

Design and operate networks with the following objectives:

  • To limit access to SenSen networks to authorise parties
  • To be resilient when confronted with external threats such as intrusion and disruption

Operations Security

Maintain operating procedures and make these available to relevant users. Operating procedures may include:

  • Installation and configuration of applications and systems
  • Startup and close-down procedures
  • Authentication and authorisation management
  • Maintenance and backup procedures
  • Information handling procedures, both automated and manual activities
  • Problem determination and handling
  • Logging and monitoring
  • Communication with support and escalation contacts
  • Security incident handling
  • Security testing
  • Vulnerability and patch management

Organisation and Governance

SenSen has a dedicated team is responsible for leading enterprise-wide information security strategy, policy, standards, architecture, and processes. The team works across all of the organisations within the Company to protect SenSen, its brand and its customers against cybersecurity risks.

Physical and Environmental Security

Place infrastructure assets in controlled access areas, with the exception of those intended for public use. Apply risk-based access controls, which may include locking or guarding areas to:

  • Allow access only to authorised individuals
  • Maintain physical security during power outages
  • Maintain access logging

Security and Use Standards for SenSen Personnel

Security and Use Standards for SenSen Personnel

SenSen has established security and use standards for SenSen personnel and their workstations and mobile devices used to conduct SenSen business or that connect to the SenSen internal network. The focus of these standards is to protect data and information technology assets from loss, modification, or destruction. SenSen’s internal policies summarise the most critical steps employees must take to protect workstations and mobile devices. Further, the standards outline employee responsibilities for protecting SenSen Confidential information and provide security and appropriate use requirements.

Physical Security

SenSen employees are provided with specific guidance intended to maintain the physical security of their workstations, mobile devices and work areas, and maintain security while traveling.

Logical Security

Access management is required to protect information and systems at both individual and role-based levels. Passwords are expected to be changed regularly and comply with password complexity standards.

Safe Use and Education

SenSen employees receive guidance and education regarding the safe use of information technology assets. Further, SenSen has implemented annual mandatory IT security education to help employees understand security risk and comply with IT policies. Employees also receive education on SenSen’s Business Conduct Guidelines that requires SenSen employees to conduct business observing high ethical standards and in accordance with data security and confidentiality policies. Employees are expected to report illegal or unethical behaviour.

Supplier Management

Evaluate suppliers based on their ability to meet business and security requirements. The supplier must demonstrate security and privacy practices, for example, through certifications or third-party attestations.

Use of Encryption

Use encryption based on risk criteria, such as information sensitivity or classification:

  • To protect data in transit on public and private networks, and
  • How data is stored in applications or systems to mitigate threats

Cybersecurity Measures - SenSen's Implementations

Security Measures Our Implementations

Identity & Access Management

  • Role-Based Access Control (RBAC): Access is restricted based on user roles and principle of least privilege.
  • SSO Integration & Multi-factor Authentication (MFA)

Network Security

  • Minimal Attack Surface: both inbound and outbound traffic
  • Zero Trust Network Access: VPNs and Cloudflare Tunnel

Application Security

  • Code Reviews and Penetration Testing: Regularly performed to identify and mitigate vulnerabilities.
  • Secure Development Practices: OWASP Standards.

Data Security

  • Data Encryption: AES-256 encryption for data in transit.
  • Data Masking and Anonymization: Sensitive data is masked or anonymized.

Detection

  • Logging & Monitoring (Grafana).
  • Endpoint Detection & Response (SentinelOne) for real-time threat detection & Rapid 7 Insight IDR for network analysis.

Incident Response Plan

  • Regular Backup: Data is backed up frequently and stored securely.
  • Clear protocols for responding to security incidents.

AI Principles

While we are optimistic about the potential of AI, we must uphold an unwavering commitment to developing these powerful technologies responsibly and ethically. The transformative potential of AI goes hand-in-hand with intricate challenges that demand nuanced consideration and proactive governance.

These AI Principles describe our commitment to developing technology responsibly and outline a principled framework to steer our organisational pursuit and global deployment of AI solutions.

Fundamental Principles

1

Follow the rules

Our AI systems and processes will be architected from the ground up to comply with all relevant national and international laws, policies, and human rights standards, including the EU's AI Act, GDPR, and other relevant guidelines.

2

Clear responsibility

Accountability is a cornerstone of our approach to AI development. We establish clear lines of responsibility for the deployment and operation of our AI systems. This commitment to clear responsibility ensures that there is always someone accountable for the AI systems' actions and decisions.

3

Protect your data

The privacy and security of citizen data are paramount. Our AI technologies are built with robust privacy measures to safeguard personal information. We prioritise data sovereignty, ensuring that all data handling complies with governmental regulations. By protecting your data, we help maintain trust and confidence in our AI systems and the services they support.

4

Fair for everyone

We believe in creating AI solutions that promote fairness and inclusivity. Our systems are designed to serve all citizens equally, without bias or discrimination. By focusing on equitable access, we aim to enhance public services, ensuring that everyone benefits from the advancements in AI technology. This commitment to fairness helps build a more just and inclusive society.

5

Safe and reliable

Safety and reliability are non-negotiable in our AI solutions. We implement stringent safety protocols to ensure that our AI systems operate securely and effectively, especially in critical government applications. By prioritising safety and reliability, we ensure that our technologies can be trusted to perform consistently and without failure, supporting the crucial functions they are designed for.

6

Work together

Collaboration is key to the success of AI in government. We create interoperable AI systems that facilitate seamless cooperation between different government agencies and international partners. By fostering a collaborative ecosystem, we enable more efficient and effective solutions to complex challenges, promoting global cohesion and better outcomes for all.

7

Teach and inform

Education and public engagement are essential to the responsible deployment of AI. We promote AI literacy among government employees and the general public, ensuring that everyone is informed about the benefits and risks of AI technologies. Through continuous education and transparent communication, knowledgeable & engaged community can make informed decisions about AI.

AI applications we will not pursue

In addition to the above objectives, we will not design or deploy AI in the following application areas:

  • Technologies that cause or are likely to cause overall harm. Where there is a material risk of harm, we will proceed only where we believe that the benefits substantially outweigh the risks and will incorporate appropriate safety constraints.
  • Weapons or other technologies whose principal purpose or implementation is to cause or directly facilitate injury to people.
  • Technologies that gather or use information for surveillance violate internationally accepted norms.
  • Technologies whose purpose contravenes widely accepted principles of international law and human rights.

As our experience in this space deepens, this list may evolve.

Compliance

Certifications & Compliance

We maintain rigorous standards of compliance with industry regulations and certifications to ensure the highest levels of security and privacy.

ISO 27001

Certified for information security management systems (ISMS), ensuring systematic approach to managing sensitive information.

GDPR Compliant

Our services and operations comply with the European Union's General Data Protection Regulation for enhanced privacy protections.

SOC 2 Type II

Verified compliance with SOC 2 security, availability, and confidentiality principles, ensuring trust in our operations.

FAQ

Frequently Asked Questions

Find answers to common questions about our privacy, security, and compliance practices.

sensen.ai takes multiple measures to protect PII, including:

  • Automatic blurring of faces in video feeds
  • License plate masking in stored images
  • Data minimization – only collecting necessary information
  • Strict data retention policies with automatic deletion
  • Role-based access controls to limit data access

 

sensen.ai uses industry-standard encryption protocols to secure data in transit. This includes AES-256 encryption, secure TLS connections, and VPN tunneling for all data transmissions. Additionally, we implement secure API endpoints with authentication and authorization checks to ensure only authorized systems can send or receive data.

sensen.ai retains data only for as long as necessary to fulfill the specified purpose. For most use cases, once data is transmitted to city systems, it is automatically deleted from our platform unless required for specific compliance or ongoing investigation purposes. Our standard data retention period is configurable based on customer requirements and local regulations, typically ranging from 30 to 90 days for non-violation data.

Yes, sensen.ai is compliant with major international data protection regulations including GDPR (European Union), CCPA (California), PIPEDA (Canada), and other regional data protection laws. We regularly review and update our practices to ensure ongoing compliance with evolving regulatory requirements in all the jurisdictions where we operate.

sensen.ai has a comprehensive Incident Response Plan that includes:

  • 24/7 monitoring systems to detect potential security breaches
  • A dedicated security team for rapid response
  • Clear escalation procedures
  • Notification protocols in line with regulatory requirements
  • Regular security incident simulations and training
  • Post-incident analysis to strengthen systems and prevent future occurrences

 

No, sensen.ai does not use customer data collected from operational systems for AI training purposes without explicit consent. Our Live Awareness Platform is pre-trained on dedicated training datasets that are separate from customer operational data. This ensures that sensitive information from cities and municipalities is never used to train our AI systems unless specifically agreed upon with clear terms and conditions.

Join Our Team

Need More Information?

Our team is available to answer any questions about our security, privacy practices, or compliance certifications.