Sensa24I want SENSA on WhatsApp
Sensa24

Privacy Policy

We, GBM Sp. z o.o., Hallera 8, 55-011 Siechnice, Poland, are committed to protecting the privacy of users of the Sensa24 website, the Sensa24 application and/or other associated services (together, the "Sensa24 Services" or "Services").

For the purposes of this Privacy Policy, GBM Sp. z o.o. is the "data controller" for all Sensa24 Services.

This Privacy Policy describes the types of personal and non-personal data we collect and how we use it. The Privacy Policy forms part of our Terms of Use and applies to all Sensa24 Services. Please therefore read and understand our Privacy Policy and our Terms of Use.

This Privacy Policy does not apply to third-party websites, services or applications, even if they are accessible through the Sensa24 Services.

By using any of the Sensa24 Services, you represent and confirm that (i) you have read, understood and agree to this Privacy Policy, (ii) you are at least 16 years old (or you are a parent or legal guardian with authority to consent to this Policy on behalf of a person under 16). If you do not accept the terms of this Privacy Policy and the related consents, please do not use our Services.

Last updated: March 2026

1. What types and categories of data do we collect, process and use?

We collect, process and use both personal and non-personal data.

1.1 Personal and non-personal data

The term "personal data" is defined by data-protection law and the General Data Protection Regulation (GDPR). Personal data is any information that allows you to be identified or that can be associated with you.

By contrast, "non-personal data" cannot be associated with a specific individual. By removing identifiable parts and anonymising the data, personal data can be converted into "non-personal data".

1.2 Data we collect, process and use

We collect, process and use three types of data:

  • data you provide to us voluntarily,
  • data we receive when you use our Services, and
  • data we receive from third parties.

Typically we collect, process and use the following categories of data:

  • your full name and address;
  • your personal contact details (phone, email, fax, etc.);
  • your username and password;
  • your user-profile data;
  • your user preferences (for example, preferred language);
  • your IP address, operating system, browser type, browser version, browser configuration, internet provider name and other relevant information about your computer and internet connection, in order to identify the type of your device, connect it to the website, exchange data with your (mobile) device or ensure the proper functioning of the Sensa24 site and application;
  • the URL and IP address of the website from which you reach our site or from which you have been redirected, including date and time;
  • any pages of our site that you visit during the session and any links you click, including date and time;
  • the entire URL stream before, during and after the website, including date and time;
  • your service requests and orders;
  • your transaction history, including pending and completed transactions;
  • search terms you enter in connection with our Services or within them;
  • information about your orders and payments;
  • information collected through cookies or similar technologies;
  • your responses to surveys, reviews, ratings or other responses;
  • the content of all messages sent through the Sensa24 site or application, including information sent to social networks through the Sensa24 site/application or otherwise shared with us and/or other users, as well as chat messages and chat logs;
  • your newsletter subscriptions;
  • any consents you have given us;
  • any other information you enter or submit through the Sensa24 site or application (for example, information provided when filling in an online form);
  • data we receive when you sign in via social networks (for example, Facebook login).

2. How is the data collected?

We collect personal data only when you provide it to us on your own initiative by deciding to use our Services. To be able to use our Services, you must register your account.

2.1 Sign-up

You can create a Sensa24 user account through our sign-up flow. After registration you can use your user account to subscribe to all Sensa24 Services. To register, you must provide at least:

  • your full name,
  • your email address, and
  • password

Before completing registration, you must confirm that you have read our Privacy Policy and accept our Terms of Use.

2.2 Adding information to your user profile

The Sensa24 application also allows you to provide us with additional information. After registration, you can add more information to your profile (for example, a profile picture). In doing so, you again provide us with personal data. We also receive data (including personal data) from you when you communicate with us or with other users through the Sensa24 application. We also receive information about how you use the Sensa24 application. In these cases, you also provide us with personal data.

2.3 Permissions to access your device

To enable you to fully use the Sensa24 application, we will also need certain permissions to access your smartphone. For example, we need access to your camera or your photos if you want to upload or change a profile picture. We use push notifications to send reminders. When you wish to use one of these functions for the first time, we will ask you to grant the corresponding permissions. If you do not grant the necessary permissions, you may not be able to use the respective functions, or only to a limited extent.

3. How do we use the data?

We use your personal data for the following purposes:

  • to allow you to use our Services;
  • to give you access to your user account;
  • to contact you about matters related to your user account or use of the Services;
  • to respond to your inquiries and to fulfil your requests;
  • to inform you of changes to our Services;
  • to send you important information about our Services, such as changes to our terms and conditions;
  • to send you marketing and promotional information, where you have given consent;
  • to personalise your experience when using the Services;
  • to analyse and improve our Services;
  • to prevent fraud and abuse and to protect our rights and property as well as the rights and property of other users;
  • to comply with applicable law and regulations.

Marketing consent: By providing your email address, you consent to receive marketing and promotional materials from us about Sensa Assistant services. You can withdraw consent at any time using the unsubscribe link in any email or by contacting us at contact@sensa24.com.

We use non-personal data primarily to improve our Services and for statistical purposes.

4. Legal basis for processing

We process your personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable data-protection laws.

The legal basis for processing your personal data is:

  • your consent (Art. 6(1)(a) GDPR);
  • performance of a contract to which you are party or taking steps at your request before entering into a contract (Art. 6(1)(b) GDPR);
  • compliance with a legal obligation to which we are subject (Art. 6(1)(c) GDPR);
  • protection of your vital interests or those of another natural person (Art. 6(1)(d) GDPR);
  • performance of a task carried out in the public interest or in the exercise of official authority vested in us (Art. 6(1)(e) GDPR);
  • pursuit of our legitimate interests or those of a third party, except where your interests or fundamental rights and freedoms override them (Art. 6(1)(f) GDPR).

5. Sharing of data

We may share your personal data with the following categories of recipients:

  • our employees who need access to such data to perform their duties;
  • our service providers who process data on our behalf (for example, hosting providers, payment-service providers, analytics providers);
  • public authorities, where required by applicable law;
  • other third parties, where you have given consent.

List of main subprocessors:

  • Hosting providers (for example, Vercel, Inc.) — application data storage
  • Payment service providers (for example, Stripe, Inc.) — payment processing
  • Analytics providers (for example, Google Analytics) — traffic analysis
  • Communication providers (for example, WhatsApp) — messaging functionality
  • AI service providers:
    • OpenAI, Inc. — providing AI models for response generation and query analysis
    • Google LLC (Google AI) — providing AI models for natural-language processing
    • Anthropic PBC — providing AI models for content generation and contextual analysis
    • Cohere Inc. — providing AI models for text understanding and generation
    • Mistral AI — providing AI models for content processing and generation

We do not sell, rent or otherwise share your personal data with third parties for marketing purposes without your express consent.

6. International data transfers

Your personal data may be stored and processed in any country in which we have facilities or in which we engage service providers. By using our Services, you understand that your data may be transferred to countries outside your country of residence, including countries that may have data-protection rules different from those of your country.

Where we transfer your personal data outside the European Economic Area (EEA), we put appropriate safeguards in place, such as standard contractual clauses approved by the European Commission. In the case of data transfers to the United States, we cooperate with entities certified under the EU-US Privacy Shield programme or apply other appropriate legal safeguards.

Please note that some of our service providers (for example, Stripe, Google, OpenAI, Anthropic, Cohere, Mistral AI) are based in the United States or other countries outside the EEA, or may store data on servers located outside the EEA. In such cases, we always ensure that the transfer takes place in accordance with applicable data-protection rules.

7. Data retention

We keep your personal data only as long as necessary to fulfil the purposes for which it was collected, unless a longer period is required or permitted by law.

Specific retention periods:

  • User account data: for the duration of the active account and up to 24 months after its deletion (for the purpose of defending against claims)
  • Transaction data: for the period required by tax and accounting law (typically 5 years from the end of the calendar year)
  • Communication data: up to 12 months after the last interaction
  • Marketing data: until consent is withdrawn

After the retention period ends, your personal data will be deleted or anonymised.

8. Automated decision-making and profiling

In some cases we may apply automated decision-making, including profiling, in order to provide personalised services. This means that we may automatically analyse your data to predict your preferences or interests and adapt our Services to your needs.

As part of our Services, we use artificial intelligence (AI) models to process your queries and generate responses. These models may analyse the content of your messages, the context of the conversation and your interaction history to provide the most appropriate and personalised answers. Data forwarded to AI models is processed in accordance with the privacy policies of the relevant providers (OpenAI, Google, Anthropic, Cohere, Mistral AI).

You have the right not to be subject to a decision based solely on automated processing, including profiling, where such a decision produces legal effects on you or similarly significantly affects you. If you believe you are subject to such a decision, you can contact us to contest the decision and request human intervention.

9. Cookies and similar technologies

We use cookies and similar technologies to collect and store information when you visit our site or use our Services.

Cookies are small text files stored on your device when you visit a website. They are widely used to make websites work or to make them work more efficiently, as well as to provide information to website owners.

We use the following types of cookies:

  • Essential cookies: required for our site to function and which cannot be switched off in our systems. They are usually set only in response to actions you take that amount to a request for services, such as setting privacy preferences, signing in or filling in forms.
  • Analytics cookies: let us count visits and traffic sources so we can measure and improve site performance. They help us know which pages are the most and least popular and see how visitors move around the site.
  • Functional cookies: enable the site to provide enhanced functionality and personalisation. They may be set by us or by external providers whose services we have added to our pages.
  • Marketing cookies: may be set through our site by our advertising partners. They may be used by these companies to build a profile of your interests and show you relevant ads on other sites.

You can manage your cookie preferences through your browser settings. Most browsers let you control most cookies through settings. Please note, however, that if you block or delete cookies, you may not be able to use all the features of our site.

10. Data security

We have implemented appropriate technical and organisational measures to protect your personal data against accidental loss, unauthorised access, use, alteration or disclosure.

However, no method of transmission over the internet or electronic storage is 100% secure. Therefore, we cannot guarantee the absolute security of your data.

11. Your rights

Under the GDPR and other applicable data-protection laws, you have the following rights regarding your personal data:

  • Right of access: you have the right to obtain confirmation from us as to whether we process your personal data and to access that data.
  • Right to rectification: you have the right to request the rectification of inaccurate personal data and the completion of incomplete personal data.
  • Right to erasure: you have the right to request the deletion of your personal data in certain circumstances.
  • Right to restrict processing: you have the right to request the restriction of processing of your personal data in certain circumstances.
  • Right to data portability: you have the right to receive your personal data in a structured, commonly used and machine-readable format and the right to transmit that data to another controller.
  • Right to object: you have the right to object to the processing of your personal data in certain circumstances.
  • Right to withdraw consent: where the processing of your personal data is based on your consent, you have the right to withdraw that consent at any time.
  • Right to lodge a complaint: you have the right to lodge a complaint with the data-protection supervisory authority.

To exercise these rights, please contact us using the contact details below.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. If we make significant changes, we will inform you via our website or other appropriate communication channels.

We recommend that you review this Privacy Policy periodically to stay informed about our data-protection practices.

13. Contact

If you have questions or concerns about this Privacy Policy or about the processing of your personal data, please contact us:

GBM Sp. z o.o.
Hallera 8
55-011 Siechnice
Poland
Email: contact@sensa24.com

Contact details of the Data Protection Officer (DPO): contact@sensa24.com

You may also lodge a complaint with the President of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warsaw, Poland) if you consider that the processing of your personal data infringes the GDPR.