Sensra
Sign inStart free

Legal

Privacy Policy

Effective date: April 7, 2026

This policy explains the data-handling practices of the current Sensra implementation, including ingestion, incident processing, AI analysis, alerting, and tenant operations.

1. Scope

This Privacy Policy explains how Sensra collects, uses, stores, and discloses information when you use the Sensra SaaS platform, API, and related services.

It applies to account activity, workspace/project administration, and telemetry sent to the ingestion API.

2. Data We Collect

We collect information needed to run the service and support incident workflows.

  • Account and identity data (such as user identifier and email) through Clerk authentication.
  • Workspace and project configuration data (names, slugs, memberships, roles, limits, and API key metadata).
  • Ingestion data (events, messages, stack traces, metadata, route/service/environment fields, timestamps, and normalized/fingerprinted incident context).
  • Operational data (rate-limit/usage counters, alert queue status, retry/backoff state, and security logs).

3. How We Use Data

We use collected data to provide and secure the service, including authentication, multitenant access control, ingestion processing, incident grouping, AI analysis, alert delivery, quota enforcement, abuse prevention, and product reliability.

We may also use service telemetry to troubleshoot errors, monitor performance, and improve product quality.

4. AI Processing

Incident analysis features may process relevant incident/event context to generate summaries, suggested fixes, and confidence values.

AI analysis runs when incidents are new or materially changed according to service logic.

5. Security and Data Minimization

Sensra applies layered security controls in the application workflow.

  • API keys are hashed at rest and full key material is only revealed at creation time.
  • Payload redaction is applied to reduce exposure of common sensitive fields in ingested data.
  • Workspace/project authorization boundaries are enforced in dashboard and API flows.
  • Rate limiting and usage controls are used to protect the platform from abuse.

6. Data Retention

Event payload pruning is performed by background retention jobs based on configured retention settings.

In this codebase, retention is configurable (default 90 days), after which payload-heavy fields may be pruned while incident/accounting records needed for operations can remain.

We retain data as long as needed to provide the service, satisfy legal obligations, enforce agreements, and resolve disputes.

7. Service Providers and Disclosure

We share data with trusted processors only as needed to operate the platform.

  • Clerk for authentication and identity session management.
  • Postgres/Neon for relational data storage.
  • Upstash Redis for rate-limit and usage protection workflows.
  • Resend for incident alert email delivery.
  • OpenAI for AI-assisted incident analysis features.
  • Vercel for hosting, runtime execution, and scheduled jobs.

8. Your Choices and Rights

You can manage workspace members, rotate/revoke API keys, and configure project-level operational settings in the dashboard.

Subject to applicable law, you may request access, correction, deletion, or export of personal data associated with your account.

9. International Transfers

Your data may be processed in jurisdictions where our infrastructure or providers operate. We apply reasonable safeguards to protect data during these transfers.

10. Children

Sensra is intended for professional and organizational use and is not directed to children under 13 (or the equivalent minimum age in your jurisdiction).

11. Changes and Contact

We may update this Privacy Policy as the product evolves. Material updates will be posted with a revised effective date.

For privacy questions or requests, contact support@sensra.dev.