Privacy Policy

DataSapien Privacy Policy For Clients, Partners and Followers  

Last Updated: 21 June 2025 
Effective From: Upon use of any DataSapien services 
UK ICO Reference: C1447742 
Contact Email: support@datasapien.com 

1. Who We Are 

DataSapien Limited (“DataSapien”, “we”, “us”, or “our”) is a UK-based company building privacy-first software tools to enable personal data empowerment. Our technology allows organisations to embed private, on-device AI agents within their apps, enabling their users to control and benefit from their own data. 

We are registered with the UK Information Commissioner’s Office under reference C1447742

2. Scope of This Privacy Policy 

This Privacy Policy applies to personal data that we collect and process directly from our customers, partners, website visitors, and users of our platform. It does not apply to end-user data collected by our customers via applications powered by the DataSapien SDK. 

Zero-Shared Data and Client-Orchestrated Control 

By default, the DataSapien SDK stores and processes end-user data locally on the user’s device under our Zero-Shared Data model. This ensures that no end-user data is transmitted to DataSapien. This is an element of our Trust-By-Design Architecture.

Where an end-user explicitly consents to share their data, that data is shared directly with the client organisation (our customer) as Zero-Party Data, via a client-controlled API into their own systems. This data does not pass through or get stored by DataSapien

DataSapien provides the orchestration infrastructure for managing consent and API flows, but we do not receive, access, store, or process any personally identifiable end-user data in this context. 

3. Legal Basis for Processing 

We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the EU General Data Protection Regulation (EU GDPR). The legal bases for our processing activities include: 

  • Contractual necessity – to provide services to our clients 
  • Legitimate interests – such as platform monitoring and service improvement 
  • Legal obligations – for compliance with applicable laws 
  • Consent – where applicable (e.g., marketing communications) 

4. What We Collect 

We collect and process the following categories of data from our clients and platform users: 

Data Type Examples Purpose 
Account Data Name, email, billing details, login credentials Account creation, billing, support 
Usage Metadata Logs, API usage, license activations Service provisioning and analytics 
Device Telemetry SDK activation pings (non-identifiable by default) Billing and operational metrics 
Support Records Emails, chat logs Customer service and incident response 

We do not collect or process any personal data originating from end-users of our clients’ apps — unless separately agreed in writing under a different contractual arrangement (e.g., onboarding or analytics consulting). 

5. How We Use Your Data 

We use your data for the following purposes: 

  • Delivering access to the DataSapien platform and SDKs 
  • Authenticating and managing client accounts 
  • Providing technical and customer support 
  • Monitoring platform usage and SDK activity 
  • Sending product updates or service notices 
  • Meeting legal, regulatory, and security obligations 

We do not sell or rent any personal data. We do not profile or market using client or end-user data. 

6. Data Sharing and Subprocessors 

We may share limited personal data with trusted subprocessors who help us deliver core infrastructure services (e.g., hosting, support ticketing, payments). All subprocessors are: 

  • Bound by strict data protection terms 
  • Audited for GDPR compliance 
  • Listed in our Subprocessor Directory (available on request or via our website) 

You will be notified at least 30 days in advance of any material subprocessor changes. 

We do not share any end-user data — as we do not collect or store it. 

7. International Transfers 

If personal data is transferred outside the UK or EEA: 

  • Transfers will be governed by Standard Contractual Clauses (SCCs) approved by the European Commission or UK ICO 
  • Where necessary, supplementary safeguards such as encryption and access restrictions will apply 

8. Your Rights 

Under applicable data protection laws (UK GDPR and EU GDPR), you have rights which include: 

  • Accessing the data we hold about you 
  • Correcting or updating inaccurate data 
  • Requesting deletion of your data 
  • Restricting or objecting to certain types of processing 
  • Data portability, where applicable 
  • Withdrawing consent (where processing is based on consent) 
  • Lodging a complaint with a supervisory authority 

To exercise any of these rights, please email us at support@datasapien.com

9. Data Retention 

We retain personal data only as long as necessary for: 

  • Fulfilling contractual obligations 
  • Maintaining audit trails 
  • Complying with legal obligations 

Inactive client accounts and associated data may be deleted or anonymised after 12 months of inactivity, unless legally required to retain it longer. 

10. Security 

We apply industry-standard technical and organisational safeguards to protect your data, including: 

  • End-to-end encryption (in transit and at rest) 
  • Role-based access controls 
  • Secure software development practices 
  • Third-party penetration testing 
  • Alignment with ISO 27001 and SOC 2 Type II standards 

11. Changes to This Policy 

We may update this Privacy Policy from time to time. Material changes will be communicated via email or displayed prominently on our website at least 30 days in advance of taking effect

12. Contact Us 

For any questions, concerns, or data requests, please contact: 

Email: support@datasapien.com 
Postal Address
Data Protection Officer 
DataSapien Limited 
Monomark House 
27 Old Gloucester Street 
London WC1N 3AX, UK