On this page

1. Who we are
2. Scope of this policy
3. Our roles under data protection law
4. Information we collect
4.1 Account information (when you sign up)
4.2 Survey content (created by you)
4.3 Survey responses (collected from respondents)
4.4 Usage and technical data
4.5 Communications
4.6 Cookies and analytics on this domain
5. Legal bases for processing (GDPR Article 6)
6. How we use your information
6.5 Survey respondents and Data Controller responsibility
6.6 We do not
7. AI processing and your data
7.1 Cloud default
7.2 Residency-heavy configurations
7.3 Private deployment
7.4 MCP connectors (Claude, ChatGPT, and other AI assistants)
8. Subprocessors
9. International data transfers
10. Data retention (representative)
11. Security measures (summary)
12. Your rights — GDPR • PDPL • analogous laws
13. Children's privacy
14. Automated decision-making scope
15. Updates to this policy
16. Regional notices
17. Contact us
18. Glossary

Privacy Policy

Last updated: 19 May 2026

Effective date: 17 May 2026

Version: 2.0

1. Who we are

Sentink ("Sentink", "we", "us", "our") is an AI-powered survey and feedback platform operated by Sentink FZ-LLC, a company licensed in Dubai, United Arab Emirates, with engineering operations in Berlin, Germany.

Data Controller:

Sentink FZ-LLC

United Arab Emirates (full postal address available on reasonable request via [email protected])

Contact for privacy matters:

[email protected]

Data Protection Officer (DPO):

[email protected]

2. Scope of this policy

This policy applies to:

Visitors to sentink.com and subdomains
Users of our Cloud platform at app.sentink.com
Customers using Sentink Private (dedicated instances)
Respondents to surveys hosted on Sentink when we act as processor on behalf of the survey controller
Anyone contacting us via support, sales, or other channels

This policy does not apply to:

Third-party websites linked from our platform
Surveys hosted on customer-controlled Private deployments where the customer is the controller and configures all processing independently (see your agreement)

3. Our roles under data protection law

Context	Our role	Customer's role
Marketing site, account data	Data Controller	—
Survey responses on Sentink Cloud	Data Processor	Data Controller
Survey responses on Sentink Private deployments	Software provider — precise legal role follows your deployment agreement	Typically Data Controller (your organisation configures processing)
Support communications addressed to Sentink about our products	Data Controller	—

4. Information we collect

Full name and email address
Company name and role
Phone number (optional)
Country / region
Credential secrets (stored with strong hashing; we do not keep reusable plaintext passwords on our servers)
Billing address and tax identifiers where provided
Payment data handled by Stripe — card numbers stay with Stripe under PCI scope

4.2 Survey content (created by you)

Questions, quotas, branching, branding assets, uploads you attach, prompts that drive AI-assisted drafting when that feature is on.

4.3 Survey responses (collected from respondents)

Answer payloads you design to collect.

Optional respondent identifiers such as email or name when your flows solicit them.

Optional geolocation segments when explicitly enabled alongside suitable consent wording on your side.

Optional voice artefacts when expressly enabled alongside consent tooling you administer.

Operational metadata commonly includes timestamps; IP-derived signals (short retention then truncation / anonymisation where technically feasible — see retention table); completion timing; coarse device fingerprints.

4.4 Usage and technical data

Marketing page hits; authenticated product navigation breadcrumbs that help reliability; aggregated performance timelines; referrer parameters when present.

4.5 Communications

Support tickets and related email; optional chat transcripts surfaced through tooling you integrate; lawful records of commercial discussions.

4.6 Cookies and analytics on this domain

Marketing analytics such as Google Analytics loads only after you consent in our cookie banner. Read the Cookie Policy for categories, durations, and controls.

Activity	Legal basis
Delivering SaaS for paying customers	Contract (Art. 6(1)(b))
Account creation / authentication artefacts core to tenancy	Contract
Invoicing, tax archiving, AML counterparty checks regulators expect	Legal obligation (Art. 6(1)(c))
Fraud defence, intrusion detection proportionate logs	Legitimate interests (Art. 6(1)(f))
Product telemetry in pseudonymous summary form	Legitimate interests, balanced via minimisation
Optional marketing newsletters to strangers	Consent
Processor activities for customer survey programmes	Instructions under DPA

Withdraw consent anytime via unsubscribe links where provided or [email protected].

6. How we use your information

Operate multi-tenant cloud services; fulfil Private licensing support duties you purchase; analyse reliability; answer tickets; fulfil statutory bookkeeping; escalate security incidents responsibly.

6.5 Survey respondents and Data Controller responsibility

When you collect responses via Sentink surveys, you act as the Data Controller for all respondent data. Sentink acts solely as a Data Processor — we process respondent data only as instructed by you and only to provide the service.

You are responsible for:

Obtaining any required consent from survey respondents
Ensuring your surveys comply with applicable data protection laws
Notifying respondents of how their data will be used

This applies in all jurisdictions, including Saudi Arabia's Personal Data Protection Law (PDPL) and the UAE Personal Data Protection Law.

6.6 We do not

Sell personal data brokerage-style.

Train unrestricted public foundational models using your confidential survey stores unless an enterprise side letter explicitly permits limited scientific evaluation with pseudonymisation.

7. AI processing and your data

7.1 Cloud default

Hosted inference pathways may traverse Anthropic, OpenAI, Google (Gemini) via Google’s AI/cloud services where enabled, and Sentink-operated routers / small models pinned to audited regions depending on SKU. Agreements contain contractual limits on unauthorised training reuse proportional to supplier posture.

7.2 Residency-heavy configurations

Higher tiers optionally constrain routing to EU-aligned regions with SCC / IDTA documentation.

7.3 Private deployment

Inference executes within your infra; Sentink ordinarily cannot read payloads beyond support windows you formally open.

7.4 MCP connectors (Claude, ChatGPT, and other AI assistants)

When you connect Sentink to an AI assistant via our Model Context Protocol (MCP) server at mcp.sentink.com:

Authentication: You sign in with your Sentink account through OAuth 2.0 (authorization code + PKCE). We do not accept machine-only client-credentials for MCP connectors.
Data accessed: The connector can read workspaces, surveys, aggregated analytics, sanitized open-text samples, and distribution links for surveys you can already access in Sentink. It can create draft surveys and publish them only after you explicitly approve.
Data storage: MCP responses are processed in transit; we do not store full MCP tool outputs as a separate product database. OAuth tokens and session metadata are stored only as needed to operate the connector.
Third parties: Your chosen AI assistant (e.g. Anthropic Claude) receives tool results you trigger through that assistant. Their privacy terms apply to how they handle those outputs.
Retention: MCP session data follows our standard operational retention (see Section 10). Downloadable report files generated via MCP expire within 24 hours unless configured otherwise.
Contact: [email protected] for MCP-related privacy questions. Documentation: Sentink MCP for AI assistants.

8. Subprocessors

Detailed table & notice workflow: Subprocessors plus thirty-day advance announcement emails to materially affected workspaces before onboarding new respondent-data subprocessors absent emergency security remediation.

9. International data transfers

SCC bundles, supplementary technical measures after Schrems II, UAE PDPL cross-border interplay, adequacy pathways when Commission decisions exist — documented in Annex II of executed enterprise agreements upon request.

10. Data retention (representative)

Dataset	Guidance
Directory users	Licence lifetime + ninety-day orderly shutdown buffer
Survey definitions	Workspace lifetime unless you delete sooner
Response rows	Per survey / workspace TTL you configure unless law demands longer freezes
Finance evidence	Frequently up to ten years where VAT / audit doctrines overlap
Short-lived IP-bearing HTTP logs	~30 rolling days unless narrow security exceptions extend narrowly
Offline marketing enrichment	Deleted on objection + stale-record sweeps (~24 months heuristic)

11. Security measures (summary)

TLS 1.3 on edge; AES-256 class disk encryption tiers; MFA for privileged staff; patching cadences; tabletop incident rehearsals; Responsible disclosure channel [email protected].

Processors notify supervising customers without undue delay when an incident materially risks their respondent sets (GDPR Art.33/34-style interplay coordinated with Exhibit C wording in DPAs).

Access, rectify, erase (subject to exemptions), restrict, port, object where bases allow, escalate to supervisory authorities.

Contact [email protected] with identifiable workspace cues; we endeavour to answer within thirty days absent exceptional complexity authorised to ninety.

UAE Data Office informational portal referenced in supervisory directories.

California residents exercise CPRA-style pathways through the same channel — we reaffirm absence of monetised selling.

EU Art. 27 representative appointment is progressing; nominate [email protected] meanwhile for orderly supervisory routing notes.

13. Children's privacy

Directed at professionals 16+. If you intentionally survey minors under local law, parental / guardian consent choreography is ordinarily your regulatory burden.

Notify us promptly if a child circumvented onboarding — we deactivate once verified.

14. Automated decision-making scope

Absent dedicated enterprise modules flagged separately, Sentink avoids solely automated adjudications with legal equivalently significant GDPR Art.22 effects—AI drafts assist staff who retain veto.

15. Updates to this policy

Material changes surfaced via banners on sentink.com, email to organisational billing contacts when reachable, and describing roughly 30 calendar days advance notice wherever feasible unless law or confidentiality obligations require shorter notice windows.

Historical versions may be reproduced on diligent written requests to [email protected] pending launch of an automated archive surface.

16. Regional notices

UAE PDPL (Federal Decree-Law No. 45 / 2021) alignment narratives mirror Article-level mapping dossiers downloadable under NDA during procurement.

EU / UK GDPR text incorporated by reference alongside SCC modules.

California CCPA / CPRA consumer rights enumerated in Section 12.

KSA PDPL-aligned enterprise riders available commercially for strict residency mandates.

17. Contact us

[email protected] — general privacy enquiries

[email protected] — DPO coordination

[email protected] — vulnerability disclosure & incident escalation

[email protected] — contracting & formal regulator correspondence

Postal channels via UAE agent of service once onboarding completes.

18. Glossary

Personal Data • Processing • Controller • Processor • Subprocessor • SCC • DPA

Continued navigation of Sentink sites after this revision date signifies acknowledgement of both this Privacy Policy and the Cookie Policy.