Privacy Policy

1. Data Controller

Senso ("we", "us", "our") is a sole trader operating in England and Wales. We are the data controller responsible for the personal data described in this policy. For any data protection query, including requests to exercise your rights or to receive our current postal address, contact us at privacy@wearesenso.com. We do not have a statutory Data Protection Officer; data protection queries are handled directly by the founder.

1b. Special-Category (Health) Data Notice

The whole point of Senso is to match a property to your accessibility needs. To do that, we ask you questions during onboarding about things like how many steps you can manage, whether you use a wheelchair or other mobility aid, and whether anyone in your household has specific access requirements. Under UK GDPR Article 9 this counts as special-category data concerning health, and it is the most sensitive data we hold about you.

• Article 6 lawful basis: performance of contract — we cannot run the accessibility analysis you asked for without this information.
• Article 9 condition: your explicit consent under Article 9(2)(a). You give this consent at onboarding by ticking a dedicated box that says you understand you are sharing health-related information so Senso can personalise your analyses. This explicit consent is separate from, and additional to, acceptance of this privacy policy.
• You can withdraw this consent at any time with one click from your account settings, under the “Accessibility data consent” section. You can also email privacy@wearesenso.com if you prefer. Withdrawal does not affect processing that already happened, and does not affect your ability to keep using the parts of Senso that do not rely on this data.
• We do not share your accessibility profile with estate agents, advertisers, or any third party. It is sent to our AI processor (OpenAI) alongside the listing so the analysis can be tailored, and it is stored on our own infrastructure. It is never used to train AI models.

1a. How the Free Analysis Works

Senso lets you check whether a UK property listing looks accessible before you spend time visiting it. The free flow is deliberately simple and is designed so you can try the service without handing over any personal information up front.

• First run (anonymous): on your very first visit you can paste a Rightmove listing URL and run an analysis without creating an account. We do not ask for your name, email or any other identifying detail. We process the listing URL and the public information on that page, run our AI analysis, and show you the result.
• Second run (Google sign-in): if you want to run another analysis, save your results, or come back later, we ask you to sign in with Google. That gives us your name, email address and Google profile image, and lets us link the analyses you have already run on that browser to your new account.
• No other sign-in option: we currently only support Google Sign-In. We do not offer email-and-password, one-time email links, or social logins from other providers.
• No card details for the free tier: the free analysis path does not require payment information. If you choose to upgrade to a paid plan in future, that is handled separately by Stripe.

2. Personal Data We Collect

• Account data: name, email address, and Google profile image (provided via Google Sign-In).
• Onboarding responses (special-category): answers you provide during the onboarding questionnaire including your accessibility and mobility needs (for example, how many steps you can manage, whether you use a wheelchair). This is health-related data and is handled under Article 9 explicit consent — see section 1b.
• Analysis data: property addresses and URLs you submit for accessibility analysis, and the resulting reports.
• Subscription and payment data: subscription status and billing details managed by Stripe. We do not store your card number — Stripe handles this as our payment processor.
• Usage data: pages visited, features used, and analysis quotas. If you consent to analytics cookies, Meta Pixel collects anonymised browsing events and PostHog collects product-analytics events (how you navigate the app, features you use) plus session screen-recordings with all input fields masked. See section 6 for the processors and section 9 for the cookies.
• Cookie preferences: your consent choice stored in a first-party cookie.
• Cached listing data: when you submit a Rightmove URL we keep a copy of the listing content and the AI result for up to 30 days so that the next person to look at the same property does not have to wait for a fresh analysis. This cache is keyed on the listing URL, not on you. See section 6a for the full detail.

3. Lawful Basis for Processing

For each processing activity we rely on one of the lawful bases in UK GDPR Article 6. Where we handle health-related accessibility data, we additionally rely on the Article 9(2)(a) explicit-consent condition described in section 1b.

Where we rely on legitimate interests we have carried out a balancing test and concluded that the processing is necessary, proportionate, and does not override your rights. You can ask us for a copy of the balancing test at any time.

3b. Automated Decisions and AI Profiling

Senso uses AI models to produce an accessibility verdict about a property you submit. That verdict is generated by an automated system and combines your onboarding profile with the public listing content. We want to be clear about what this does and does not mean under UK GDPR Article 22:

• No decision with legal or similarly significant effect is made about you. Senso does not decide whether you can rent or buy a property, it does not communicate with landlords or lenders, and it does not affect your access to housing, benefits, or services. The verdict is informational only — it helps you decide whether to visit a listing.
• Meaningful information about the logic: the AI reads the listing text, floorplans and photos, compares them against your stated accessibility needs, and produces a structured rating plus supporting reasoning. Section 6b describes the cascading model approach in plain English.
• Human review on request: if you believe a verdict is wrong or unfair, email privacy@wearesenso.com and we will review it manually and, where appropriate, correct or delete it.
• No behavioural profiling. We do not score users, segment them for advertising, or make predictions about individuals beyond the single analysis you requested.

4. How We Use Your Data

• To provide, maintain, and improve the Senso service.
• To run property accessibility analyses using AI and return results to you.
• To manage your subscription and process payments.
• To send you transactional emails about your account and analyses.
• To measure how the service is used and optimise our marketing, only where you have given consent.

5. Data Retention

• Account and analysis data: retained while your account is active. Deleted promptly upon account deletion request.
• Stripe financial records: retained by Stripe for 7 years to meet legal and tax obligations.
• Application logs: retained for up to 90 days for debugging and then automatically purged.
• Cookie consent preference: stored for 12 months from the date of your choice.
• Cached listing analyses: retained for up to 30 days from the date of analysis, then automatically purged. See section 6a.
• Anonymous first-run analyses: if you ran an analysis without signing in and never returned, the result is held only as part of the 30-day URL cache and is not linked to any user record.
• Cost and usage telemetry: aggregate cost records (model used, tokens, latency, pence) are retained for up to 24 months for trend analysis, then deleted. See section 6c.
• Consent acknowledgements: records of which version of this policy you have acknowledged are retained for the life of your account plus six years, in line with UK limitation periods.
• PostHog analytics events: retained by PostHog in line with our project retention configuration (up to 7 years on our paid EU Cloud plan), or until you delete your Senso account, whichever comes first. When you delete your account, we immediately stop capturing new events under your identity and your browser’s PostHog session is reset; the PostHog-side person record and its historical events are deleted within 30 days. Session recordings are retained for 30 days and then automatically purged by PostHog. All inputs are masked in recordings.

6. Third-Party Processors and Data Sharing

We share your data only with processors that are necessary to deliver the service. The table below lists each processor, what it does, where it is based, and the transfer mechanism we rely on when personal data leaves the UK.

Data Processing Agreements are in place with each processor listed above. If we add or replace a processor we will update this table and, for material changes, notify you by email or an in-app notice at least 14 days before the change takes effect. We do not sell personal data to anyone, ever, and we do not share it with advertising networks beyond the Meta Pixel consent path described in section 9.

6e. Google API Services — Limited Use Disclosure

Senso’s use of data received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

• We only request the openid, profile and email scopes, solely to authenticate you and populate your account with your name, email address and profile image.
• We do not use Google user data to develop, improve or train generalised or non-personalised AI or machine-learning models.
• We do not transfer Google user data to third parties except as strictly necessary to provide or improve the features you have asked for, to comply with law, or as part of a business transfer with equivalent protections.
• We do not allow humans to read your Google user data unless we have your explicit consent, it is necessary for security (for example, to investigate abuse), it is required by law, or the data has been aggregated and anonymised for internal operations.

6a. The 30-Day Listing Cache

Running a fresh AI analysis on every request would be slow and expensive, and most listings do not change from one day to the next. To keep the free tier sustainable we cache the result of each analysis for up to 30 days, keyed on the Rightmove listing URL.

• What we cache: the listing URL, the public listing content we read at the time of analysis (text, floorplans, photos), and the structured accessibility result that the AI produced.
• What we do not cache: any personal information about the person who first requested the analysis. The cache entry is keyed on the URL, not on a user ID. If a second person asks for the same listing within the 30-day window, we return the cached result and the original requester is not identified to them.
• Refreshes: after 30 days the cache entry is automatically purged. The next request for that listing triggers a fresh fetch and a fresh AI analysis. You can also force a refresh from the analysis page if the listing has obviously changed.
• Lawful basis: legitimate interests — specifically, our interest in providing a free, fast service without burning compute on duplicate work, balanced against your interest in receiving up-to-date information. The cache window is short (30 days), the data is non-personal, and you can always request a fresh run.

6b. How We Use AI Models

Senso uses an AI model from OpenAI called GPT-5 to analyse property photos, floorplans, and listing details to produce the accessibility verdict.

• What is sent to OpenAI: the public listing content (text, floorplans, photos) and your accessibility preferences from onboarding so the model can tailor the verdict. We do not send your name, email, or any other personal account detail.
• OpenAI’s use of the data: we use the OpenAI API under their standard data-processing terms. OpenAI does not use API content to train its models. Data is processed in the US and is subject to the safeguards described in section 7 below.
• Model changes: the specific model we use will change over time as OpenAI releases new versions. We will update this section when we change the model, but the principles above will not change without notice.

6c. Cost and Usage Monitoring

Senso runs an internal admin dashboard that tracks how much each analysis costs us in compute and AI usage. This is so we can keep the free tier sustainable and spot abuse early.

• What we record: the timestamp of the analysis, which AI model was used, the number of tokens consumed, the measured latency, and the resulting cost in pence.
• What is shown on the dashboard: aggregate numbers — daily cost totals, average cost per analysis, cache-hit rate, model-mix — not individual user activity. We use it to answer questions like “is the service profitable enough to leave the paywall off?”, not “what is user X looking at?”.
• Who can see it: only the founder and any technical contractors operating the service under written confidentiality terms.
• Lawful basis: legitimate interests — we need cost visibility to run a sustainable service. The data is technical, the access is restricted, and there is no profiling or automated decision-making about you as an individual.

6d. Transactional Enquiry Email Relay (Upcoming)

We are preparing an upcoming feature that will, with your explicit permission, send accessibility enquiry emails to estate agents on your behalf. This feature is not yet live; the current service offers a copy-and-paste enquiry drafter only. We are publishing the disclosure now so that the data handling is clear before the feature ships.

When the relay feature ships, Senso will use its own transactional email infrastructure (our email processor Resend, listed in our subprocessor section) to send the enquiry. The email will be sent from an @wearesenso.com address on your behalf, with your verified account email address set as the reply-to header, so that any reply from the estate agent goes directly to you, not to Senso. Senso does not request access to, and does not read, your personal Gmail, Outlook, iCloud, or any other mailbox.

Purpose binding for this feature:

• We will only send emails you have reviewed and approved first. We will not send marketing on your behalf, and we will not contact anyone you have not asked us to contact.
• We will retain the outbound email and delivery metadata (recipient, timestamp, delivery status) for up to 12 months so we can show you the status of enquiries you sent and help you track follow-ups. After 12 months the record is deleted.
• We will not use enquiry email content to train AI models. We will not sell, transfer, or share enquiry content with third parties for advertising or any unrelated purpose.
• You can ask us to delete any enquiry record at any time by emailing privacy@wearesenso.com. Deletion is completed within 30 days.

Until this feature is live, Senso only offers a copy-and-paste enquiry drafter. No email is sent from Senso’s infrastructure on your behalf. You will see a clear in-app prompt before the relay feature is enabled for your account, and you can decline without losing access to the rest of the service.

7. International Transfers

Most of our processors are based in the United States. Where personal data is transferred outside the UK, we rely on one of the following Article 46 safeguards:

• The UK International Data Transfer Addendum to the EU Standard Contractual Clauses, which we have in place with Vercel, Railway, OpenAI, Stripe, Resend and Meta.
• The UK-US Data Bridge (an extension of the EU-US Data Privacy Framework) where a processor is certified under it.
• UK adequacy regulations where the receiving country (or specific certification scheme) has been deemed adequate by the UK government.

You can ask us for a copy of the relevant transfer mechanism for any specific processor by emailing privacy@wearesenso.com.

8. Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

• Right of access — request a copy of the personal data we hold about you.
• Right to rectification — ask us to correct inaccurate data.
• Right to erasure — request deletion of your account and data. You can do this from your account settings.
• Right to data portability — export your data in a machine-readable format (JSON). Available in your account settings.
• Right to restrict processing — ask us to limit how we use your data.
• Right to object — object to processing based on legitimate interests.
• Right to withdraw consent — withdraw analytics cookie consent (both Meta Pixel and PostHog) at any time via the cookie banner or your account settings, and withdraw your Article 9 explicit consent to the processing of your accessibility profile at any time with one click from your account settings, under the “Accessibility data consent” section (or by emailing us if you prefer). Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
• Rights relating to automated decision-making — see section 3b. You can ask for a human review of any AI-generated analysis verdict.
• Right to lodge a complaint with the UK Information Commissioner’s Office — see section 10 for contact details.

To exercise any of these rights, email privacy@wearesenso.com. We will respond within one calendar month, as required by Article 12(3) UK GDPR. Providing your accessibility profile is not a statutory or contractual requirement for merely visiting the site, but it is a practical requirement for running a tailored analysis; you can decline and use the site for public information only.

9. Cookies

• senso_consent — stores your cookie consent choice (accept or decline). First-party, 12-month expiry. Strictly necessary.
• Session cookies — used for authentication. First-party, session duration. Strictly necessary.
• Meta Pixel cookies — set only if you consent to analytics cookies. Third-party. See Meta's cookie policy for details.
• ph_*_posthog — PostHog device identifier. First-party, set on wearesenso.com, 1-year expiry. Only set if you consent to analytics cookies. Used to recognise returning visitors in aggregate analytics.
• ph_*_posthog_session — PostHog session identifier used to stitch together events within a single visit and, when applicable, session replay. First-party, set on wearesenso.com, 30-minute rolling expiry. Only set if you consent to analytics cookies.

If you decline analytics cookies, none of the ph_* cookies are set. Session replay is never recorded on the privacy or legal pages, regardless of consent.

10. Complaints

If you are unhappy with how we handle your data, you have the right to complain to the Information Commissioner's Office (ICO):

• Website: ico.org.uk/make-a-complaint
• Helpline: 0303 123 1113

11. Changes to This Policy

We may update this policy as the service evolves. For material changes (new processors, new lawful bases, or changes to how we handle your accessibility profile) we will notify you by email and an in-app notice at least 14 days before the change takes effect. The "Last updated" date at the top of this page always indicates when the policy was last revised.

12. Contact Us

For any questions about this policy or your personal data, email privacy@wearesenso.com.

13. ICO Registration

Senso is registered with the UK Information Commissioner’s Office as a data controller. Our registration number is ZC148158. If you would like a copy of the registration certificate, email privacy@wearesenso.com and we will share it.