Entrance Control
To prevent unauthorized access to data-processing facilities, Sentiance employs robust physical and electronic security measures. Data is managed at:
Development and Testing Locations:
- Headquarters in Antwerp, Belgium, and secured offshore hubs under strict contractual agreements. Physical access is controlled using key locks and alarm systems.
- Remote work environments are governed by Sentiance’s Remote Working Policy, which includes guidelines for secure access, encryption, and data handling to ensure the same level of protection as onsite facilities.
Cloud Environments:
- The AWS cloud platform (Ireland region, eu-west-1) enforces multi-layered security. Facilities are monitored 24/7 by security personnel and video surveillance. Intrusion detection systems safeguard entry points, and alarms auto-escalate if unresolved within predefined SLAs. CCTV recordings are retained for 90 days or adjusted based on legal requirements.
Utilization Control
Sentiance restricts access to data-processing systems using the following measures:
Workstations:
- Employees utilize password-protected, encrypted laptops equipped with anti-malware software.
AWS Platform:
- Personal accounts managed via AWS IAM enable controlled access, with programmatic access tokens assigned to individuals and revocable at any time.
Access Control
Authorized personnel are granted access only to data relevant to their roles. Measures include:
- Individual AWS accounts for relevant employees, restricting access based on job responsibilities.
- Strict role-based access controls (RBAC) to limit data handling capabilities.
Transmission Control
Data transmissions are safeguarded to prevent unauthorized access, alteration, or deletion:
- All data exchanges via the Sentiance API utilize encrypted TLS 1.2 connections with AES_128_GCM encryption and ECDHE_RSA key exchange.
Input Control
Audit trails are maintained to ensure accountability for data modifications:
- AWS CloudTrail tracks all changes, ensuring traceability of data entry, alteration, and deletion activities.
Order Control
Data processing aligns with explicit instructions provided by the Controller:
- Secure, encrypted connections manage access to servers, and logs capture all interactions for technical team review.
- Compliance with Data Processing Agreements (DPAs) is actively monitored to ensure adherence to contractual obligations and legal requirements.
Availability Control
Data is protected against accidental loss or destruction:
- Both OnDevice and Cloud Processing raw SDK Payload Data are incrementally stored on AWS S3 at least every hour with a retention of 100 days. In case of failure, these payloads can be completely reprocessed.
- Processed Results are stored on AWS RDS PostgreSQL databases where snapshots are taken every day with a retention of 14 days.
Separation by Purpose
Sentiance ensures data is processed exclusively for its intended purpose:
- Each app integration of the Sentiance SDK generates unique credentials (app ID and key). Data is segregated by app and user within append-only logs.
Employee Screening and Confidentiality
All employees and contractors sign confidentiality agreements and undergo background checks, including CV and credentials verification, before and during employment. Screening processes are conducted in compliance with applicable regional legislations to ensure legal and ethical standards are met.
Security Awareness
Continuous employee training and security awareness programs ensure adherence to best practices.
Network and Physical Security
- Sentiance considers any location remote and implements appropriate security measures to ensure confidentiality. These measures include a remote work policy, encryption, access controls, and more.
- While Sentience is mostly a remote company, the headquarter’s premises are secured with electronic locks, cameras, and alarm systems.
Logging and Monitoring
- Access attempts and other critical events across applications and systems are logged and monitored to detect and address security risks proactively.
- Change management procedures ensure the tracking of modifications to systems and configurations, providing transparency and accountability.
Incident Management
Security incidents are recorded and managed by the Privacy & Security Team, with corrective actions implemented promptly. All incidents are reviewed regularly to identify lessons learned and improve future security practices.
Encryption
Sensitive data is encrypted during storage and transmission, ensuring its confidentiality and integrity.
Backup and Recovery
Regular backups are performed and tested to ensure the availability of data in case of disasters.
Privacy Policy and Data Breaches
Sentiance adheres to strict privacy policies.
- When Sentiance acts as a Controller, affected parties and authorities are promptly informed in the event of a data breach, and detailed reports ensure compliance with regulatory requirements.
- When Sentiance acts as a Processor, the Controller is notified without undue delay upon becoming aware of a personal data breach, along with sufficient information to enable the Controller to fulfill its obligations.
Supplier Management
Sentiance has a supplier management process that includes defined security requirements to ensure suppliers adhere to our security standards. Compliance with these requirements is monitored regularly, and key security controls are integrated into supplier contracts to maintain accountability and alignment with our security policies.
Security Testing
Regular assessments evaluate the effectiveness of key security controls, including both internal and external testing. External security experts are engaged periodically to perform independent evaluations and ensure comprehensive coverage of potential vulnerabilities.
Last updated: March 13, 2025
