Effective Date: Mar 5, 2025

This Privacy Policy explains how Pensero Inc. (“Pensero”, “we”, “us”, or “our”) collects, uses, discloses, and protects personal information in connection with:

Our Service: Pensero owns and operates the Pensero AI Software (“Service”), which is licensed to our customers. Under this licensing arrangement, the customer’s employees (the “End Users”) are granted access to and use of the Service. In this context, Pensero processes End-User data strictly following the customer’s documented instructions and solely to provide, support, and improve the Service.

Our Website: We also process personal data collected through our website for two primary purposes:

• To allow potential customers (leads) to request more information or a demo (collecting identifying and contact data).

• Collect traffic, location, and commercial information (including managing landing pages, performing heat mapping, testing new features, and optimizing site traffic) based on our legitimate interests to enhance customer service, analyze software practices, and inform strategic development and growth decisions.

This Privacy Policy is published on our website and applies globally. It is organized into a Generic Section (applicable to all jurisdictions) and three Specific Sections addressing the relevant legal requirements under the US law, UK law, and the GDPR (where applicable).

I. GENERIC SECTION (APPLICABLE TO ALL JURISDICTIONS)

1. Scope and Purpose

a) Service Data: Pensero processes personal data of End Users (employees of our customer companies) solely for the provision, support, improvement, and evolution of the Service. In this capacity, Pensero strictly follows our customers' instructions (who are the Data Controllers).

b) Website Data: For visitors to our website, we process personal data for:

• Managing requests for information or demos (collecting identifying and contact data).

• Collecting and analyzing traffic, location, and commercial data to optimize our APP/website’s performance, manage landing pages, perform heat mapping, test features, and optimize traffic based on our legitimate interests.

2. Information We Collect

2.1 In Connection with the Service

Based on our customer’s instructions, we may collect:

• Identifiers: Names, email addresses, and user account credentials that enable access to the Service.

• Employment Information: Data related to performance metrics, job roles, activities, and individual contributions provided by the customer (e.g., via integrations with tools like Slack or Jira) or generated by our proprietary AI. Such data, which evaluates employee contributions over time, is treated as personal data.

• Usage Data: Automatically collected data from interactions with the Service (e.g., login times, IP addresses, usage patterns) to enhance security, monitor performance, and continuously improve the Service.

2.2 Through Our Website

When potential customers interact with our website, we may collect:

• Identifying and Contact Data: When requesting more information or a demo, information such as names, email addresses, and phone numbers.

• Traffic and Location Data: Data regarding the user’s navigation (e.g., IP address, device type, geolocation, pages visited) for analytical purposes.

• Commercial Information: Data that reflects user interest in our products and services.

• Additional Processing for Optimization: Data used for managing landing pages, heat mapping, testing new features, and optimizing site traffic, collected based on our legitimate interests to implement improvements aimed at user experience. 

3. How We Use the Information

3.1 Use of Data in Connection with the Service

We use End User data exclusively to:

• Provide the Service: Authenticate users, grant access, and ensure the intended functionality of our AI software for productivity and performance management.

• Support and Maintain: Offer technical support, resolve issues, and ensure continuous Service improvement.

• Legitimate basis: The processing activities outlined are necessary to fulfill contractual obligations with the Customer. Additionally, the company has a legitimate interest in improving its service and maintaining security, provided that such interests do not override users’ fundamental rights and freedoms. These interests include preventing fraud, detecting unauthorized access, and ensuring the integrity of its systems.

• Compliance and Security: Meet legal obligations and safeguard the security and integrity of the data.

3.2 Use of Data Collected Through Our APP/Website

We use APP/Website data to:

• Manage Requests: Process inquiries, demo requests, and information requests from potential customers.

• Optimize and Analyze: Monitor traffic, perform heat mapping, test features, and optimize the APP/Website to improve user experience and our marketing strategies.

• Legitimate basis: Pensero has a legitimate interest in analyzing its software practices to make informed decisions regarding development and growth strategy, provided that such interests do not override users’ fundamental rights and freedoms.

• Compliance and Security: Protect our APP/Website and ensure compliance with applicable laws.

4. Data Security

Pensero implements appropriate administrative, technical, and physical safeguards to protect personal data against unauthorized access, alteration, loss, or disclosure. Key measures include:

• Encryption: Personal data is encrypted in transit and at rest using industry-standard protocols.

• Access Control: Access is restricted to authorized personnel only.

• Secure Hosting: Our Service is hosted on SOC 2-compliant infrastructure, which is continuously monitored and audited.

5. Data Retention and Deletion

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected or as required by law.

• For the Service: End User data is retained according to our customer’s instructions and will be deleted or returned within 30 days after the termination of the Service, unless otherwise required by law.

• For APP/Website Data: Data from leads and traffic analysis is kept for a reasonable period to manage commercial activities and analytics unless a deletion request is received.

6. Rights of Data Subjects

6.1 For Service Users (End Users)

Since our customers act as Data Controllers in the Service context, End Users should direct any requests to access, correct, or delete their personal data to their employer. Pensero will assist the customer in responding to such requests only as instructed in writing.

6.2 For Website Visitors (Potential Customers)

Visitors who provide their personal data via our website have rights to access, correct, delete, restrict processing, request portability, or object to the processing of their data. Such requests can be submitted directly using the contact details below.

7. Exercising Your Rights

For any inquiries or to exercise your rights regarding your personal data:

• Service Users: Please contact your employer’s Data Protection Officer or responsible team/person.

• Website Visitors: Please contact Pensero at:

  • Email: datarequest@pensero.ai 

  • Address: 169 Madison Ave, STE 2998, New York, NY 10016

Pensero will, where permitted by law, assist in exercising these rights and maintain records of requests to ensure compliance.

II. JURISDICTION-SPECIFIC SECTIONS

The following provisions apply in addition to the Generic Section, depending on the applicable legal framework.

1. USA Data Protection Provisions

Scope:

This section applies when personal data processing involves U.S. consumers or is subject to U.S. privacy laws, such as the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA).

Requirements:

• Data is processed solely for the above purposes and following the customer’s instructions (for the Service) or legitimate commercial purposes (for the website).

• Pensero does not sell or share personal data except as law requires.

• Consumer rights (such as access, correction, and deletion) will be respected. Any requests from U.S. consumers will be promptly communicated to the appropriate contact.

2. UK Data Protection Provisions

Scope:

This section applies when personal data processing is subject to UK data protection laws, including the UK General Data Protection Regulation (UK GDPR).

Requirements:

• Data processing will be conducted following the principles of lawfulness, fairness, and transparency.

• Pensero will cooperate with the customer to ensure that data subject rights (access, rectification, deletion, etc.) are fully respected.

• Any international data transfers outside the UK will be subject to the necessary safeguards under the UK GDPR.

3. GDPR Provisions (EU)

• Scope:
  This section applies when personal data processing is governed by the European Union’s General Data Protection Regulation (GDPR).

• Requirements:

  • Pensero processes data strictly according to the customer’s documented instructions and on a lawful basis under the GDPR.

  • Data subject rights (access, rectification, deletion, restriction, portability, and objection) are guaranteed, and Pensero will assist the customer in fulfilling these rights.

  • Any Subprocessors engaged by Pensero will be contractually obligated to uphold protections equivalent to those in this Privacy Policy.

  • Where required, Pensero will cooperate with the customer to conduct Data Protection Impact Assessments (DPIAs).

II. JURISDICTION-SPECIFIC SECTIONS

The following provisions apply in addition to the Generic Section, depending on the applicable legal framework.

1. USA Data Protection Provisions

• Scope:
  This section applies when personal data processing involves U.S. consumers or is subject to U.S. privacy laws, such as the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA).

• Requirements:

  • Data is processed solely for the above purposes and following the customer’s instructions (for the Service) or legitimate commercial purposes (for the website).

  • Pensero does not sell or share personal data except as required by law.

  • Consumer rights (access, correction, and deletion) will be respected. Any requests from U.S. consumers will be promptly communicated to the appropriate contact.

2. UK Data Protection Provisions

• Scope:
  This section applies when personal data processing is subject to UK data protection laws, including the UK General Data Protection Regulation (UK GDPR).

• Requirements:

  • Data processing will be conducted under the principles of lawfulness, fairness, and transparency.

  • Pensero will cooperate with the customer to ensure that data subject rights (access, rectification, deletion, etc.) are fully respected.

  • Any international data transfers outside the UK will be subject to the necessary safeguards under the UK GDPR.

3. GDPR Provisions (EU)

• Scope:
  This section applies when personal data processing is governed by the European Union’s General Data Protection Regulation (GDPR).

• Requirements:

  • Pensero processes data strictly according to the customer’s documented instructions and on a lawful basis under the GDPR.

  • Data subject rights (access, rectification, deletion, restriction, portability, and objection) are guaranteed, and Pensero will assist the customer in fulfilling these rights.

  • Any Subprocessors engaged by Pensero will be contractually obligated to uphold protections equivalent to those in this Privacy Policy.

  • Pensero will cooperate with the customer to conduct Data Protection Impact Assessments (DPIAs) where required.

III. CHANGES TO THIS PRIVACY POLICY

Pensero may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Material changes will be communicated to our customers, and the updated effective date will be indicated at the top of this document.

IV. CONTACT US

For any questions regarding this Privacy Policy or our data protection practices, please contact:

Pensero Inc.
Email: datarequest@pensero.ai
Address: 169 Madison Ave, STE 2998, New York, NY 10016