SENSIA — PRIVACY
Last updated: 21 February 2026
This Privacy Policy explains how we collect, use, store, share and protect personal data when you use:
- the Sensia mobile application (the “App”); and
- our website (the “Website”) and related pages (together with the App, the “Services”).
This policy is written to be suitable for publication inside the App and on the Website. It is drafted using the structure and “plain legal English” style commonly accepted by app stores and regulators, and it is adapted from the drafting approach in Flo’s Privacy Policy (effective 13 November 2025).
Key principles
1) Your health, your data. We do not sell your personal data.
2) Health and wellbeing data is treated as sensitive. We process it only to provide the Services and (where required) with your explicit permission.
3) Data minimisation. We collect what we need to run the Services, improve reliability, and meet legal and security obligations.
4) Control. You can request access, correction and deletion, and you can use the App flow “Delete my data”.
Definitions
We collect personal data in three ways: (a) data you provide, (b) data collected automatically, and (c) data from third‑party services you choose to use.
Data you provide directly
Account and profile data - Email address (used for login and communications).
- Name (optional in some contexts, but used for personalisation if provided).
- Region (EU / UK / US) and language settings.
- City (used to provide pollen‑related and location‑relevant content; we do not need your precise GPS location to operate core features).
- Profile photo (optional).
- For asthma‑related features (where enabled): sex, date of birth, height, and predicted peak flow inputs/outputs (where applicable).
Health and wellbeing logs (sensitive) - Symptom entries.
- Wellbeing entries and diary notes.
- Peak flow measurements.
- Allergens and allergy reactions you select or describe.
Communications - Messages you send to support.
- Messages you send to the in‑app assistant (these may contain health information if you choose to include it).
Website sign‑ups and forms - Contact details you submit through the Website (for example, when you join an early access list or request information).
- If you subscribe to email updates, we use your contact details to send newsletters and product updates as described below.
Data we collect automatically
Depending on device and configuration, we may automatically collect:
Data from third‑party services (feature‑dependent)
Some functionality relies on third‑party infrastructure and APIs. This can include city search/geocoding, assistant runtime, hosting/security layers, and backend authentication.
Why we use your personal data
We use personal data for these purposes:
1) To provide and operate the Services - create and manage your account;
- authenticate you (including OTP login flows);
- show dashboards and personalised content;
- store your diary, symptom logs and profile settings;
- enable “Delete my data”.
2) To provide health‑related tracking features you choose to use - display your logged symptoms, wellbeing and peak flow history;
- generate insights and trends based on your logs;
- provide pollen‑related dashboard features based on your city/region.
3) To communicate with you - send essential service messages (for example, sign‑in codes, security notices, important product changes);
- provide support responses;
- if you opt in, send newsletters, product updates, and occasional marketing communications.
4) To maintain security, prevent abuse, and improve the Services - detect suspicious activity, protect accounts, and prevent fraud;
- debug, test, monitor and improve reliability and performance;
- maintain backups and business continuity processes.
5) To comply with legal obligations and enforce rights - comply with lawful requests from authorities;
- protect our rights and users’ safety;
- handle disputes and investigations;
- support a corporate transaction (for example, merger, acquisition, or asset transfer), subject to this Policy.
Legal bases for processing (EEA/UK) and consent model
If you are located in the EEA or UK, data protection law requires us to have a lawful basis for processing personal data. In practice:
How we share personal data
We share personal data only as described here:
Service providers (processors)
We use trusted service providers to operate the Services. They process personal data on our behalf, under contractual obligations.
Current / planned categories include:
No advertising by default
Advertising and ad tracking are off by default. If we introduce advertising or cross‑app tracking in the future, we will:
- update this policy;
- implement appropriate permission prompts and opt‑out options; and
- keep health/wellbeing data excluded from advertising use.
Legal, safety, and corporate events
We may disclose personal data if we reasonably believe it is necessary to: - comply with law, regulation, legal process, or lawful government request;
- protect the rights, property, or safety of Sensia, our users, or others;
- investigate and prevent fraud, abuse, or security incidents; or
- support a merger, acquisition, financing, reorganisation, bankruptcy, or sale/transfer of assets (subject to confidentiality and continued protection).
International data transfers
We are based in Spain, but some service providers may process data outside your country (including outside the EEA/UK). When personal data is transferred internationally, we apply safeguards required by applicable law (for example, contractual protections and transfer assessments where relevant).
You may contact us for more information about safeguards applicable to your data.
Data retention
We keep personal data only for as long as necessary for the purposes described in this policy, including:
We implement technical and organisational measures designed to protect your data, including encryption in transit and secure storage mechanisms where appropriate. Data is stored and processed within the European Union.
Sensitive information may be stored locally using platform secure storage features.
No method of transmission or storage is completely secure. While we work to protect your data, we cannot guarantee absolute security.
Your rights and choices
You can request privacy rights by using in‑app controls (including “Delete my data”).
Depending on where you live, your rights may include:
- access to your personal data;
- correction of inaccurate data;
- deletion of your data;
- restriction or objection to certain processing;
- portability (where applicable);
- withdrawal of consent (where processing is based on consent).
Verification: to protect your data, we may need to verify your identity before completing a request (for example, by confirming the request comes from your account email).
Timing: we respond within legally required timeframes and aim to respond promptly.
Website contact forms and newsletters
If you submit your email or other contact details through the Website:
Cookies and similar technologies (Website)
Our Website may use cookies and similar technologies:
- Strictly necessary cookies (to make the site work); and
- Optional cookies (for example, analytics), where enabled.
Where required, optional cookies will be turned on only after you provide consent, and you can change your cookie choices later using our cookie controls (where implemented).
Children
Our Services are not intended for children.
U.S. additional disclosures
California privacy rights
If you are a resident of California, you may have additional privacy rights to request access, deletion, and information about how personal data is used and shared, and to opt out of certain data transfers if they qualify as “sale” or “sharing” under applicable law. You can exercise rights by contacting hello@sensia.life.
We do not sell personal data.
Consumer health data disclosures (Washington and Nevada)
If you are a resident of Washington or Nevada, or your consumer health data is collected in those states, additional rules may apply to “consumer health data”.
For transparency: - the categories of consumer health data we may collect include symptoms, wellbeing logs, peak flow measurements, allergy triggers, allergies/reactions, asthma‑related profile attributes, and related inferences used to provide the Services;
- sources include you directly (entries, profile), your device and app interactions, and service providers used to operate the Services;
- we share this data only with service providers described above to deliver the Services, unless you direct us otherwise or a legal obligation applies;
- you can request access and deletion, and you can withdraw consent from future processing by contacting hello@sensia.life and/or using in‑app controls.
We do not sell consumer health data.
Changes to this policy
We may update this policy from time to time. If changes are material, we will provide notice through the App, on the Website, or by email (where appropriate). The “Effective date” above shows when this version applies.
Contact
For privacy questions or requests, email hello@sensia.life
UK GDPR Representative
We value your privacy and your rights as a data subject and have therefore appointed Prighter Group with its local partners as our privacy representative and your point of contact for the following regions:
Prighter Ltd
20 Mortlake High Street
Mortlake
London SW14 8JN
United Kingdom
Last updated: 21 February 2026
This Privacy Policy explains how we collect, use, store, share and protect personal data when you use:
- the Sensia mobile application (the “App”); and
- our website (the “Website”) and related pages (together with the App, the “Services”).
This policy is written to be suitable for publication inside the App and on the Website. It is drafted using the structure and “plain legal English” style commonly accepted by app stores and regulators, and it is adapted from the drafting approach in Flo’s Privacy Policy (effective 13 November 2025).
Key principles
1) Your health, your data. We do not sell your personal data.
2) Health and wellbeing data is treated as sensitive. We process it only to provide the Services and (where required) with your explicit permission.
3) Data minimisation. We collect what we need to run the Services, improve reliability, and meet legal and security obligations.
4) Control. You can request access, correction and deletion, and you can use the App flow “Delete my data”.
Definitions
- Personal data means information that identifies you directly or indirectly (for example: email address, account identifiers, device identifiers, and health logs linked to your account).
- Health / wellbeing data means information about symptoms, wellbeing, allergies, peak flow measurements, and related profile attributes that describe or can be linked to your health status.
- Processing means any use of personal data (collection, storage, use, sharing, deletion, etc.).
- Controller means the party that decides why and how your personal data is processed (Sensia / MONASTYRSKAYA MARIA).
We collect personal data in three ways: (a) data you provide, (b) data collected automatically, and (c) data from third‑party services you choose to use.
Data you provide directly
Account and profile data - Email address (used for login and communications).
- Name (optional in some contexts, but used for personalisation if provided).
- Region (EU / UK / US) and language settings.
- City (used to provide pollen‑related and location‑relevant content; we do not need your precise GPS location to operate core features).
- Profile photo (optional).
- For asthma‑related features (where enabled): sex, date of birth, height, and predicted peak flow inputs/outputs (where applicable).
Health and wellbeing logs (sensitive) - Symptom entries.
- Wellbeing entries and diary notes.
- Peak flow measurements.
- Allergens and allergy reactions you select or describe.
Communications - Messages you send to support.
- Messages you send to the in‑app assistant (these may contain health information if you choose to include it).
Website sign‑ups and forms - Contact details you submit through the Website (for example, when you join an early access list or request information).
- If you subscribe to email updates, we use your contact details to send newsletters and product updates as described below.
Data we collect automatically
Depending on device and configuration, we may automatically collect:
- Identifiers and authentication data: pseudonymous user ID, session and authentication tokens.
- Device and app information: device model, operating system version, app version, language, time zone, and basic network information.
- Approximate location signals: IP address may be used to infer approximate location (country/region) for security, fraud prevention, and correct regional configuration.
- Usage and diagnostic data: feature usage, errors, crash reports (if enabled/implemented), and performance logs.
Data from third‑party services (feature‑dependent)
Some functionality relies on third‑party infrastructure and APIs. This can include city search/geocoding, assistant runtime, hosting/security layers, and backend authentication.
Why we use your personal data
We use personal data for these purposes:
1) To provide and operate the Services - create and manage your account;
- authenticate you (including OTP login flows);
- show dashboards and personalised content;
- store your diary, symptom logs and profile settings;
- enable “Delete my data”.
2) To provide health‑related tracking features you choose to use - display your logged symptoms, wellbeing and peak flow history;
- generate insights and trends based on your logs;
- provide pollen‑related dashboard features based on your city/region.
3) To communicate with you - send essential service messages (for example, sign‑in codes, security notices, important product changes);
- provide support responses;
- if you opt in, send newsletters, product updates, and occasional marketing communications.
4) To maintain security, prevent abuse, and improve the Services - detect suspicious activity, protect accounts, and prevent fraud;
- debug, test, monitor and improve reliability and performance;
- maintain backups and business continuity processes.
5) To comply with legal obligations and enforce rights - comply with lawful requests from authorities;
- protect our rights and users’ safety;
- handle disputes and investigations;
- support a corporate transaction (for example, merger, acquisition, or asset transfer), subject to this Policy.
Legal bases for processing (EEA/UK) and consent model
If you are located in the EEA or UK, data protection law requires us to have a lawful basis for processing personal data. In practice:
- Contract / service delivery: we process account data and necessary technical data to provide the Services you request.
- Explicit permission for health/wellbeing data: where required, we ask you to explicitly agree before processing health and wellbeing data (for example, when you start using health logging features). If you do not agree, the health logging features may not work, but you may still be able to use limited parts of the Services (e.g., general informational content, where available).
- Legitimate interests: we may process limited technical and usage data to secure, maintain and improve the Services (for example, fraud prevention, debugging, reliability).
- Legal obligations: we may retain and disclose limited data if required by law.
How we share personal data
We share personal data only as described here:
Service providers (processors)
We use trusted service providers to operate the Services. They process personal data on our behalf, under contractual obligations.
Current / planned categories include:
- Backend / database / authentication: Supabase (OTP authentication, profiles, diaries, deletion requests).
- Assistant runtime: Voiceflow (assistant interface/runtime integrations).
- Hosting, security, and delivery: Cloudflare (planned/used for Website/app delivery path and security edge).
- City search / geocoding: Open-Meteo (used for city search and coordinates).
- Source control / CI/CD and release operations: GitHub and Codemagic (primarily development operations; may process limited personal data if included in logs/issues).
- Analytics provider: (product analytics and usage measurement).
- Push notification provider.
- Crash diagnostics provider.
- Email/newsletter platform and Website form handling: (used to manage Website contact requests and subscriptions).
No advertising by default
Advertising and ad tracking are off by default. If we introduce advertising or cross‑app tracking in the future, we will:
- update this policy;
- implement appropriate permission prompts and opt‑out options; and
- keep health/wellbeing data excluded from advertising use.
Legal, safety, and corporate events
We may disclose personal data if we reasonably believe it is necessary to: - comply with law, regulation, legal process, or lawful government request;
- protect the rights, property, or safety of Sensia, our users, or others;
- investigate and prevent fraud, abuse, or security incidents; or
- support a merger, acquisition, financing, reorganisation, bankruptcy, or sale/transfer of assets (subject to confidentiality and continued protection).
International data transfers
We are based in Spain, but some service providers may process data outside your country (including outside the EEA/UK). When personal data is transferred internationally, we apply safeguards required by applicable law (for example, contractual protections and transfer assessments where relevant).
You may contact us for more information about safeguards applicable to your data.
Data retention
We keep personal data only for as long as necessary for the purposes described in this policy, including:
- Account data and health logs: kept while your account is active, unless you delete your data earlier.
- Deletion requests: when you use “Delete my data”, we delete or irreversibly anonymise personal data associated with your account, subject to limited exceptions (for example, legal obligations, security, fraud prevention, and dispute handling).
- Backups and archives: data may remain in backups for a limited period after deletion. We aim to complete backup deletion within a reasonable period and no later than six months, unless a longer period is required by law or justified for security and integrity reasons.
We implement technical and organisational measures designed to protect your data, including encryption in transit and secure storage mechanisms where appropriate. Data is stored and processed within the European Union.
Sensitive information may be stored locally using platform secure storage features.
No method of transmission or storage is completely secure. While we work to protect your data, we cannot guarantee absolute security.
Your rights and choices
You can request privacy rights by using in‑app controls (including “Delete my data”).
Depending on where you live, your rights may include:
- access to your personal data;
- correction of inaccurate data;
- deletion of your data;
- restriction or objection to certain processing;
- portability (where applicable);
- withdrawal of consent (where processing is based on consent).
Verification: to protect your data, we may need to verify your identity before completing a request (for example, by confirming the request comes from your account email).
Timing: we respond within legally required timeframes and aim to respond promptly.
Website contact forms and newsletters
If you submit your email or other contact details through the Website:
- we use those details to respond to your request and/or to provide early access updates;
- if you opt in to marketing, we may send newsletters and product communications;
- you can unsubscribe at any time using the unsubscribe link in emails (or by contacting us at hello@sensia.life).
Cookies and similar technologies (Website)
Our Website may use cookies and similar technologies:
- Strictly necessary cookies (to make the site work); and
- Optional cookies (for example, analytics), where enabled.
Where required, optional cookies will be turned on only after you provide consent, and you can change your cookie choices later using our cookie controls (where implemented).
Children
Our Services are not intended for children.
- If you are in the EEA or UK, you must be at least 16 to use the Services.
- If you are outside the EEA/UK, you must be at least 13 to use the Services.
U.S. additional disclosures
California privacy rights
If you are a resident of California, you may have additional privacy rights to request access, deletion, and information about how personal data is used and shared, and to opt out of certain data transfers if they qualify as “sale” or “sharing” under applicable law. You can exercise rights by contacting hello@sensia.life.
We do not sell personal data.
Consumer health data disclosures (Washington and Nevada)
If you are a resident of Washington or Nevada, or your consumer health data is collected in those states, additional rules may apply to “consumer health data”.
For transparency: - the categories of consumer health data we may collect include symptoms, wellbeing logs, peak flow measurements, allergy triggers, allergies/reactions, asthma‑related profile attributes, and related inferences used to provide the Services;
- sources include you directly (entries, profile), your device and app interactions, and service providers used to operate the Services;
- we share this data only with service providers described above to deliver the Services, unless you direct us otherwise or a legal obligation applies;
- you can request access and deletion, and you can withdraw consent from future processing by contacting hello@sensia.life and/or using in‑app controls.
We do not sell consumer health data.
Changes to this policy
We may update this policy from time to time. If changes are material, we will provide notice through the App, on the Website, or by email (where appropriate). The “Effective date” above shows when this version applies.
Contact
For privacy questions or requests, email hello@sensia.life
UK GDPR Representative
We value your privacy and your rights as a data subject and have therefore appointed Prighter Group with its local partners as our privacy representative and your point of contact for the following regions:
- United Kingdom (UK)
Prighter Ltd
20 Mortlake High Street
Mortlake
London SW14 8JN
United Kingdom