Privacy policy

SenseCore AI Ltd is a UK-based company building energy intelligence software for public-sector and commercial estates. We are based in London, United Kingdom.

For the purposes of UK GDPR and the Data Protection Act 2018, we are the data controller for personal data you provide through our services.

Contact for data protection enquiries: hello@sensecoreai.com

We collect only the data we need to provide the service:

• Account data: your name, work email, organisation name, role.
• Energy data: half-hourly meter readings you submit (manually or via connected meter feeds), building characteristics, occupancy data.
• Compliance data: SECR, ESOS, ERIC, SHDF, EPC reporting data you provide for processing.
• Usage data: API calls, dashboard interactions, login times — for service performance and security.
• Support data: messages you send via chat, email or our contact form.
• Marketing data: only your email address, only if you opt in to our newsletter.

We do not collect special category data (such as health data, ethnicity, political opinions) unless you explicitly provide it as part of fuel poverty risk analysis with appropriate lawful basis.

We process personal data for these purposes:

• Service delivery: to forecast your energy consumption, detect anomalies, generate compliance reports, calculate fuel poverty risk scores.
• Billing and accounts: to invoice you, collect payments, manage your subscription.
• Support: to respond to your questions and troubleshoot issues.
• Service improvement: to monitor platform performance, fix bugs, develop new features (in aggregate, not from identifiable data).
• Security: to detect and prevent abuse, fraud and unauthorised access.
• Marketing: only with your consent, and only for our own product updates.

We will never sell your data, and we will not share it for third-party marketing.

Under UK GDPR Article 6, we rely on the following lawful bases:

• Contract (Art. 6(1)(b)): processing necessary to deliver the services you've signed up for.
• Legitimate interests (Art. 6(1)(f)): to improve our services, secure the platform, prevent fraud, and conduct internal analytics. Our interests are balanced against your rights.
• Legal obligation (Art. 6(1)(c)): to comply with tax, accounting, regulatory and law-enforcement requirements.
• Consent (Art. 6(1)(a)): only for marketing communications, and you can withdraw consent at any time.

We share personal data only with carefully selected service providers (“data processors”) under written agreements that require them to protect it:

• Cloud hosting: Amazon Web Services (eu-west-2, London region). Your data is processed within the UK.
• Email delivery: SendGrid (for transactional emails such as invoices and notifications).
• Payment processors: details will be added when a payment processor is appointed.

We may also disclose data where required by law, regulator request, or to protect our rights or those of others.

Your primary data — energy readings, forecasts, compliance reports — is stored and processed in the UK (AWS eu-west-2, London).

Some operational services (such as email delivery via SendGrid) may involve data transfer outside the UK. Where this happens, we rely on the UK International Data Transfer Agreement or Standard Contractual Clauses to provide appropriate safeguards under UK GDPR.

We keep personal data only as long as needed:

• Account data: while your account is active, plus up to 6 years after closure for accounting and legal records.
• Energy and compliance data: while your account is active. Deleted within 30 days of account closure unless you request earlier deletion.
• Usage logs and audit trails: 12 months from the date of activity.
• Support correspondence: 24 months from your last interaction.
• Marketing subscriptions: until you unsubscribe.

Under UK GDPR you have the right to:

• Access the personal data we hold about you.
• Rectify data that is inaccurate or incomplete.
• Erase your data in certain circumstances (“right to be forgotten”).
• Restrict or object to certain processing.
• Portability — receive your data in a structured, machine-readable format.
• Withdraw consent at any time (for marketing).

To exercise any of these rights, email us at hello@sensecoreai.com. We will respond within one month.

If you are unhappy with how we have handled your data, you have the right to complain to the UK Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.

We use industry-standard security measures:

• Encryption in transit: TLS 1.2+ on all connections.
• Encryption at rest: AES-256 for stored data.
• UK data residency: primary infrastructure runs in AWS eu-west-2 (London).
• Access control: role-based access with named-user audit logging.
• Audit trails: SHA-256 hashes on generated reports for tamper-evidence.
• Aligned to ISO 27001: security practices follow ISO 27001 principles. Formal certification is planned but not yet held.

We use only essential cookies required for the service to function (for example, session cookies that keep you logged in).

We do not use third-party tracking, advertising or analytics cookies that profile your behaviour across the internet. If we add analytics in future, we will update this policy and seek consent.

We may update this policy from time to time. We'll notify you of material changes by email or via an in-app notification before they take effect, and we'll update the “Last updated” date above.

For any questions about this privacy policy or how we handle your data:

• Email: hello@sensecoreai.com
• Address: SenseCore AI Ltd, London, United Kingdom

You can also contact the UK Information Commissioner's Office at ico.org.uk.