Privacy Policy
1. Who Is Responsible for Your Data?
Senaro AI (Northcliff AI / Spark GTM Consulting) is the data controller for personal data collected in connection with your Account, subscription, and use of the service.
For personal data contained within the tasks and content you input, Senaro AI acts as a data processor on your behalf — you remain the data controller for that content.
2. What Personal Data We Collect
2.1 Data you provide directly
- Account information: name, email address, and password (stored as a secure hash), or Google account details if you register via Google SSO.
- Profile information: your job role (e.g. Account Executive, SDR/BDR, CSM) selected during onboarding.
- Payment information: billing details entered when purchasing a Pro Plan or Credit Pack. Full payment card details are processed and stored exclusively by Stripe — we do not store raw card numbers.
- User Content: tasks, notes, account tile names, tags, subtasks, and other content you input into the service.
2.2 Data generated by your use
- Usage data: features used, Credit consumption, task completion rates, onboarding progress.
- Activity log: timestamped record of task edits, completions, and in-app actions.
- Technical data: IP address, browser type and version, operating system, device type, and session identifiers — used to operate, secure, and improve the service.
- Subscription and billing metadata: current plan, billing cycle, Stripe customer ID, subscription ID, and Credit balance.
2.3 Data from third parties
- Stripe: confirmation of payment status, subscription state, and transaction identifiers. We do not receive full card details from Stripe.
- Google (if you use Google SSO): your Google account email address and display name, as authorised during the Google sign-in flow.
3. Data We Do Not Collect
- Government identification numbers, passport data, or similar official identifiers.
- Sensitive personal data under GDPR Article 9 (e.g. health data, racial or ethnic origin, political opinions, biometric data).
- The personal data of third parties mentioned within your task content. We encourage you to avoid entering unnecessary third-party personal data into the service.
- We do not sell or rent your personal data to any third party.
4. How We Use Your Data and Our Legal Bases
We process your personal data only where we have a lawful basis under the GDPR.
| Purpose | Data used | Legal basis |
|---|---|---|
| Creating and managing your Account | Account info, profile data | Performance of a contract (Art. 6(1)(b)) |
| Delivering the service (task parsing, AI features) | User Content, usage data | Performance of a contract (Art. 6(1)(b)) |
| Processing payments and managing subscriptions | Billing metadata, payment status | Performance of a contract (Art. 6(1)(b)) |
| Transactional communications (receipts, renewal reminders, account notices) | Email address | Performance of a contract (Art. 6(1)(b)) |
| Improving and developing the service | Technical data, usage data (aggregated / anonymised where possible) | Legitimate interest (Art. 6(1)(f)) |
| Security, fraud prevention, and abuse detection | Technical data, account activity | Legitimate interest (Art. 6(1)(f)) |
| Complying with legal obligations | All data as necessary | Legal obligation (Art. 6(1)(c)) |
| Marketing communications (only with consent) | Email address | Consent (Art. 6(1)(a)) — withdrawable at any time |
We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects on you.
5. How We Share Your Data
We do not rent, sell, or trade your personal data with third parties for their own marketing purposes.
5.1 Sub-processors
| Sub-processor | Role | Data shared | Location |
|---|---|---|---|
| Supabase Inc. | Database, authentication, and hosting | Account data, User Content, usage data, technical data | EU region (where configured) / USA |
| Stripe, Inc. | Payment processing and subscription management | Email address, billing metadata, payment status | USA (with EU SCCs) |
| Anthropic, PBC | AI task-parsing API | Task text (title and description) only | USA (with EU SCCs) |
All sub-processors are required to implement appropriate safeguards and to process data only per our instructions and applicable law.
5.2 Legal requests and harm prevention
We may access, retain, and/or share your information in response to a lawful legal request (search warrant, court order, or subpoena), or when reasonably necessary to detect, prevent, or address fraud, illegal activity, or to protect the rights, property, or safety of Senaro AI, our users, or others. Data may be retained for an extended period where required by legal obligation or investigation.
5.3 Business transfers
If Senaro AI is involved in a merger, acquisition, or asset sale, your personal data may be transferred. We will notify you before your data is transferred and becomes subject to a different privacy policy.
5.4 With your consent
We may share your data in other circumstances where we have obtained your explicit prior consent.
6. Cookies and Similar Technologies
Senaro AI uses cookies and similar technologies to operate and improve the service:
- Strictly necessary cookies: required for authentication, session management, and core functionality. These cannot be disabled.
- Analytics cookies: used to understand how users interact with the service (aggregated, anonymised where possible). You may opt out via your browser settings.
For full details on the cookies we use, see our Cookie Policy at senaroai.com/cookies.
7. AI Processing — Special Notice
Certain features transmit your task text to the Anthropic Claude API for AI-powered classification and structuring.
- What is sent: Only the text content of tasks you submit for AI parsing (title and description). We do not send your name, email, payment information, or other Account data to Anthropic.
- Anthropic's data handling: As of the effective date of this Policy, Anthropic does not retain API inputs to train its models under its standard API terms. We will update this section if Anthropic's material data practices change.
- Your control: Toggle Settings → Privacy → Pause AI Processing at any time to prevent task text being sent to any third-party AI provider. Some AI features will be unavailable while active.
We encourage you not to enter highly sensitive information (e.g. personally identifiable data of third parties, financial credentials, or confidential business information beyond standard sales task descriptions) into AI-processed fields.
8. Data Retention
We do not retain personal data longer than necessary for the purposes for which it was collected.
| Data type | Retention period |
|---|---|
| Account and profile data | Duration of Account + 30 days after deletion request |
| User Content (tasks, tiles, tags) | Duration of Account; deleted within 30 days of Account deletion request |
| Technical and usage data | Up to 12 months from collection, then aggregated or deleted |
| Payment and billing records | 7 years from transaction date (Dutch tax law) — applies even after Account deletion |
| Activity logs | Up to 12 months from creation |
| Encrypted backup copies | Up to 90 days after deletion, then permanently removed |
For questions about specific retention periods, contact support@senaroai.com.
9. Security
We have implemented appropriate technical and organisational measures to protect your personal data, including:
- Encrypted data transmission (TLS/HTTPS) for all communications.
- Encryption of data at rest in our database infrastructure (via Supabase).
- Row-level security (RLS) policies ensuring Users can only access their own data.
- Secure authentication via password hashing and OAuth 2.0 (Google SSO).
- Access controls limiting internal access to authorised personnel only.
No system is completely secure. We cannot guarantee the absolute security of your data. In the event of a personal data breach likely to result in a high risk to your rights and freedoms, we will notify you as required by GDPR Article 34.
You are responsible for maintaining the confidentiality of your Account credentials. Notify us immediately at support@senaroai.com if you suspect unauthorised access.
10. Your Rights Under the GDPR
| Right | Description |
|---|---|
| Access | Request a copy of the personal data we hold about you. |
| Rectification | Request correction of inaccurate or incomplete data. |
| Erasure | Request deletion of your personal data ("right to be forgotten"), subject to legal retention obligations. |
| Data portability | Request a machine-readable copy of your data. In-app: Settings → Privacy → Export My Data for a full JSON export at any time. |
| Restrict processing | Request that we limit how we process your data in certain circumstances. |
| Object | Object to processing based on legitimate interests. To object to AI processing specifically, use Pause AI Processing in Settings. |
| Withdraw consent | Withdraw consent at any time where processing is consent-based, without affecting prior lawful processing. |
How to exercise your rights
Most rights can be exercised directly in the app:
- Export data: Settings → Privacy → Export My Data
- Delete Account: Settings → Privacy → Delete My Account
- Pause AI processing: Settings → Privacy → Pause AI Processing
For rights not available in-app, contact us at support@senaroai.com with subject line "Data Subject Request — [your right]". We respond within 30 days. We may verify your identity before processing the request.
Right to complain: You have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens, autoriteitpersoonsgegevens.nl) or, if you are in another EU member state, with your local supervisory authority. For most questions, contacting us directly at support@senaroai.com is the fastest way to resolve any concerns.
11. International Data Transfers
Senaro AI is based in the Netherlands (EU). Some sub-processors are located in the United States (Supabase, Stripe, Anthropic). Where we transfer personal data outside the EU/EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission. By using the service, you acknowledge that your data may be transferred to and processed in countries outside the EU/EEA under these safeguards.
12. Children's Privacy
The service is not directed at individuals under 18. We do not knowingly collect personal data from children under 18. If we become aware we have inadvertently collected such data, we will delete it promptly. Contact support@senaroai.com if you believe we have collected data from a minor.
13. Links to Third-Party Services
The service may contain links to third-party websites or integrations. This Privacy Policy does not apply to those third-party services. We encourage you to review their privacy policies.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Material changes are notified by email to your registered Account address and/or via an in-app notice at least 30 days before taking effect. Non-material changes (clarifications, corrections) may be published without prior notice. Continued use after the effective date of an updated Policy constitutes acceptance.
15. Contact
Senaro AI (a product of Northcliff AI / Spark GTM Consulting)
Amsterdam, the Netherlands · KvK: 90876385
support@senaroai.com · senaroai.com
This Privacy Policy was last updated: 14 May 2026 — Version 1.0