Privacy Policy

Who we are

Kensai Technologies, Ltd operates kensai.ai, a market expansion intelligence platform for regulated consumer products. We are headquartered at 71–75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ.

For all privacy matters: hello@kensai.ai.

What we collect

From website visitors

IP address, browser/device info, pages viewed, referring URL, approximate location derived from IP, and session activity. Collected automatically via cookies and analytics tools.

From enquiries and client contacts

Name, email address, phone number (if provided), and company name.

Where we obtain your contact details from public professional sources (e.g. LinkedIn), we do so on the basis of our legitimate interest in B2B outreach, in line with Art. 14 GDPR. You may object at any time.

From clients

Product portfolios and formulations shared during engagements are confidential business information and are governed by your service contract. We do not seek or process special-category data (e.g. health data about you).

From platform users

Account details (name, work email, role), authentication data, and usage/audit logs generated while using the platform, processed under our contract with the client.

How we use it

Operate and improve our website and platform
Respond to enquiries and deliver services
Marketing communications upon consent (future)
Comply with legal obligations
Share technical notices, updates, and support messages
Monitor and analyse trends and usage

We do not use personal data for automated decision-making.

Cookies

We operate Google Consent Mode so analytics tags respect your choice.

Non-essential cookies are set only after you consent; you can withdraw anytime via Cookie settings.

Who we share it with

We do not sell personal data. We share it only with service providers acting on our instructions under Article 28 data-processing agreements:

Hosting & database: Google Cloud Platform (Cloud Run, Cloud SQL, Cloud Storage, Cloud Logging), EU region; Microsoft Azure.
AI processing: Anthropic (Claude) and Microsoft Azure OpenAI; and, where used, OpenAI and OpenRouter (in each case, inputs are not used to train models).
Analytics & monitoring: PostHog (analytics), Google Analytics 4 (analytics), Sentry (error monitoring), and Langfuse / Pydantic Logfire (AI monitoring).
Email: Resend.
Sign-in & productivity: Google Workspace and, for single sign-on, Google.

We may also disclose data where required by law or as part of a merger, acquisition or asset sale.

Storage and retention

Data is stored on servers in the EU/UK regions, with some sub-processor support functions in the US. Where data is transferred to the US, we rely on the EU–US DPF and its UK Extension for certified providers, and on EU SCCs together with the UK IDTA/Addendum (with a transfer risk assessment) otherwise.

We retain prospect/enquiry data while it has enquiry/prospect value, up to 24 months from last contact.

On expiry of the retention period, or on a valid erasure request, we delete or anonymise the data.

Your rights

Under UK GDPR and EU GDPR, you have the right to access, correct, delete, restrict, or port your personal data, and to object to processing. To exercise any right, contact hello@kensai.ai. We will respond within 30 days at no charge.

If you are unsatisfied, you may complain to the UK Information Commissioner's Office (ico.org.uk) or your national data protection authority.

Security

We apply appropriate technical and organisational safeguards. No internet transmission is entirely secure; we will notify the relevant authority and affected individuals of any breach as required by law.

Children

Our services are for users aged 18 and over. We do not knowingly collect data from minors. Contact us to request deletion if you believe this has occurred.

Updates

We may update this policy periodically. The "Last updated" date at the top reflects the most recent revision.