Privacy

GDPR and European data protection

Senal Ops supports customers' data-protection responsibilities through contractual, technical, and operational controls. This page describes our approach; it is not a certification or a claim that using Senal Ops automatically makes a customer compliant.

Data minimization

Service features are scoped to organization needs, and customers control the operational data and integrations they configure.

Access control

Organization roles, permission overrides, tenant-scoped queries, audit logs, and protected administrative routes limit access.

Credential protection

API keys are hashed and protected integration and recovery credentials are encrypted before storage.

Lifecycle workflows

Organization owners can request export or deletion with audit records, processing status, a deletion grace period, and tombstones.

Recovery controls

Backups use encrypted credentials, scoped artifacts, restore validation, owner-only execution, and recent-session checks.

Incident handling

Operational incident and security processes support investigation, customer communication, and legally required breach notices.

Our GDPR roles

Senal Ops is generally a controller for account, billing, website, security, and customer-relationship data. For telemetry, incident data, alert contacts, backups, and other customer content processed on documented customer instructions, Senal Ops is generally a processor and the customer is the controller.

The exact roles depend on the processing and are defined in the applicable agreement.

Customer contracts

Customers that require GDPR processor terms may request a Data Processing Addendum. Deployment-specific transfer mechanisms, processing details, security measures, and subprocessor terms should be completed as part of that agreement.

Request a DPA

Individual rights requests

Individuals may request access, correction, deletion, restriction, portability, or object to processing when those rights apply. Email [email protected] or use our privacy request form. We verify requests and respond within the period required by applicable law. If a customer controls the data, we will assist that customer or direct the request to it.

Submit a privacy request

Related notices

Review our Privacy Notice, Cookie Notice, subprocessor list, and retention notice for additional details.