Privacy
GDPR and European data protection
Senal Ops supports customers' data-protection responsibilities through contractual, technical, and operational controls. This page describes our approach; it is not a certification or a claim that using Senal Ops automatically makes a customer compliant.
Data minimization
Service features are scoped to organization needs, and customers control the operational data and integrations they configure.
Access control
Organization roles, permission overrides, tenant-scoped queries, audit logs, and protected administrative routes limit access.
Credential protection
API keys are hashed and protected integration and recovery credentials are encrypted before storage.
Lifecycle workflows
Organization owners can request export or deletion with audit records, processing status, a deletion grace period, and tombstones.
Recovery controls
Backups use encrypted credentials, scoped artifacts, restore validation, owner-only execution, and recent-session checks.
Incident handling
Operational incident and security processes support investigation, customer communication, and legally required breach notices.
Our GDPR roles
Senal Ops is generally a controller for account, billing, website, security, and customer-relationship data. For telemetry, incident data, alert contacts, backups, and other customer content processed on documented customer instructions, Senal Ops is generally a processor and the customer is the controller.
The exact roles depend on the processing and are defined in the applicable agreement.
Customer contracts
Customers that require GDPR processor terms may request a Data Processing Addendum. Deployment-specific transfer mechanisms, processing details, security measures, and subprocessor terms should be completed as part of that agreement.
Request a DPAIndividual rights requests
Individuals may request access, correction, deletion, restriction, portability, or object to processing when those rights apply. Email [email protected] or use our privacy request form. We verify requests and respond within the period required by applicable law. If a customer controls the data, we will assist that customer or direct the request to it.
Submit a privacy requestRelated notices
Review our Privacy Notice, Cookie Notice, subprocessor list, and retention notice for additional details.