Privacy Policy

1. Who We Are

Sentia Technologies Limited is a technology company registered in Nigeria and operating from the United Kingdom. We provide cybersecurity, cloud infrastructure, digital transformation services, and a security platform to businesses and individuals.

Data Controller: Sentia Technologies Limited
Contact: info@sentiatechnologieslimited.com

2. What Personal Data We Collect

Website visitors

• IP address (captured automatically by our web server for security monitoring)
• Browser type and operating system (from server logs)
• Pages visited and time of visit
• Referral source (how you found our website)

Contact and enquiry forms

• Full name
• Email address
• Phone number (if provided)
• Business name and description
• Message content

Portal account holders

• Full name and email address
• Encrypted password (we never store passwords in plain text)
• Account type (Business Client or Research)
• IP address at time of login, signup, and other authentication events
• Timestamps of all account activity
• Uploaded files and scan results (for research account holders)

3. Why We Collect Your Data (Legal Basis)

• Contract performance — to provide the services you have requested or signed up for
• Legitimate interests — to protect our platform from fraud, abuse, and security threats through IP logging and authentication monitoring
• Consent — for non-essential cookies and marketing communications, where you have given explicit consent
• Legal obligation — where we are required to retain records by law

4. How We Use Your Data

• To respond to enquiries and provide requested services
• To create and manage your portal account
• To send account verification and password reset emails
• To send onboarding and service communications
• To monitor and protect our platform against unauthorised access and brute-force attacks
• To improve our website and services
• To comply with legal and regulatory obligations

5. Who We Share Your Data With

We do not sell your personal data. We share data only with the following third parties where necessary to deliver our services:

• Amazon Web Services (AWS) — our portal is hosted on AWS EC2 infrastructure in the EU (eu-north-1 region). AWS processes data on our behalf under a Data Processing Agreement.
• Microsoft (Microsoft Graph API) — we use Microsoft's email service to send transactional emails (verification codes, password resets, onboarding emails). Microsoft processes email data on our behalf.
• Netlify — our main website is hosted on Netlify. Contact form submissions are processed by Netlify Forms.

All third-party processors are required to handle your data securely and in accordance with applicable data protection law.

6. How Long We Keep Your Data

• Website server logs — retained for 90 days then deleted
• Contact form submissions — retained for 2 years or until the enquiry is resolved
• Portal accounts — retained for the duration of your account plus 12 months after closure
• Authentication audit logs — retained for 12 months for security purposes
• Scan history and uploaded files — retained for the duration of your account

7. Cookies

Our website uses the following types of cookies:

• Essential cookies — required for the website to function. These cannot be disabled.
• Functional cookies — remember your preferences (such as cookie consent choice).
• Third-party cookies — Google Fonts loads typefaces from Google's servers. This may set cookies from Google. We ask for your consent before loading these.

You can withdraw your cookie consent at any time by clearing your browser cookies and revisiting our site.

8. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

• Right of access — request a copy of the personal data we hold about you
• Right to rectification — request correction of inaccurate data
• Right to erasure — request deletion of your data (the right to be forgotten)
• Right to restrict processing — request that we limit how we use your data
• Right to data portability — request your data in a portable format
• Right to object — object to processing based on legitimate interests
• Right to withdraw consent — where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, contact us at info@sentiatechnologieslimited.com. We will respond within 30 days.

9. Data Security

We take the security of your personal data seriously. Our security measures include:

• All passwords are hashed using PBKDF2-SHA256 with 200,000 iterations. We never store plain-text passwords.
• All data in transit is encrypted using HTTPS/TLS.
• Our portal implements brute-force lockout protection after repeated failed login attempts.
• Authentication events are logged with timestamps and IP addresses for security monitoring.
• Access to administrative functions is restricted to authorised personnel only.

10. International Data Transfers

Your data may be processed outside the UK by our third-party service providers (AWS, Microsoft). Where this occurs, we ensure appropriate safeguards are in place, including Standard Contractual Clauses or adequacy decisions recognised under UK law.

11. Children's Privacy

Our services are not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of significant changes by email. The date at the top of this page shows when it was last updated. Continued use of our services after changes constitutes acceptance of the updated policy.

13. Complaints

If you are unhappy with how we handle your personal data, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

• Website: ico.org.uk
• Phone: 0303 123 1113

We would appreciate the opportunity to address your concerns before you contact the ICO, so please contact us first.

14. Contact Us