Security & Privacy Policy

Effective: April 10, 2026

SenzoStack, a subsidiary of Coach Sensai Inc.

Part 1 — Privacy Policy

1. Who We Are

SenzoStack is a subsidiary of Coach Sensai Inc. We provide AI-augmented engineering operating model services and tooling for software delivery teams. This policy applies to all SenzoStack services, products, and websites.

For questions about this policy, contact us at info@senzostack.com.

2. What Data We Collect

We collect the following categories of data:

  • Contact data — name, email address, company name, and job title provided through forms or direct communication.
  • Delivery metadata — data from integrated tools such as Jira, GitHub, and Slack, including ticket metadata, pull request metadata, and channel activity metadata. This is used exclusively for service delivery.
  • Usage analytics — standard web analytics data such as page views, session duration, and referral source.

3. How We Use Data

We use collected data for:

  • Delivering and improving our services to you.
  • Communicating about your engagement or account.
  • Analyzing aggregate usage patterns to improve our products.

We do not sell your data to third parties. We do not use your data to train AI models without your explicit consent.

4. Data Storage & Retention

All data is stored in the United States.

Integration data (Jira, GitHub, Slack metadata) is retained for the duration of your engagement and deleted within 30 days of termination. Contact data and account information may be retained longer for legal and business purposes unless you request deletion.

5. Data Sharing

We share data only in the following circumstances:

  • Service providers — third-party infrastructure and tooling providers necessary to deliver our services, bound by data processing agreements.
  • Parent company — Coach Sensai Inc., our parent company, for operational and legal purposes.
  • Legal process — when required by law, subpoena, or valid legal process.

6. Your Rights

You have the right to:

  • Request access to the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your data.

To exercise these rights, email info@senzostack.com. We will respond within 30 days.

7. Cookies

We use minimal cookies for basic site analytics. We do not use advertising cookies or third-party tracking cookies.

8. Children

SenzoStack is a business-to-business product. We do not knowingly collect data from individuals under the age of 16. If you believe we have inadvertently collected such data, contact us at info@senzostack.com and we will delete it promptly.

9. Changes to This Policy

We may update this policy from time to time. Material changes will be posted on this page with an updated effective date. Continued use of our services after changes constitutes acceptance of the updated policy.

Part 2 — Security

10. Security Approach

We are an early-stage company and do not currently hold SOC 2, ISO 27001, or equivalent certifications. We are transparent about this.

Security is a foundational priority, not an afterthought. We design our systems with least-privilege access, encryption in transit and at rest, and strict access controls from day one. We are working toward formal certification as the company matures.

11. How Senzo Accesses Your Tools

Our AI agent, Senzo, connects to your engineering tools (Jira, GitHub, Slack, and others) via the Model Context Protocol (MCP). All integrations follow these principles:

  • Least-privilege access — Senzo requests only the minimum permissions required for the specific service being delivered.
  • Read-only by default — unless explicitly scoped otherwise for a specific engagement, Senzo operates in read-only mode.
  • No write, admin, or billing permissions — Senzo never requests or uses write access to production systems, administrative privileges, or billing permissions.

12. Data in Transit

All data transmitted between your systems and ours is encrypted using TLS 1.2 or higher.

13. Data at Rest

All stored data is encrypted at rest using AES-256 encryption.

14. Access Controls

Access to customer data is restricted to SenzoStack personnel who require it for service delivery. All access is logged and auditable. We do not grant blanket access to customer environments.

15. Incident Response

In the event of a security incident that affects your data, we will notify affected customers within 72 hours of confirmation. Notification will include the nature of the incident, the data affected, and the steps we are taking to remediate.

16. Responsible Disclosure

If you discover a security vulnerability in any SenzoStack system, please report it to info@senzostack.com.

  • We will acknowledge receipt within 2 business days.
  • We will provide an initial assessment and resolution timeline within 10 business days.

We appreciate responsible disclosure and will not take legal action against researchers who report vulnerabilities in good faith.

17. Contact

For any questions about this policy, data requests, or security concerns:

Email: info@senzostack.com
Entity: SenzoStack, a subsidiary of Coach Sensai Inc.