Privacy Notice & Data Policy
Brightside Enterprises Limited (company number 12265340) trading as Sentrama
This document explains how we collect, use, share and protect personal data when you visit our website (sentrama.com) and when you use the Sentrama self-serve platform (the "Platform").
We are committed to complying with applicable data protection laws, including the UK GDPR and the UK Data Protection Act 2018. Where our processing activities are subject to the EU GDPR, we will also comply with the EU GDPR.
Contents
Section 1: Website Privacy Notice
- 1.1 Who we are
- 1.2 How to contact us
- 1.3 Personal data we collect
- 1.4 Where we get your data from
- 1.5 How we use your data
- 1.6 Marketing preferences
- 1.7 Indirect collection
- 1.8 Cookies
- 1.9 Sharing your data
- 1.10 International transfers
- 1.11 Data retention
- 1.12 Your rights
- 1.13 Security
- 1.14 Third-party links
- 1.15 Changes to this notice
- 1.16 Complaints
Section 2: Platform Privacy & Data Policy
- 2.1 Roles and definitions
- 2.2 What data we collect
- 2.3 How we use the data
- 2.4 Sharing and recipients
- 2.5 International transfers
- 2.6 Security
- 2.7 Data retention
- 2.8 Rights and choices
- 2.9 Data protection features
- 2.10 EU representative
- 2.11 Changes to this policy
- 2.12 Contact
1. Website Privacy Notice
This section applies to visitors to sentrama.com and to individuals who contact us directly (for example, to request a demo, ask a question, or receive product updates).
1.1 Who we are
Sentrama is the trading name of Brightside Enterprises Limited (company number 12265340), registered at Unit 3, Temple Campus, Temple Gate, Bristol, England, BS1 6QA ("Sentrama", "we", "us", "our").
1.2 How to contact us
If you have questions about this notice or want to exercise your rights, contact us at hello@sentrama.com or write to us at the address above. We may need to verify your identity before responding to certain requests.
1.3 Personal data we collect
Depending on how you interact with us, we may collect the following categories of personal data:
- Contact information: name, business email address, phone number, company name, job title and any other information you choose to provide.
- Communications: records of emails, calls or other communications with you (for example, support or sales conversations).
- Website and device information: technical information such as IP address, browser type, device information, referral source and pages viewed.
- Customer account information: information needed to create and manage your account and billing relationship. Platform-specific data is described in Section 2.
1.4 Where we get your data from
We collect personal data directly from you (for example, when you complete a form or email us). In some B2B contexts we may also obtain business contact details from reputable third-party sources or public sources (see Section 1.7).
1.5 How we use your data and our lawful bases
We use personal data only when we have a lawful basis to do so. The main purposes and lawful bases are:
Operating, protecting and improving our website
We process technical and security information to run our website, keep it secure, prevent abuse and diagnose issues.
Lawful basis: legitimate interests (running a secure and effective website)
Analytics and non-essential cookies
Where we use analytics or similar non-essential technologies, we do so only with your consent through our cookie banner/settings.
Lawful basis: consent (you can withdraw consent at any time)
Responding to enquiries and providing services
If you request information, book a demo, or become a customer, we use your details to communicate with you and provide the services you request.
Lawful basis: taking steps at your request prior to a contract and/or performance of a contract
Marketing communications
We may send product updates and marketing communications. Where required by law, we will send marketing by email/SMS only where you have consented or where an applicable soft opt-in applies.
Lawful basis: consent and/or legitimate interests (promoting our services)
Compliance and legal obligations
We may process personal data to comply with legal obligations and to establish, exercise or defend legal claims.
Lawful basis: legal obligation and/or legitimate interests
1.6 Marketing preferences and opt-out
You can opt out of direct marketing at any time:
- Use the unsubscribe link in our marketing emails (where included).
- Email us at hello@sentrama.com and tell us what you want to stop receiving.
If you opt out, we will keep a minimal record of your contact details on a suppression list to make sure we respect your request. We do not use suppression lists for any other purpose.
1.7 Indirect collection (B2B lead generation)
Where we obtain business contact details from third-party sources rather than directly from you, we will provide appropriate privacy information at the first point of contact or within a reasonable period, in line with applicable law. This will include the source of the data (where permitted), the purposes of processing, the lawful basis and how to object to marketing.
1.8 Cookies and similar technologies
We use cookies and similar technologies to make our website work and (where you choose) to help us understand how it is used.
- Essential cookies are required for the website to function and cannot be switched off in our systems.
- Non-essential cookies (for example, analytics) are used only if you consent via our cookie banner/settings.
- You can change or withdraw your cookie preferences at any time using our cookie controls on the website.
1.9 Sharing your data
We do not sell your personal data. We may share personal data with:
- Service providers who help us operate our business (for example, hosting, analytics, scheduling, email delivery, customer relationship management and payment processing). These providers act as processors under our instructions and are bound by contractual obligations to protect your data.
- Professional advisers (such as lawyers, auditors or insurers) where necessary for our legitimate business purposes.
- Authorities where required by law, or where necessary to protect our rights, safety or property.
- Successor organisations in the event of a merger, acquisition or sale of assets (we will provide appropriate notice where required).
1.10 International transfers
We are based in the United Kingdom. Some of our suppliers may process personal data outside the UK and/or the European Economic Area (EEA). Where a transfer is restricted under applicable data protection law, we use appropriate safeguards such as:
- UK adequacy regulations (where applicable).
- The UK International Data Transfer Agreement (IDTA) and/or the UK Addendum to the EU Standard Contractual Clauses (SCCs).
- Additional technical and organisational measures where required (for example, encryption and data minimisation).
You can contact us at hello@sentrama.com for more information about safeguards that apply to a particular transfer.
1.11 Data retention
We keep personal data only for as long as necessary for the purposes described in this notice, including to meet legal, accounting or reporting requirements. Retention depends on the context; typical examples include:
- Enquiries: If you contact us but do not become a customer, we typically retain relevant correspondence and contact details for up to 12 months from our last interaction.
- Customer relationship: If you become a customer, we retain account and contract-related records during the relationship and for a period afterwards. Financial and tax records are typically retained for up to 6 years.
- Website security logs: We retain security and server logs for a limited period and then delete or aggregate them.
- Suppression lists: If you opt out of marketing, we keep a minimal record of your details on a suppression list for as long as needed to respect your opt-out.
1.12 Your rights
Depending on your location and the applicable law, you may have the right to:
- Request access to your personal data
- Request correction of inaccurate or incomplete data
- Request deletion of your personal data
- Request restriction of processing
- Request data portability
- Object to processing based on legitimate interests
- Withdraw consent at any time where we rely on consent
To exercise your rights, contact us at hello@sentrama.com. We aim to respond within one month.
1.13 Security
We implement appropriate technical and organisational measures to protect personal data, including encryption in transit, access controls, secure hosting and monitoring. No system is completely secure; if a personal data breach occurs that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant regulator where required.
1.14 Third-party links
Our website may contain links to third-party websites. Those websites have their own privacy notices and we are not responsible for their practices.
1.15 Changes to this notice
We may update this notice from time to time. We will publish the updated version on our website and update the "Last updated" date. This notice was last updated on 2 February 2026.
1.16 Complaints
If you are unhappy with how we handle your personal data, please contact us first so we can try to resolve your concerns. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO). If you are located in the EEA, you may also have the right to complain to your local supervisory authority.
2. Platform Privacy & Data Policy
This section describes how we process personal data within the Sentrama self-serve platform (the "Platform"). It applies to customer administrators and authorised users of customer accounts, and it also explains how we handle data that customers upload to the Platform.
2.1 Roles and definitions
For the purposes of this Platform policy:
Customer account data
Personal data about customer users and account administrators (for example, names, business contact details, billing details and Platform usage logs). For this data, Sentrama acts as a controller.
Uploaded contact data
Personal data that a customer uploads or inputs into the Platform for use in their campaigns (for example, business contact details for leads). For this data, the customer is the controller and Sentrama acts as a processor.
Data sourcing/enrichment data
Business contact details obtained via optional data sourcing or enrichment features. Depending on the feature and context, Sentrama may act as a controller for the initial provision of that data and the customer may become a controller for their subsequent use.
2.2 What data we collect
2.2.1 Customer account data (controller)
When you register for and use the Platform, we may collect:
- Profile information: name, email address, phone number, job title, company name and other business contact details.
- Authentication data: login credentials (passwords are stored in hashed form) and account security information.
- Billing information: subscription plan, invoices and payment-related identifiers. Payment card details are handled by our payment processor.
- Communications: support tickets, emails or chat messages with you.
- Usage and device data: login timestamps, IP address, user actions within the Platform, and device/browser information.
2.2.2 Uploaded contact data (processor)
When you upload or input data into the Platform, it typically includes business contact details such as names, phone numbers, email addresses, job titles and company information for your leads or customers. During campaign execution, the Platform also generates campaign outcome data associated with those records.
Important: Please do not upload special category data (for example, health information, political opinions, biometrics, or national identification numbers) or other sensitive information unless you have a clear lawful basis and the Platform has been specifically configured to handle it.
2.2.3 Data sourced via third parties (optional features)
If you enable data sourcing or enrichment features, we may retrieve business contact information from third-party providers and licensed/public sources. The data returned may include names, business email addresses, telephone numbers and job roles.
2.3 How we use the data
2.3.1 Customer account data (controller)
- Providing the Platform (contract): Creating and administering accounts, authenticating users, providing features and customer support.
- Billing and administration: Processing subscriptions, invoices and record keeping.
- Improving the Platform: Analysing aggregated usage information to improve functionality, reliability and user experience.
- Security and fraud prevention: Monitoring for suspicious activity, enforcing our terms and protecting our systems and users.
2.3.2 Uploaded contact data (processor)
We process uploaded contact data strictly to provide the Platform features requested by the customer, including:
- Storing and organising uploaded records within the customer account.
- Executing customer campaigns and recording outcomes against the relevant records.
- Applying customer-configured suppression rules and maintaining campaign-level suppression.
- Providing reporting, filtering and export tools to help customers manage outcomes and results.
Note: We do not use a customer's uploaded contact lists for our own independent marketing purposes, and we do not share one customer's uploaded data with other customers.
2.4 Sharing and recipients
2.4.1 Access within Sentrama
Access to personal data is restricted to personnel who need it for their role (for example, support and engineering). Access is subject to confidentiality obligations and appropriate access controls.
2.4.2 Sub-processors
We use third-party service providers (sub-processors) to operate the Platform. Depending on your configuration, these may include:
- Telephony and communications providers (for example, Twilio or similar)
- Hosting and infrastructure providers (for example, AWS, Azure or similar)
- Payment processors (for example, Stripe or similar)
- Email and customer messaging providers
- Analytics tools (where enabled)
We maintain an up-to-date list of our key sub-processors. You can request the current list by emailing hello@sentrama.com.
2.4.3 Legal requirements and business transfers
We may disclose personal data where required by law or in connection with a business transaction such as a merger, acquisition or sale of assets.
2.5 International transfers
International transfers for Platform data follow the approach described in Section 1.10. Where a transfer is restricted, we use UK adequacy regulations and/or contractual safeguards such as the UK IDTA or UK Addendum to the EU SCCs, and we apply additional measures where needed.
2.6 Security
We implement appropriate technical and organisational measures designed to protect Platform data, including:
- Encryption in transit (TLS) and at rest
- Role-based access controls and MFA
- Logging and monitoring for security events
- Regular patching and vulnerability management
2.7 Data retention
We retain Platform data for different periods depending on the category and purpose:
- Customer account data: Retained for as long as the account is active. After account closure, we delete or anonymise account data within a reasonable period.
- Uploaded contact data: Retained in accordance with the customer's instructions and account settings. Customers can delete campaigns or contacts within the Platform.
- Backups: Encrypted backups are retained for a limited period and then overwritten. Deleted data may remain in backups but is only accessed for disaster recovery.
We may retain anonymised and aggregated data (which does not identify individuals) for longer periods for statistical analysis and service improvement.
2.8 Rights and choices
2.8.1 Rights of customer users (account data)
Customer users have rights over their own customer account data (for example, access, correction and deletion) as described in Section 1.12. You can contact us at hello@sentrama.com to exercise these rights.
2.8.2 Rights of individuals in uploaded contact data
If an individual whose data is included in a customer's uploaded contact data contacts Sentrama to exercise their rights, we will generally refer them to the relevant customer (as controller) where appropriate. We will assist customers in responding to valid requests as required by law.
2.9 Data protection support features
The Platform includes features intended to support customers' data protection obligations. Depending on the plan and configuration, these may include:
- Legitimate interests documentation: Prompts and fields to help customers record their rationale for processing.
- Opt-out and suppression management: Tools to record and apply do-not-contact requests within a customer account.
- Accountability documentation: This policy and our terms provide information about our processor obligations.
- Security and DPIA support: We can provide information about our security measures to support customers completing their own assessments.
Customers remain responsible for ensuring they have an appropriate lawful basis for their processing and for complying with applicable direct marketing and privacy rules.
2.10 EU representative (if applicable)
If we are required to appoint an EU representative under Article 27 of the EU GDPR, we will publish the representative's contact details here or provide them on request.
2.11 Changes to this policy
We may update this Platform policy from time to time. We will publish the updated version and update the "Last updated" date. This policy was last updated on 2 February 2026.
2.12 Contact
If you have any questions about this Platform policy or our data practices, please get in touch:
hello@sentrama.com
Brightside Enterprises Limited (Sentrama)
Unit 3, Temple Campus, Temple Gate, Bristol, BS1 6QA, United Kingdom
