Privacy Policy
Please read this privacy policy carefully before using this site
This Privacy policy applies to how the Sensus website (https://sensus.tech/), domains, applications, services, and products processes, collects, uses and transfers personal data of users who use the software products.
Sensus website is owned and operated by Aurora Innovations SLU, legal entity duly registered in Andorra.
Sensus is a software solution designed to operate as a payment orchestration platform that coordinates and manages multiple payment processes and payment service providers, while providing users with a streamlined and transparent payment experience.
This Privacy policy is in line with regulations but not limited to:
- Andorra Qualified Personal Data Protection Law (LQPD, Law 29/2021)
- EU General Data Protection Regulation 2016/679 ("GDPR").
1. Definitions
For the purposes of this Privacy Policy:
- "We", "Us" or "Our" refers to Aurora Innovations SLU, Sensus.
- "Customer" means any natural or legal person that has applied for, and is provided with, our services.
- "User" means any natural or legal person that visits our website or otherwise contacts us, whether or not they become a Customer.
- "End-User" means an individual or entity that initiates a payment to a Customer through the Sensus platform.
- "Authorised User" means any individual who is an employee of a Customer, an affiliate, partner, service provider, or such other person or entity authorised by the Customer to access the Services on its behalf.
- "You" refers collectively to Customers and Users, as applicable, who access our website, services, or products.
2. Data Controller and Processor
- Aurora Innovations SLU acts as a data controller in relation to personal data processed for the operation, security, compliance, and administration of its platform, website, products etc, including user management, access control, fraud prevention, and regulatory obligations.
- Aurora Innovations SLU may act as a data processor where it is appointed as such pursuant to a relevant data processing agreement, processing personal data on behalf of its Customers in the context of providing its IT platform for payment orchestration and related services, and solely in accordance with the Customers' documented instructions.
- In all cases, Aurora Innovations SLU processes personal data in accordance with applicable data protection laws only on the extent required to provision of services and implements appropriate technical and organisational measures to ensure the security and confidentiality of personal data.
The allocation of roles is further detailed as follows:
- (a) Sensus acts as Controller in respect of personal data of Customers, Authorised Users, and Users that we process for our own purposes, including account management, billing, marketing, analytics, security, fraud prevention, and compliance with our own legal obligations. Such processing is governed by this Privacy Policy.
- (b) Sensus acts as Processor in respect of personal data of End-Users that is processed on behalf of a Customer in the course of providing payment orchestration services. In this context, the Customer acts as the data controller and Sensus processes such data solely in accordance with the Customer's documented instructions. Such processing is governed by a separate Data Processing Agreement ("DPA") entered into between the parties, which forms an integral part of the contractual relationship.
- (c) Order of precedence. In the event of any conflict between this Privacy Policy and the DPA regarding the processing of personal data where Sensus acts as Processor, the provisions of the DPA shall prevail.
- (d) Customer responsibilities. Where Sensus acts as Processor, the Customer warrants that it has all necessary legal bases to instruct Sensus to process End-User personal data through the platform, and that it has provided all required notices and obtained all required consents from End-Users.
3. Scope of Application
This Privacy Policy applies to:
- Users and Visitors of our website (https://sensus.tech/);
- Customers who use our services;
- Authorised Users (employees or representatives of Customers accessing the platform);
- End-Users (individuals making payments to Customers through the platform);
- Beneficial owners, directors, and authorised representatives of Customers (for KYB/KYC purposes);
- Any other individuals who interact with us or use our services.
4. What data we process?
We collect the Personal Information of our purchasers, clients, vendors, and other individuals who visit our Website or reach us for specified, explicit purposes only.
We process only the personal data that is necessary for clearly defined purposes and based on appropriate legal grounds and strictly necessary to provide you with the services and process your requests in compliance with all applicable regulations.
The data we collect may include but not be limited to personal and business identification details, contacts, transaction metadata (time, date, amount, currency, network, payment method etc), purpose of transaction, website, dashboard and API usage data (IP address, device and browser information, basic technical data about your visit etc).
We do not knowingly collect or process special categories of personal data, such as data revealing racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health, sex life, or sexual orientation.
5. How We Collect Your Personal Data?
We may obtain Personal Data from a variety of sources, including:
From you:
- When you show interest in our products or services;
- During the onboarding process and throughout your ongoing relationship with us;
- When you log into or navigate our website;
- When you access our products or services online;
- When you use or interact with our products or services;
- When you create content or engage with our products and services;
- When you sign up for newsletters or other communications;
- When you voluntarily participate in surveys or market research;
- When you reach out to us with questions, requests, or to report an issue (via phone, email, social media, or messaging platforms);
- When you provide services to your own clients using our products.
In above cases you may give us your personal information, contacts, account information, payment information, financial information, purchase information, content or other.
Personal Data from Third Parties
We may also collect Personal Data about you from third-party sources, including:
- Device and usage information obtained from third-party services, such as analytics providers (e.g., Google), to understand website and product usage;
- Account and payment information received from users or other third parties, including organizations, associations, or regulatory authorities, for purposes such as fraud prevention, detection, and credit risk management;
- Account, payment, and financial data provided by technical, payment, or financial service providers that support the operation of our products and services.
6. Purpose and Legal Basis for Processing Personal Data
We collect and process your Personal Data to provide, maintain, and improve our products and services, and to ensure a safe and efficient experience.
Key purposes include:
- Delivering and managing products or services, including order fulfillment and account setup;
- Operating, maintaining, and improving our platform, products, and services;
- Providing technical and customer support;
- Communicating with you regarding products, services, or important updates;
- Protecting our rights, the rights of others, and the integrity of our services, including fraud prevention.
Legal basis:
- Processing necessary to perform a contract with you;
- Processing based on legitimate interests such as preventing fraud, and protecting our business;
- Ensuring compliance with legal obligations and responding to regulatory or government requests;
- Consent, where required to initiate services or for specific processing activities. You may withdraw consent at any time, although this may limit access to certain services.
7. Use of Anonymous Information
We may transform personal data into aggregated or anonymised datasets that do not directly identify you, any third party, or any individual ("Aggregated Data"). We may use such Aggregated Data for our legitimate business purposes, including:
- Improve our platform, services, and customer experience;
- Support personalization and targeted content or advertising;
- Detect and prevent fraud;
- Measure affiliate marketing or referral program activity;
- Conduct statistical research and reporting.
We may share such Aggregated Data with trusted service providers, business partners, or other third parties (such as prospective investors or partners), provided that it contains no information that could reasonably be used to identify you or any individual.
8. Children
Our services are designed for and directed to business clients (legal entities) and their authorised representatives. They are not intended for use by individuals under the age of 18 (eighteen). We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us through the form on our website or by email at support@sensus.tech and we will take reasonable steps to delete such data.
11. Third-party websites and external services
Our website, dashboard or communications may contain links to third-party websites, services or content that are not operated by Us.
If you follow such a link, your use of those third-party services will be governed by their own privacy policies and terms, not by this Policy. We are not responsible for the content, security or privacy practices of those third parties.
12. International Data Transfer and Storage
Where possible, we store and process Personal Data on servers located within the European Union or other trusted jurisdictions. However, your Personal Data may sometimes be transferred to, and stored on, servers outside your province, country, or governmental jurisdiction, where data protection laws may differ.
Where Personal Data is transferred outside the European Economic Area (EEA) or Andorra to countries that have not been recognised by the European Commission as providing an adequate level of data protection, we implement appropriate safeguards in accordance with applicable data protection laws, including: (a) Standard Contractual Clauses (SCCs) approved by the European Commission; (b) Adequacy Decisions, where applicable; or (c) Binding Corporate Rules, where applicable. You may request a copy of the safeguards we have in place by contacting us through the form on our website or by email at support@sensus.tech.
13. Retention and Deletion
We will only retain your Personal Data for as long as necessary for the purpose for which that data was collected and to the extent required by applicable law. When we no longer need your Personal Data, we will remove it from our systems and/or take steps to anonymize it.
By way of indication, we generally retain personal data for the following periods:
- Account and onboarding data: 30 days after termination of the contractual relationship (unless a longer period is required by applicable law)
- KYC/KYB documentation: 5 years after the end of the business relationship (minimum statutory period under AML/CFT legislation)
- Transaction records: 5 years from the date of the transaction (minimum statutory period under AML/CFT legislation)
- Marketing data (where based on consent): Until consent is withdrawn or 1 month of inactivity, whichever is earlier
- Website usage data and analytics: Up to 1 month
After the applicable retention period, we will either delete the personal data or anonymise it so that you can no longer be identified.
Where Sensus acts as Processor on behalf of a Customer, the retention, return, and deletion of personal data is further governed by the DPA, including the obligation to return or delete personal data within thirty (30) days of termination of the contractual relationship, subject to statutory retention requirements under AML/CFT and other applicable laws.
14. Automated Decision-Making and Profiling
In the course of providing payment orchestration services, we may use automated processes for purposes such as fraud detection, risk scoring, transaction routing, and compliance screening. These automated processes assist in decision-making but do not solely determine outcomes that produce legal or similarly significant effects on data subjects without human review.
Where an automated decision could produce legal or similarly significant effects on you (for example, account suspension or transaction blocking due to fraud detection), you have the right to: (i) request human review of the decision; (ii) express your point of view; and (iii) contest the decision. To exercise these rights, please contact us through the form on our website or by email at support@sensus.tech.
15. Data Security
We implement appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing, accidental loss, destruction, or damage. These measures include, without limitation: (a) encryption of data in transit (TLS) and at rest; (b) PCI DSS compliance for the handling of payment card data; (c) role-based access controls and multi-factor authentication; (d) regular security audits and penetration testing; (e) staff training on data protection and security; and (f) incident response procedures.
Despite our security measures, no method of transmission over the internet or method of electronic storage is completely secure, and we cannot guarantee absolute security.
16. Data Breach Notification
In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of natural persons, we will notify the competent supervisory authority without undue delay and, where feasible, no later than 72 (seventy-two) hours after becoming aware of the breach.
Where the breach is likely to result in a high risk to the rights and freedoms of natural persons, we will also notify affected data subjects without undue delay, unless an exception applies.
17. Your Rights Regarding Personal Data
Under applicable data protection laws, including the GDPR, you have the following rights in relation to your Personal Data:
- Access: You have the right to request access to the Personal Data we hold about you.
- Correction: You can request that we correct any inaccurate or incomplete Personal Data.
- Erasure: You may request deletion of your Personal Data where processing is no longer necessary or lawful.
- Restriction of Processing: You have the right to request that we limit the processing of your Personal Data in certain circumstances.
- Data Portability: You can request a copy of your Personal Data in a structured, commonly used, and machine-readable format.
- Objection: You have the right to object to certain types of processing, including direct marketing. To opt out of marketing communications, you may use the unsubscribe link included in our marketing emails, adjust your communication preferences in your account dashboard, or contact us through the form on our website or by email at support@sensus.tech. We will action your request without undue delay and at no charge.
- Withdrawal of Consent: Where processing is based on your consent, you can withdraw your consent at any time.
- Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority if you believe your rights are not being respected. In Andorra, the competent authority is the Andorran Data Protection Agency (Agència Andorrana de Protecció de Dades, APDA), https://www.apda.ad. If you reside in the European Economic Area, you may also lodge a complaint with the supervisory authority of your country of residence.
18. How to Exercise Your Rights
You can make a request to exercise any of these rights in relation to your Personal Data by contacting us through the form on our website or by email at support@sensus.tech. We will respond to your request within one (1) month of receipt. This period may be extended by a further two (2) months where necessary, taking into account the complexity and number of requests, in which case we will inform you of any such extension within one month.
For your own privacy and security, at our discretion, we may require you to prove your identity before providing the requested information.
19. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Any changes will be posted on this website, and the revised Policy will take effect immediately upon posting unless otherwise stated. When using our services, you may be asked to review and accept the updated Privacy Policy. This allows us to record your acceptance and notify you of any material changes in the future.

