HomeOrsentim

Privacy Policy

Last Updated: April 29, 2026

1. Introduction

This Privacy Policy (“Policy”) describes how TwoSensus LLC, a Florida limited liability company doing business as “Orsentim” (“Orsentim,” “we,” “us,” or “our”), collects, uses, discloses, and protects information when you access or use Portal, our multi-tenant analytics software-as-a-service product available at portal.orsentim.com (the “Service”), our marketing website at orsentim.com, and any related products, features, or services we provide (collectively, the “Services”).

By using the Services, you acknowledge that you have read and understand this Policy. If you do not agree with this Policy, please do not use the Services.

2. Who We Are

  • Legal entity: TwoSensus LLC (Florida LLC), doing business as “Orsentim”
  • Mailing address: 3222 Bryant Park Drive, New Port Richey, FL 34655, United States
  • Contact: privacy@orsentim.com
  • Data controller: For account, billing, and marketing data, Orsentim acts as the data controller. For data uploaded, connected, or otherwise processed on behalf of customer organizations through the Service (“Customer Data”), Orsentim acts as a data processor or service provider on behalf of the customer organization, which is the controller.

3. Scope

This Policy applies to:

  1. The Portal application at portal.orsentim.com and any subdomains.
  2. The Orsentim marketing website at orsentim.com.
  3. Email, support channels, and other communications between you and Orsentim.
  4. Any feature delivered through the Services, including embedded reports, the invoicing module, and Portal AI features (where available).

This Policy does not apply to third-party websites, applications, or services that integrate with or are linked from the Services. Those third parties have their own privacy policies, which we encourage you to review.

4. Information We Collect

We collect information in the following categories.

4.1 Account Information

When you create an account or are invited by an administrator, we collect:

  • Full name
  • Email address
  • Password (stored only as a salted cryptographic hash; we never store plaintext passwords)
  • Organization or workspace identifiers
  • Role and permissions assigned within your workspace
  • Profile photo (optional)

4.2 Google Account Data (via Google OAuth)

If you sign in with Google, we receive limited profile information from Google based on the OAuth scopes you authorize. The scopes we currently request are:

  • openid — to authenticate you using OpenID Connect.
  • https://www.googleapis.com/auth/userinfo.email — your primary Google email address, used to identify and create your Portal account.
  • https://www.googleapis.com/auth/userinfo.profile — your name and profile picture, used to populate your Portal profile.

We do not request access to Gmail content, Google Drive files, Calendar, Contacts, or any other restricted-scope Google API data unless explicitly disclosed and re-consented to by you in connection with a specific feature.

We never receive your Google account password.

4.3 Usage Data

When you use the Services, we automatically collect:

  • IP address and approximate geographic region (city/country level)
  • Device and browser type, operating system, screen resolution
  • Pages visited, features used, and timestamps
  • Referring URLs and exit pages
  • Performance and error logs
  • Authentication events (sign-in, sign-out, failed attempts)
  • Audit log records of administrative actions taken within your workspace

4.4 Customer Data

In delivering the Services, we process data that you, your organization, or your administrators upload to or connect with the Service, including:

  • Data sources and connections to Microsoft Power BI, Microsoft Fabric, and other analytics platforms
  • Reports, dashboards, and visualizations rendered through embedded analytics
  • User membership and access information for your workspace
  • Records used by the invoicing module
  • Inputs and outputs of Portal AI features (when used)

For Customer Data, we act as a processor or service provider on behalf of your organization. We process Customer Data only as instructed by your organization and in accordance with our agreement with that organization.

4.5 Payment Information

Subscription payments are processed by Stripe, Inc. (“Stripe”). Stripe collects and stores your full payment card details. We receive only:

  • Billing name and email
  • Country and postal code
  • Last four digits and brand of the card
  • Subscription, invoice, and payment status metadata

We do not store full payment card numbers, CVV codes, or full bank account details on our servers. Stripe’s privacy practices are governed by Stripe’s Privacy Policy.

4.6 Communications

When you contact us for support, sales, or feedback, we collect the contents of your messages, your contact details, and any attachments you choose to send.

4.7 Cookies and Similar Technologies

We use cookies, local storage, and similar technologies to:

  • Keep you signed in (session cookies)
  • Remember your preferences
  • Measure usage and improve the Services (analytics cookies)
  • Protect the Services against fraud and abuse

You can control cookies through your browser settings. Disabling cookies may impact functionality, including your ability to remain signed in.

5. How We Use Information

We use the information we collect to:

  1. Provide and operate the Services — authenticate users, render reports, route requests to your data sources, deliver invoicing features, and serve Portal AI responses where enabled.
  2. Manage your account — create your profile, manage memberships, enforce role-based access controls.
  3. Process payments — manage subscriptions, send invoices and receipts, handle renewals and cancellations through Stripe.
  4. Provide customer support — respond to questions, troubleshoot issues, and communicate about service changes.
  5. Maintain security — detect, investigate, and prevent fraud, abuse, unauthorized access, and other malicious activity.
  6. Improve the Services — analyze aggregated usage to improve performance, reliability, and feature design. Where possible, we use aggregated or de-identified data for these purposes.
  7. Comply with legal obligations — respond to lawful requests, enforce our agreements, and meet tax, accounting, and audit requirements.
  8. Communicate with you — send transactional emails (account, billing, security), product updates, and, where permitted, marketing communications you can opt out of at any time.

We do not use Customer Data to train general-purpose machine learning models or for any purpose unrelated to delivering the Services.

6. Google API User Data — Limited Use Disclosure

Orsentim’s use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, with respect to data obtained from Google APIs (including the OAuth scopes listed in Section 4.2):

  1. We use Google user data only to provide and improve user-facing features of the Services that are prominent in the user interface — specifically, to authenticate the user, populate the user’s Portal profile, and verify identity for sign-in.
  2. We do not use Google user data to serve advertisements of any kind, including retargeting, personalized, or interest-based advertising.
  3. We do not sell, rent, lease, or otherwise transfer Google user data to data brokers, information resellers, or any other third party for advertising or independent purposes.
  4. We do not allow humans to read Google user data, except: (a) with your explicit, opt-in consent for specific messages; (b) when necessary for security purposes, such as investigating abuse; (c) to comply with applicable law; or (d) where the data has been aggregated and de-identified and is used for internal operations.
  5. We do not transfer Google user data except as necessary to provide or improve user-facing features that are prominent in the Services, to comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to users.

If you wish to revoke Orsentim’s access to your Google account data, you may do so at any time by visiting https://myaccount.google.com/permissions.

7. How We Share Information

We share information only as described below. We do not sell personal information.

7.1 Service Providers (Subprocessors)

We share information with vendors that help us run the Services. These vendors are bound by contractual obligations to protect data and use it only for the purposes we authorize. Categories include:

  • Cloud hosting and infrastructure (e.g., Google Cloud Run, Supabase) — to host the application, databases, and back-end services.
  • Authentication providers (e.g., Google) — to enable sign-in.
  • Analytics platform integrations (e.g., Microsoft Power BI, Microsoft Fabric) — to render embedded reports and connect to your data sources at your direction.
  • Payment processing (Stripe) — to handle subscription billing.
  • Email and transactional messaging (e.g., Resend) — to deliver account, billing, and support communications.
  • Error monitoring and product analytics — to detect bugs and understand usage patterns.
  • Customer support tooling — to manage support tickets and conversations.

A current list of subprocessors is available on request to privacy@orsentim.com.

7.2 Within Your Organization

If you use Portal as part of an organization, your administrators and other members may have access to information about your account, activity, and content within that workspace, in accordance with the roles and permissions configured by your administrators.

7.3 Legal and Safety

We may disclose information when we believe in good faith that disclosure is necessary to:

  • Comply with applicable law, regulation, legal process, or governmental request.
  • Enforce our Terms of Service or other agreements.
  • Detect, prevent, or address fraud, security, or technical issues.
  • Protect the rights, property, or safety of Orsentim, our users, or the public.

7.4 Business Transfers

If Orsentim is involved in a merger, acquisition, financing, reorganization, or sale of assets, information may be transferred to the relevant party as part of that transaction. We will notify affected users and ensure continuity of the protections in this Policy.

7.5 With Your Consent

We may share information for other purposes with your consent or at your direction.

7.6 No Sale of Personal Information

We do not sell personal information as the term “sale” is defined under the California Consumer Privacy Act (CCPA/CPRA) or any comparable state privacy law. We also do not “share” personal information for cross-context behavioral advertising.

8. Data Retention

We retain personal information only for as long as is necessary for the purposes described in this Policy.

  • Account data: retained while your account is active and for up to 90 days after account closure, after which it is deleted or de-identified, except where retention is required by law (e.g., tax records).
  • Customer Data: retained as instructed by the customer organization. On termination of the customer’s subscription, Customer Data is generally deleted within 30 days, subject to any longer retention required by law or specifically agreed in a customer agreement.
  • Billing records: retained for at least 7 years to comply with accounting and tax obligations.
  • Logs and security records: retained typically for 30 to 365 days, depending on the type of log.
  • Backups: may persist for a limited additional period in encrypted backup storage before being overwritten.

You or your administrator may request earlier deletion at privacy@orsentim.com, subject to legal retention obligations.

9. Your Rights and Choices

Depending on your location, you may have rights regarding your personal information, including:

  • Right to access — request a copy of the personal information we hold about you.
  • Right to correct — request that inaccurate or incomplete information be corrected.
  • Right to delete — request deletion of personal information, subject to legal exceptions.
  • Right to portability — request a copy of your information in a structured, commonly used, machine-readable format.
  • Right to restrict or object — restrict or object to certain processing.
  • Right to withdraw consent — withdraw consent where processing is based on consent.
  • Right to non-discrimination — exercise these rights without retaliatory or discriminatory treatment (CCPA/CPRA).
  • Right to opt out of sale or sharing — even though we do not sell or share personal information for cross-context behavioral advertising, you may submit such a request and we will confirm our practices.

To exercise any of these rights, contact us at privacy@orsentim.com. We will verify your identity before fulfilling a request, and we will respond within the time period required by applicable law (typically 30–45 days).

If you are an end user of a customer organization’s workspace, please direct rights requests concerning Customer Data to that organization, which is the controller of that data. We will support our customers in responding to such requests.

You may also lodge a complaint with a competent supervisory authority. EU/UK users may contact their national data protection authority. California users may contact the California Privacy Protection Agency or California Attorney General.

10. Children's Privacy

The Services are not directed to children under 13 (or under 16 in the European Economic Area and the United Kingdom). We do not knowingly collect personal information from children. If we learn that we have collected such information, we will promptly delete it. If you believe a child has provided personal information to us, please contact privacy@orsentim.com.

11. Security

We use administrative, technical, and physical safeguards designed to protect personal information, including:

  • Encryption in transit using TLS for all client–server communications.
  • Encryption at rest for stored data and database backups.
  • Hashed passwords using industry-standard salted hashing algorithms.
  • Role-based access control within the application.
  • Least-privilege access for employees and contractors, audited periodically.
  • Logging and monitoring of administrative and security-relevant events.
  • Vendor due diligence for material subprocessors.

No method of transmission or storage is 100% secure. While we work to protect your information, we cannot guarantee absolute security. If we become aware of a security incident affecting your personal information, we will notify you and applicable regulators in accordance with applicable law.

12. International Users and Cross-Border Transfers

Orsentim is based in the United States, and our infrastructure and personnel are primarily located in the United States. If you access the Services from outside the United States, your information will be transferred to, stored, and processed in the United States and other jurisdictions where our service providers operate. These jurisdictions may have data protection laws that differ from those in your country.

For transfers of personal data from the European Economic Area, the United Kingdom, or Switzerland, we rely on appropriate safeguards, including the European Commission’s Standard Contractual Clauses and equivalent UK and Swiss mechanisms, where applicable.

By using the Services, you acknowledge and consent to such cross-border transfers, where consent is a permissible legal basis.

13. California Privacy Notice

This section provides additional information for California residents under the CCPA/CPRA.

  • Categories of personal information collected in the past 12 months: identifiers (name, email, account ID, IP address); commercial information (subscription, billing data); internet or other electronic activity (usage and log data); professional or employment-related information (where provided); and inferences drawn from the above for service operation.
  • Sources of information: directly from you; from your organization or administrators; automatically through your use of the Services; from authentication and payment providers.
  • Business purposes are described in Section 5.
  • Categories of recipients are described in Section 7.
  • Sale or sharing: we do not sell personal information and do not share personal information for cross-context behavioral advertising.
  • Retention: described in Section 8.
  • Sensitive personal information: we do not use sensitive personal information for purposes that require a right to limit under CPRA.
  • Your rights: described in Section 9. You may submit a request via privacy@orsentim.com. Authorized agents may submit requests with appropriate proof of authorization.

14. Other US State Privacy Rights

Residents of states with comprehensive privacy laws (including Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, and others) have rights similar to those described in Sections 9 and 13, including the right to access, correct, delete, and obtain a portable copy of personal data; to opt out of targeted advertising, sale, or certain profiling (we do not engage in these activities); and to appeal a decision regarding a rights request. To exercise these rights or appeal a decision, contact privacy@orsentim.com.

15. Changes to This Policy

We may update this Policy from time to time. When we do, we will revise the “Last Updated” date at the top of this Policy. If the changes are material, we will provide additional notice (such as by email or an in-product notice) prior to the changes taking effect, where reasonably practicable. Your continued use of the Services after the effective date of an updated Policy constitutes your acceptance of the updated Policy.

16. Contact Us

If you have questions, concerns, or requests regarding this Policy or our privacy practices, contact us at:

  • Email: privacy@orsentim.com
  • Mailing address: TwoSensus LLC d/b/a Orsentim, 3222 Bryant Park Drive, New Port Richey, FL 34655, United States