Book a Demo

Book a Demo

GDPR Compliant

Privacy Policy - MAKE SENSE AI

Last updated on 23 Nov, 2025

At Make Sense AI ("we," "us," or "our"), we are committed to protecting your privacy and safeguarding your personal information. This Privacy Policy explains how we collect, use, disclose, and protect your data when you use our website and services (collectively, the "Services").

By using our Services, you consent to the practices described in this Privacy Policy. If you do not agree with this policy, please do not use our Services.

1. DATA CONTROLLER

Company name: Make Sense S.à.r.l

Legal form: S.à.r.l.

Head office:8, Rue de Hobscheid Luxembourg

Company number:LU25892726

Email contact RGPD : contact@makesenseai.com

Data Protection Officer (DPO):[Name] - dpo@makesenseai.com

Competent supervisory authority:

National Commission for Data Protection (CNPD)

15, Boulevard du Jazz, L-4370 Belvaux, Luxembourg

Tel.: (+352) 26 10 60 -1

2. INTRODUCTION

Make Sense AI (hereinafter "we" "us" "the Company") respects your privacy and is committed to protecting your personal data in accordance with:

  • Regulation (EU) 2016/679 of 27 April 2016 (RGPD/GDPR)

  • Luxembourg law of August 1, 2018relating to the protection of natural persons with regard to the processing of personal data

  • Applicable Luxembourg legislation

This privacy policy describes how we collect, use, store and protect your personal data within our AI automation platform for wellness facilities.

3. CHAMP D'APPLICATION

This policy applies to:

  • Visitors to our website (makesenseai.com)

  • Prospects and customers using our services

  • End users of our clients (data processed on their behalf)

  • Business partners and suppliers

  • Anyone interacting with our AI services

4. DATA COLLECTED AND PURPOSES

4.1 Data collected directly

A. Website visitors

B. Clients (Wellness establishments)

C. End users (Our clients' customers)


4.2 Automatically collected data

5. USE OF ARTIFICIAL INTELLIGENCE

5.1 AI processing implemented

Our platform uses AI to:

  • AI Virtual Receptionist: Handles phone/SMS conversations for reservations

  • Marketing automationCustomer segmentation, personalized content generation:

  • Customer segmentation, personalized content generation

  • Predictions: Behavior analysis, no-show predictions, recommendations

  • Operational optimizationCalendar management, dynamic pricing


5.2 Legal basis and transparency

  • Legal basis:Performance of the customer contract + Legitimate interest

  • Logic of automated processing:Our algorithms analyze booking history, expressedpreferences, and past behavior to personalize the experience.

  • Limited profiling:Marketing segmentation only (no decision producing legal effects)

  • Human intervention:Possibility of contesting an automated decision and requestinga human review


5.3 Training AI models

  • AI models are trained onanonymized and aggregated data only

  • No personally identifiable informationis not used for training

  • AI models from our partners (OpenAI, Anthropic)do not retaindata exchanged via API

6. DATA SHARING

6.1 Data Recipients

6.2 Subcontracting Agreements (DPA)

All our subcontractors have signedData Processing Agreements (DPA)guaranteeing:

  • Strict confidentiality

  • Technical and organizational security

  • Do not use outside of instructions

  • Data breach notification


6.3 Transfers outside the EU

Some partners (OpenAI, HubSpot) are located in the USA. We ensure an adequate level of protection through:

  • Standard Contractual Clauses (SCC)of the European Commission

  • Data Privacy Framework (DPF)USA-EU for certified partners

  • Impact assessmentfor each transfer

A full list of transfers outside the EU is available upon request: dpo@makesenseai.com

7. YOUR GDPR RIGHTS

In accordance with Articles 15 to 22 of the GDPR, you have the following rights:

7.1 Right of access (Art. 15)

Obtain a copy of your personal data that we hold.

7.2 Right of rectification (Art. 16)

Correct inaccurate or incomplete data.

7.3 Right to erasure / "right to be forgotten" (Art. 17)

Request the deletion of your data, except where there are legal obligations to retain it.

7.4 Right to restriction of processing (Art. 18)

Request the temporary suspension of certain treatments (e.g., during accuracy verification).

7.5 Right to data portability (Art. 20)Receive your data in a structured, commonly used and machine-readable format (CSV, JSON).

7.6 Right to object (Art. 21)

  • Marketing :Absolute right to object to commercial solicitations

  • Legitimate interest:Objection is possible if there are compelling legitimate reasons.

7.7 Right not to be subject to an automated decision (Art. 22)

To contest a purely automated decision that has legal effects or significantly affects you.

7.8 Right to define post-mortem directives (Art. 40 Luxembourg law)

Instructions regarding the fate of your data after death.

7.9 Exercising your rights

By email: privacy@makesenseai.com

By mail:Make Sense AI - GDPR Service - [Full Address]

Response time: 30 daysmaximum (extendable to 90 days if complex, with notification)

Required documents:Copy of identity document for verification (destroyed after processing)

Free of charge:Free exercise (except in cases of clearly abusive/repeated requests)

8. DATA SECURITY

8.1 Technical Measures

  • EncryptionTLS 1.3 for data in transit, AES-256 for data at rest

  • Strong authenticationMFA is required for admin access

  • Access controlPrinciple of least privilege, tracked access by name

  • BackupsDaily figures, 30-day retention, EU storage

  • Safety testsAnnual penetration tests, weekly vulnerability scans

  • Logging: Access logs kept for 12 months (audit trail)

8.2 Organizational Measures

  • Team trainingMandatory annual GDPR awareness training

  • Confidentiality clausesAll employees and service providers

  • Risk analysisDPIA for high-risk treatments

  • Incident proceduresData Breach Response Plan

  • SupervisionData Protection Officer (DPO)

8.3 Data Breach

In case of a breach (leak, loss, unauthorized access):

  • Notification APD : Below 72 hoursif there is a risk to your rights

  • Notification of those concernedWithout delay if the risk is high

  • Corrective measuresImmediate implementation

Report a security vulnerability: security@makesenseai.com

9. COOKIES AND TRACKERS

9.1 Consent Management

In accordance with Article 82 of the Belgian Privacy Act and ePrivacy:

  • Prior consentRequired for non-essential cookies

  • Validity period13 months maximum

  • WithdrawalPossible at any time via cookie manager


9.2 Configure your cookies

On our website:[Consent manager link - footer] In your browser:

  • Chrome: Settings > Privacy > Cookies

  • Firefox: Options > Privacy > Cookies

  • Safari: Preferences > Privacy

External tools:

  • Google Analytics Opt-out : https://tools.google.com/dlpage/gaoptout

  • Disabling targeted advertising: https://www.youronlinechoices.eu/

10. MINORS

Our services are intended for **professionals only

© 2025 Make Sense AI. All rights reserved.