.svg)
At Sapien, we understand that the data our clients entrust to us is not just information; it's the foundation upon which AI and ML applications are built. We recognize the immense responsibility that comes with handling our clients' data, and we take this responsibility seriously.
Our commitment to data privacy is embedded in every facet of our operations. It is a core value that guides our actions and decisions from initial project discussions to data export and delivery.
Your Data, Your Control
At the heart of our data privacy philosophy is the principle that your data remains yours at all times. We process and utilize our clients' data exclusively in accordance with the agreements we establish with them. This means that our clients retain full ownership and control over their data throughout the entire labeling process.
Our Global Compliance
Sapien operates on a global scale, and we understand that data privacy laws and regulations vary across different jurisdictions. We are continuously evolving our Global Privacy Compliance Program that is meticulously designed to align with stringent requirements.
We have designed our Global Privacy Compliance program with various privacy requirements in mind, such as Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and Privacy Act 1985, the European Union's General Data Protection Regulation (GDPR), the Health Insurance Portability and Accountability Act (HIPAA), the California Consumer Privacy Act (CCPA), and China's Personal Information Protection Law (PIPL).
As part of our onboarding process, we conduct a thorough assessment to identify the specific privacy laws and regulations applicable to your data.
We recognize that your data is a valuable asset, and we employ a multi-layered approach to safeguard it. Our commitment to secure data handling includes:
- Strict Access Controls: We limit access to your data to authorized personnel only; only those who need it for specific tasks can access it.
- Encryption Protocols: We use state-of-the-art encryption protocols to protect your data from unauthorized access.
- Industry Best Practices: We adhere to industry best practices for data security, staying ahead of the latest threats and vulnerabilities.
- Security Certification: We have initiated the process of obtaining a SOC2 Compliance Certification.
Ensuring Data Protection Compliance Across The Entire Sapien Labeling Process
Our Terms of Service and Data Processing Addendum
Our Master Services Agreement includes comprehensive provisions outlining our confidentiality, personal data protection, and security obligations. In situations where required by applicable data protection regulations, we also establish a Data Processing Addendum that specifically governs our handling of personal data.
Sapien treats its clients' personal data as confidential and processes it solely as instructed. We never sell customer data or utilize it for our own business purposes.
Data Sharing Practices
We sometimes need to rely on service providers to deliver our services. . However, we are extremely selective about the entities with whom we share your data, and we make sure that they have robust security controls.
We have stringent confidentiality agreements in place with all our service providers, and any third-party service provider that accesses Personal Data does so only with your explicit consent under the terms of the Data Processing Addendum.
International Data Transfers
Sapien ensures that all cross-border transfers and processing of personal data adhere to the mechanisms mandated by applicable data protection laws. As a Canada-based organization, we primarily process personal data from Canada, a jurisdiction deemed by the European Commission to provide an adequate level of data protection.
Records of Processing Activities
Where required by regulations such as the GDPR, Sapien maintains meticulous records of all personal data processing activities conducted on behalf of our clients. These records are up-to-date and accurate for full transparency and accountability.
In instances where you may require assistance or confirmation of your data security, our team will be ready to assist you:
- Data Protection Impact Assessments (DPIAs): We have processes in place to assist you in conducting DPIAs, helping you identify and mitigate potential risks to personal data.
- Responding to Data Subject Requests: We cooperate and support you in responding to requests from individuals exercising their data protection rights, such as the right to access or rectify their personal data.
- Data Retention and Deletion: We have a strong records retention policy that outlines the appropriate time periods for data retention, including personal data, and will assist you in deleting or anonymizing personal data at your request and when it is no longer needed for the provision of our services.
Data Protection Point of Contact
Sapien has designated a Data Protection Officer (DPO) based in the EU who is responsible for monitoring our compliance with applicable data protection laws and regulations. Our DPO serves as a central point of contact for all privacy-related matters.
Additionally, for our clients in the European Union, we have appointed an EU Representative based in the Netherlands to ensure GDPR compliance.
Sapien Staff Training
All Sapien personnel and taggers who handle client data are subject to strict confidentiality obligations. Furthermore, we provide comprehensive training to our staff on organizational practices relevant to their roles and responsibilities. Everyone at Sapien understands the importance of data privacy and knows how to handle data responsibly.
HIPAA Compliance at Sapien
For clients in the healthcare industry, we recognize the importance of complying with the Health Insurance Portability and Accountability Act (HIPAA). Sapien is dedicated to upholding HIPAA standards and ensuring the privacy and security of protected health information (PHI). We employ advanced encryption and stringent access controls to safeguard PHI, and we conduct regular system audits to verify ongoing compliance with HIPAA requirements.
Our HIPAA-compliant solutions provide a secure environment for processing PHI, enabling healthcare organizations to leverage AI technologies while maintaining patient confidentiality.
Advanced Encryption Techniques:
Encryption is a fundamental component of our data protection and information security strategy. We utilize state-of-the-art encryption methods to secure personal data, converting it into a hashed format that is only accessible to authorized entities with the correct decryption keys. Our encryption practices align with GDPR recommendations, ensuring both compliance and data integrity.
If you are considering Sapien for your data labeling needs and would like to learn more about our data privacy commitments and protocols, please contact us to schedule a consult, and we’d be happy to discuss your specific data privacy and security needs.