SugarSense — Understand the pattern

SugarSense was built privacy-first. This page is the short version of how we keep your data safe and why no one — not even us — can read your raw entries without an audited reason.

Standards we're built and tested against

We design the platform against the controls and guidance in ISO/IEC 27001 (information security management), OWASP ASVS and the OWASP Top 10, NIST SP 800-53 audit logging (AU-2/3/12), and GDPR / CCPA for data rights. We treat these as floor, not ceiling.

Encryption

Every sensitive field is encrypted at rest. Everything in transit is protected by modern TLS. Backups are encrypted with separate, rotating keys. No raw user content is ever written to a log file.

Privacy and AI partners

Before any text leaves our infrastructure to be processed by an AI provider, it passes through our anonymisation pipeline — names, contact details, addresses, workplaces, exact locations, monetary amounts and unique markers are replaced with neutral placeholders. The AI provider only ever sees the anonymised version. Your raw entries stay in our protected data layer, which the AI providers we use cannot reach.

We do not sell your data. We do not share it with advertisers or data brokers. We do not use your content to train external models. Our analytics are opt-in and contain no advisor content.

Who can read your data

Only you. Internally, even our small team cannot access an individual account's raw entries without an audited administrative action with a documented reason, and we are explicit with you about when that is allowed (suspected abuse of the platform, legal request, account recovery you've initiated). Every such access is logged for one year and visible to leadership.

Your rights

One click exports everything you've ever written, in a machine-readable format. One click deletes everything — genuinely, with no soft-delete recovery window. You don't need to email us, you don't need to wait, and you don't need to give a reason.

Want more detail?