Privacy Policy

At a glance

CrossSense is in active development and is not yet on the commercial market. The processing described in this notice currently covers: public-event demonstrations, user testing in community and home settings, a research study planned for summer–autumn 2026, and a late-2026 pilot intended to evolve into commercial release. We will update and re-issue this notice ahead of any commercial launch and whenever our processing materially changes.

This notice is one layer of how we communicate about your data. You will also see short, plain-language prompts in the companion app at the moments your data is collected. This notice is available on request in accessible formats — large print, plain text, audio, or read aloud by the companion app.

Contact details

CrossSense Ltd
41 Mitchell Street
London EC1V 3QD

Email: privacy@crosssense.com

Data Protection Officer: Szczepan Orlins (privacy@crosssense.com)

Who we are

CrossSense Ltd develops and operates CrossSense, a consumer assistive-technology product. CrossSense is a generative-AI companion — called Wispy — that prompts, supports and encourages you to engage with everyday activities of your own choosing, at home or in the community. You initiate, attempt and execute each activity yourself; CrossSense gives spoken cues, encouragement and, when you hold the camera up, on-screen labels naming everyday objects in view.

CrossSense is delivered today through a smartphone application — the surface in active development and the surface used in the research study planned for summer–autumn 2026. A smartglasses surface, on head-worn hardware, is in earlier pilot stage and is not in scope for that study. A second, separate smartphone application — the companion app — is used by a family member or unpaid carer (a "care partner") to help you with first-time setup and to keep your preferences current.

CrossSense Ltd is a spin-out from Animorph Ltd and is independent from it. All intellectual property, operational control, and data processing responsibilities transferred to CrossSense Ltd in December 2025. Animorph Ltd is no longer a controller or processor of any CrossSense personal data. Earlier versions of this notice referenced both entities; that arrangement has been superseded.

CrossSense Ltd is the sole data controller for all personal data described in this notice.

What information we collect, use, and why

We collect or use the following information to provide the CrossSense service:

• Name, address, and contact details
• Date of birth
• Gender
• Emergency contact details and designated support network information
• Accessibility-related preferences you choose to share to make CrossSense work for you (for example, voice, speech speed, font size, subtitle and label position, language, dominant eye, prescription lens requirements, hearing-aid preferences)
• Account and registration information
• Communications you send us (support requests, feedback)
• Payment details, where applicable to a paid pilot or commercial phase

Information collected during a session

A "session" is a bounded period during which you have explicitly opened CrossSense and started using it. There is no always-on capture — the session opens when you start it and closes when you end it.

• Visual data — camera images from your phone (or, in the optional smartglasses surface, the head-worn camera), used to detect everyday objects in view and place on-screen labels naming them, and to answer questions you explicitly ask about what is on screen ("what is this?", "what colour is this?")
• Audio data — speech captured while you are interacting with Wispy during a session, used to transcribe what you say so Wispy can reply
• Derived information — preferences and routines that Wispy learns to personalise CrossSense to you (for example, the name you have given your favourite mug, or which activity templates you choose most often). We do not produce or store scores, severity ratings, risk levels, trends, or clinical-style observations about you.
• Device interactions — which activity templates you choose, and when sessions start and end
• Error reports and diagnostic data — technical logs keyed to a device identifier. These remain personal data even when they do not describe you directly, because the device ID can be linked back to you through our account database. We minimise their content and pseudonymise them on collection.

Special category data

Some of the data above includes special category data under UK GDPR Article 9, in two ways which we treat separately:

1. Accessibility information you provide directly — hearing or vision accessibility needs you choose to share so we can adapt CrossSense to work for you.
2. Categories that may be inferred from environmental context — for example, religious or philosophical beliefs may be inferable from objects in scene labels. We do not seek this data, we apply technical suppression to avoid recording it in summaries, and where it is unavoidable we treat it as Article 9 data.

CrossSense does not diagnose, screen, triage, assess, score, grade, monitor, treat or produce risk or severity judgements about you. We do not infer health information from your environment, your routines or your conversations with Wispy, and we do not derive clinical-style observations from your use of the product.

Information from your support network

With your explicit consent, a care partner (a designated family member or unpaid carer) may provide basic contact information so they can help you with setup. You control who is added, what they can see, and can revoke access at any time without affecting your own use of CrossSense.

People other than the primary user

The smartglasses' cameras and microphones may capture other people — household members, visitors, or passers-by — who are not CrossSense users. We minimise this incidental collection through local processing where technically feasible, by discarding non-relevant frames at the earliest possible point, and by not retaining identifiable images of non-users beyond the 24-hour raw-data window described below. Bystanders may exercise the data subject rights described later in this notice.

Our lawful bases

Article 6 UK GDPR

• Consent (Article 6(1)(a)) — for processing of visual and audio data captured during a CrossSense session, and for personalised AI features.
• Contract (Article 6(1)(b)) — for account administration, service delivery, and payment processing.
• Legitimate interests (Article 6(1)(f)) — for bot-protection on our signup forms (see below) and for limited service-improvement analytics using anonymised or strongly pseudonymised data. A Legitimate Interests Assessment is available on request from privacy@crosssense.com.

Article 9 UK GDPR (special category data)

Our primary Article 9 condition is explicit consent (Article 9(2)(a)). This consent is:

• Captured separately from general terms, in plain language, with layered just-in-time prompts in the app
• Reconfirmed periodically through the app
• Withdrawable at any time, in the app or by contacting privacy@crosssense.com, without affecting basic functionality

We maintain an Appropriate Policy Document for the processing of special category data, as required by Schedule 1 of the Data Protection Act 2018.

Fresh consent and pause-by-default

• Fresh consent at material change. If our processing materially changes, we will seek fresh consent before continuing.
• Pause-by-default. Where consent has lapsed and no other lawful basis applies, we pause the affected processing rather than continue without one.

Your data protection rights

You have the rights of access, rectification, erasure, restriction, objection, data portability, and (where we rely on consent) withdrawal of consent. More information is available on the ICO's website.

We will respond without undue delay and within one calendar month. To make a request, contact us at privacy@crosssense.com.

Erasure and the usefulness of CrossSense. Some of what Wispy learns about you is what makes the device useful (for example, which cupboard you keep mugs in, what time you usually eat breakfast). If you ask us to erase derived inferences, we will do so promptly, and we will be transparent with you that the device may become less helpful as a result. We will never use this as a reason to refuse an erasure request.

Where we get personal information from

• Directly from you
• Care partners (with your explicit consent)
• Microphone and camera on your phone during a session (and, in the optional smartglasses surface, the equivalent device sensors)
• Limited technical telemetry from the companion app

How we process your data

All data collected by CrossSense is transmitted to secure servers located in the United Kingdom and processed by CrossSense Ltd. With the single exception described under International transfers below (bot-protection on our signup forms), no personal data leaves the UK. In particular, all AI inference runs on CrossSense infrastructure in the UK and is not sent to any third party.

What counts as "raw" data

For the purposes of this notice and our retention schedule, "raw" data means the unprocessed sensor streams captured during a session: images and audio.

Raw data is retained strictly for critical troubleshooting and quality work, for no longer than 24 hours from processing. After that window, the raw stream is permanently deleted; only the derived information described above remains.

Language-model and visual-language-model inference

Wispy's spoken replies are produced by a large language model, and the answers to visual questions you ask about something on screen ("what is this?", "what colour is this?") are produced by a visual-language model. Both models run on CrossSense infrastructure in the United Kingdom. Speech-to-text, text-to-speech, voice activity detection, on-device object detection and the internal voice-tone adaptation that softens Wispy's next reply also all run on CrossSense infrastructure.

We do not use any third-party AI provider for inference. No conversational context, audio, or image frames are sent outside CrossSense for language or visual-language inference, and none of this data leaves the UK. All AI inference runs on CrossSense-controlled UK infrastructure.

Cloud architecture

CrossSense initially aimed to process all data locally on the user's device. As the product developed, processing requirements exceeded what a smartphone alone could reliably run, so we now process audio and visual data on our UK cloud infrastructure under an Article 28(3) processor contract with a UK-resident cloud provider. We recognise that cloud processing is more intrusive than on-device processing and we mitigate this through encryption, minimisation, short raw-data retention, and strict UK residency. All AI inference runs on CrossSense infrastructure within the UK, as described above.

Granularity and minimisation

Information that is or may in future be shared with a care partner (see Care partners below) is expressed in high-level summaries rather than at the level of individual actions. We review granularity periodically against the data minimisation principle.

Bot-protection on our signup forms

To protect our signup forms from automated abuse, we use Cloudflare Turnstile, a privacy-respecting alternative to traditional CAPTCHA. When you load a page with one of our forms, Cloudflare receives your IP address, basic browser signals, and a short-lived challenge token; we exchange that token with Cloudflare at submission time to verify the request is genuine. Cloudflare may set a strictly-necessary first-party cookie during the challenge; we do not use Cloudflare for analytics or tracking.

Our lawful basis is legitimate interest in preventing automated abuse. Cloudflare acts as our processor for this flow. See Cloudflare's privacy statement for further detail.

Cloudflare operates globally and your IP address and browser signals may be processed at Cloudflare points of presence outside the UK. This transfer is covered by Cloudflare's Data Processing Addendum, which incorporates the EU Commission Standard Contractual Clauses with the UK International Data Transfer Addendum, together with a transfer risk assessment we maintain.

Data sharing and third parties

Cloud infrastructure (UK)

Our primary UK cloud infrastructure is provided under an Article 28(3) processor agreement, encryption in transit and at rest, regular security review, and contractual obligations to assist with data subject rights requests.

AI inference

Language-model and visual-language-model inference runs on CrossSense infrastructure in the UK (see Language-model and visual-language-model inference above). We do not share your data with any third-party AI provider for inference.

Care partners

A care partner (a family member or unpaid carer) can use a separate companion app to help you with first-time setup and to keep your preferences current. Today, with your explicit consent, that app shows the care partner:

• Your preferences (voice, speech speed, font size, subtitle and label position, language, dominant eye, fitting status) so they can help adjust them
• Engagement-level presence — that you used CrossSense today, at the level of presence only (not what you did)

The care partner cannot read your conversation transcripts, see live or recorded audio or video from your device, see inferred mood or trends about you, see per-step activity records, or receive automated alerts.

You can revoke a care partner's access at any time without affecting your own use of CrossSense.

If we introduce a future activity-insights surface for care partners, its scope will be limited to engagement-level signals (for example, that you used CrossSense today, which activities you chose, or what mood you logged yourself if you chose to) plus information you have logged about yourself. Any such surface will be gated on your documented consent and will not surface AI-inferred observations about you.

What we do not do

• We never sell your personal data
• We never use your data for advertising
• We never share your data with any third party without your fresh, specific consent
• We do not use your data for automated decision-making that produces legal or similarly significant effects on you

Profiling for personalisation

Wispy adapts to you over time — for example, by learning the name you have given to an everyday object in your environment ("your blue mug"), or which activity templates you choose most often. Under UK GDPR Article 4(4) this counts as profiling, even though it is used only to personalise CrossSense to you and does not produce legal or similarly significant effects on you. We do not use this profiling to make automated decisions about you, to score you, or to share inferred information about you with third parties. You can ask us to erase what Wispy has learned about you at any time (see Your data protection rights).

International transfers

One limited outbound transfer leaves the UK in normal operation:

• Cloudflare Turnstile — your IP address and browser signals on signup-form pages may be processed at Cloudflare points of presence outside the UK, under Cloudflare's Data Processing Addendum and the UK International Data Transfer Addendum to the EU Commission Standard Contractual Clauses.

This transfer is limited to bot-protection on our signup forms; it does not include any session, audio, visual, or AI-inference data. AI inference for language and vision is performed on CrossSense infrastructure in the UK and is not transferred outside the UK. No other personal data leaves the UK.

How long we keep information

Data category	Retention period
Raw data (images, audio)	24 hours from processing
Derived information (preferences and routines Wispy has learned)	Duration of active account
Account details	Up to 3 years after closure or last interaction
Accessibility information	Maximum 7 years from last service interaction (6-year limitation period under the Limitation Act 1980, with a 1-year operational buffer)
Payment details	Up to 1 year after final transaction or account closure
Error reports / pseudonymised diagnostics	12 months
Anonymised usage data	Up to 12 months
App settings and preferences	Up to 3 years after closure
Communications and support records	Up to 1 year from last interaction

Special circumstances

• Death of the user. Personal data deleted within 30 days of notification, subject to any legal hold.
• Inactive accounts. Closed after 1 year of inactivity; we attempt to contact you first where contact details remain valid.
• Account deletion via the app. Personal data erased immediately, except where longer retention is required by law. Raw data is always deleted within the 24-hour window regardless of account state.

All personal data is stored encrypted with access controls. On expiry of the retention period, data is permanently and irreversibly deleted.

Security measures

• AES-256 encryption at rest; TLS 1.3 in transit
• Role-based access with multi-factor authentication for staff
• Regular security review and incident response procedures
• Maintained Software Bill of Materials for all dependencies
• Logical separation of user data on shared infrastructure

Data Protection Impact Assessment (DPIA)

CrossSense processes audio and visual data during user sessions in users' homes and other private settings, and may incidentally process special category data (see Special category data above). A DPIA has been completed and is reviewed regularly, and after any model retraining, privacy-affecting feature, or change of processor. Key risks tracked include: care-partner surveillance creep, model inversion, incidental capture of non-users, and inferred special category data. We consult external stakeholders in our review process.

Regulatory background

CrossSense Ltd (then operating jointly with Animorph Ltd) participated in the ICO's Regulatory Sandbox between November 2024 and early 2026. This notice reflects the conclusions of that work and the post-Sandbox change of operating entity.

How to complain

If you have any concerns about our use of your personal data, please contact us using the details above.

If you remain unhappy after raising the concern with us, you can complain to the Information Commissioner's Office:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF

Helpline: 0303 123 1113

Website: https://www.ico.org.uk/make-a-complaint

Changes to this notice

We review this notice periodically and update it to reflect changes to our service, infrastructure, or legal obligations. Material changes will be communicated through the companion app and by email where we hold a current address for you.