Privacy Policy

This Privacy Policy explains how Centrion (“Centrion”, “we”, “us”, or “our”) collects, uses, shares, and protects information when you use the Centrion platform and related services (the “Service”). It applies to our customers and to visitors of our websites.

Where you use Centrion on behalf of an organisation, that organisation is the controller of the data it submits, and we process that data as its processor in accordance with our agreement and applicable law.

Account information — your name, email address, password (stored only as a secure hash), organisation details, and role.

Content you provide — prompts, goals, brand and business knowledge, documents, agent configurations, and the output generated for you (collectively, “Your Content”).

Connected-account data — when you connect a third-party tool (such as email, messaging, calendar, or code-hosting), we access the data and permissions you authorise, via secure OAuth tokens, so agents can perform the tasks you request.

Usage and device data — log data, feature usage, approximate location derived from IP, browser and device information, and diagnostics used to operate and secure the Service.

Payment information — handled by our payment processor (Stripe). We receive billing metadata such as plan, status, and the last four digits of a card, but we do not store full card numbers.

Cookies — we use strictly necessary cookies to keep you signed in and to operate the Service. See “Cookies” below.

We use information to:

provide, operate, and secure the Service, including running agents, memory, and connectors you configure;

authenticate you, manage your account, and process billing;

maintain, troubleshoot, and improve the Service and develop new features;

communicate with you about your account, security, and service updates; and

detect, prevent, and respond to fraud, abuse, and security incidents, and to comply with legal obligations.

To carry out your tasks, the Service sends relevant prompts and content to AI model providers. Where you connect your own provider key, your content is processed by that provider under your account and its terms. Where you use Centrion’s managed AI, content is routed to model providers on your behalf.

We do not use Your Content to train our own or any third party’s foundation models. Agent “memory” stores facts, preferences, and results within your workspace so the Service performs better for you, and remains under your control.

We share information with vetted service providers who process it on our behalf and under contract, only to provide the Service. These currently include, for example: cloud hosting and database infrastructure, content delivery and security, AI model routing, payment processing, authentication, and error monitoring.

We do not sell your personal information, and we do not share it for cross-context behavioural advertising.

We may disclose information: to the service providers described above; to comply with law, regulation, or valid legal process; to enforce our Terms or protect the rights, safety, and security of Centrion, our users, or the public; and in connection with a merger, acquisition, or sale of assets, subject to this Policy.

When you connect a third-party tool, you grant the permissions (scopes) shown at the time of connection. We use the resulting access only to perform the tasks you direct. You can disconnect a tool at any time from within the Service, which revokes our ongoing access; you may also revoke access from the third-party provider directly.

We retain Your Content and account data for as long as your account is active or as needed to provide the Service. When you delete content, your account, or your organisation, we delete or de-identify the associated data within a reasonable period, except where we must retain certain records to comply with legal, tax, security, or dispute-resolution obligations.

We use technical and organisational measures designed to protect information, including encryption in transit, encryption of stored credentials and connector tokens, access controls, and monitoring. No method of transmission or storage is completely secure, however, and we cannot guarantee absolute security.

Depending on your location, you may have rights to access, correct, export, restrict, or delete your personal information, and to object to or withdraw consent for certain processing. You can manage much of your data directly in the Service, or contact us to exercise these rights.

We will respond consistent with applicable law (including the GDPR and similar laws where they apply). We will not discriminate against you for exercising your rights.

We and our service providers may process information in countries other than where you reside. Where required, we rely on appropriate safeguards (such as standard contractual clauses) for cross-border transfers.

We use strictly necessary cookies and similar technologies to keep you authenticated, remember preferences (such as theme), and operate and secure the Service. We do not use cookies for third-party advertising.

The Service is not directed to children, and we do not knowingly collect personal information from anyone under 16. If you believe a child has provided us information, contact us and we will take appropriate steps to delete it.

We may update this Privacy Policy from time to time. If we make material changes, we will take reasonable steps to notify you, such as by posting the updated Policy with a new “last updated” date or notifying you in-product.

For privacy questions or to exercise your rights, contact us at [email protected].