Privacy Policy

CENTRIC LABS INC. — PRIVACY POLICY

Effective date: 18 May 2025

Last updated: 20 May 2025

1. Scope

This Privacy Policy explains how Centric Labs Inc. ("Centric", "we", "our" or "us") collects, uses and discloses personal information when you visit or use our websites, mobile applications and related services (collectively, the "Services"). This Policy also serves as our Cookie Notice for the purposes of EU/UK cookie‑consent rules.

2. Controller & Contact Details

Role

Details

Data Controller
Centric Labs Inc., 520 Broadway Suite 200, 90401 Santa Monica, CA

EU Representative (GDPR Art 27)
Lukas Wagner Wolfstrasse 4, 35394 Giessen, Germany

Privacy e‑mail
legal@centric.io

3. Information We Collect

We collect Personal Information through various means, depending on how you use our Services, your interactions with us, and the requirements of applicable laws.

2.1 Information You Provide Directly

Account Setup: When setting up an account, we collect names, email addresses, telephone numbers, and other relevant business details.
Business Performance Data: Data provided by you relating to your business or affiliates performance throughout time, which may include order data, customer data and more
Financial Analysis Data: Data provided by you for financial planning and forecasting, which may include historical financial data and projections.
Communications: Contact information used when you communicate with us for support or information about our Services.
Research and Surveys: Participation in research or surveys might require providing Personal Information, which will be used for study purposes only with your consent.
Interactive Features: Information shared through interactive features like forums, blogs, and customer feedback channels.
Event Registration: Personal details collected when registering for webinars, conferences, or other events hosted by us.
Business Development: Information from potential partners or third parties in the context of prospective business relationships.
Employment Applications: Personal and professional information provided through our job application processes.

2.2 Information Collected Automatically

Usage Data: We automatically collect certain data when you use our Services, such as IP addresses, device identifiers, and browsing behavior. We treat IP addresses, device identifiers and cookie IDs as "online identifiers" under the GDPR.
Cookies and Tracking Technologies: Utilization of cookies, beacons, and similar technologies helps us understand user preferences and service usage patterns.

2.3 Information from Third Parties

External Services: Information gathered from third-party services that are integrated with our Services.

2.4 Information from Google Suite Services and OAuth Integrations

We may ask you to integrate or sign up using your Google account. When you integrate your Google Suite services (such as Google Sheets, Google Drive, Google Slides and Google Docs) with our app, we collect and use specific information from these services to enhance your user experience and provide better functionality. This includes:

Google Sheets, Google Docs & Google Slides Integration:

Accessing and processing data within your Google Sheets to perform analyses, generate reports, and provide insights as part of our Services.
We will use this to set up automated data syncing between our web app and your google sheets account
Storing the results of our analyses to improve your interaction with the app and provide tailored recommendations.

Google Drive Integration:

Accessing files and folders within your Google Drive to facilitate file sharing, document management, and collaborative features within our app such as automatically creating files for you with your Centric data.
We will use this to set up google sheets files automatically in your private google drive based on templates you select on Centric - these sheets will include your live data from our web app and will only be accessible to you.
Ensuring secure and efficient file storage, retrieval, and management processes.

Use of OAuth:

Utilizing OAuth to securely access your Google account data while ensuring that your login credentials are not stored on our servers.
Requesting the minimum necessary permissions required to provide our Services, such as read and write access to specific files or folders.

Data Security and Usage:

We implement robust security measures to protect your Google user data from unauthorized access, alteration, disclosure, or destruction.
Your Google user data is used solely to provide and enhance our Services, ensuring that you receive the full benefits of our app's features.
We do not share your Google user data with third parties except as necessary to provide our Services or as required by law.

User Control and Consent:

You have full control over the permissions you grant us through the OAuth process and can revoke access at any time through your Google account settings.
By integrating Google Suite services with our app, you consent to the collection and use of your Google user data as outlined in this section.

Retention and Deletion:

We retain your Google user data for as long as necessary to provide our Services or as required by law. You can request the deletion of your data at any time by contacting us.

Transparency and Updates:

We are committed to transparency regarding how we use your Google user data. Any updates to this section of our Privacy Policy will be published at https://www.centric.io/privacy.

For any questions or concerns regarding our use of Google user data, please contact us at security@centric.io.

2.5 PostHog Analytics

We use PostHog, an open-source analytics platform, to better understand how users interact with our Services. PostHog helps us track and analyze usage data, allowing us to improve site functionality and enhance the user experience.

Types of Data Collected

Usage Information: Page views, clicks, mouse movements, scroll events, and other browsing behavior.
Technical Information: IP address, device identifiers, browser type/version, operating system, and referring URLs.

How We Use PostHog Data

Service Improvements: We analyze user flow and engagement metrics to identify features that may need refinement.
Performance Monitoring: We track site performance (e.g., load times) and technical issues to optimize our Services.
User Experience Optimization: Insights from PostHog help us design more intuitive and user-friendly interfaces.

Data Sharing and Retention

Third-Party Provider: PostHog may process the data on our behalf, storing it on its secure servers. We take steps to ensure that our arrangements with PostHog protect your data in accordance with this Privacy Policy.
Limited Access: Only authorized personnel have access to the analytics data, and the information is used exclusively for the purposes described above.
Retention: Data collected via PostHog is retained for as long as necessary to fulfill its intended purpose or as required by law.

Cookies and Tracking

Cookie Usage: PostHog uses cookies or similar tracking technologies to collect and store analytics information. You can manage your cookie preferences through your browser settings or any cookie consent tool we provide.
Opt-Out: If you do not wish to have your usage data collected via PostHog, you may adjust your settings or use third-party tools to block or disable such tracking. Please note that certain features of our Services may not function properly if you disable these cookies.

Your Choices

Consent and Withdrawal: In jurisdictions requiring consent for analytics, we will seek your approval before setting or reading PostHog cookies. You can withdraw consent at any time by managing your cookie preferences in your browser or through your account settings (if available).

4. Legal Bases for Processing (GDPR/UK‑GDPR; LGPD; CPRA "Purpose & Means")

Purpose	Categories	Legal basis
Account creation & contract performance	Identifiers, business contact details	Contract (Art 6 (1)(b))
Analytics & usability (PostHog)	Online identifiers, usage data	Consent via cookie banner (Art 6 (1)(a))
Security & fraud prevention	Log data, IP addresses	Legitimate interests (protect Services) (Art 6 (1)(f))
Marketing e‑mails	Identifiers, preferences	Consent or soft opt‑in (Art 6 (1)(a) / e‑Privacy)
Legal / accounting	Any relevant data	Legal obligation (Art 6 (1)(c))

5. How We Use Your Information

Service Delivery: To manage and operate our Services, including account management and administrative functions.
Performance Monitoring: To evaluate the effectiveness of our Services and improve their functionality.
Customer Support: To provide customer assistance and resolve queries.
Marketing and Communications: To communicate promotional offers and information relevant to your interests, subject to your consent where required.
Research and Development: For enhancing our current Services and developing new offerings.
Legal Compliance and Enforcement: To comply with legal requirements and enforce our agreements.

6. Cookies & Similar Technologies

We use first‑ and third‑party cookies for strictly necessary (site login), analytics (PostHog & Intercom) and preferences (remembering language) purposes. Non‑essential cookies are disabled by default and activated only after you click "Accept all" in the banner. You can withdraw consent at any time via the "Cookie Settings" link in the footer.

7. Disclosure of Information

Within Our Corporate Group: Sharing information with our affiliates for operational purposes.
Service Providers: Engaging third-party providers to support various business activities, including hosting services and customer support.
Legal Obligations: Disclosing information where required by law or to protect the rights, property, or safety of our users, the public, or ourselves.
Business Transfers: In the event of a merger, acquisition, or sale, personal information may be part of the transferred assets.

We never sell your data.

8. International Transfers

We rely on (a) EU–US Data Privacy Framework certification and (b) the 2023 Standard Contractual Clauses for any transfers from the EEA/UK/Switzerland to the USA.

9. Data Retention

We retain personal information only for as long as it is needed to (a) provide and secure the Services, (b) comply with legal, accounting, or reporting obligations, and (c) resolve disputes or enforce our agreements. We apply periodic reviews and securely delete or irreversibly anonymise data that is no longer required.

Need a specific timeframe for a particular data category? E‑mail legal@centric.io and we will provide the current schedule within 30 days.

10. Your Rights

Depending on your jurisdiction you may have the right to access, correct, delete, restrict or object to processing of your personal information, withdraw consent, receive data portability, and lodge a complaint with a supervisory authority. You can submit requests via legal@centric.io.

11. Security

We use industry‑standard safeguards. For detailed questions about our security practices please contact security@centric.io.

12. Changes to This Policy

We may update this Policy at any time. Material changes will be announced via banner or e‑mail; continued use after notice constitutes acceptance.

13. Contact Us

Questions? E‑mail legal@centric.io or write to the postal address above.

Table of Contents