Privacy Policy

1. Introduction

At Centaur ("we", "our", or "us"), we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our personal leadership intelligence platform (the "Service").

We are committed to protecting the privacy and security of our users. Given the deeply personal nature of the data you entrust to us—including health metrics, decision patterns, and relationship insights—we have built our platform with privacy as a foundational principle.

2. Information We Collect

2.1 Information You Provide

• Account Information: Name, email address, password (hashed), company, and title
• Profile Data: Professional details, LinkedIn profile, Twitter handle, location
• Check-in Data: Daily mood, energy, stress levels, and self-assessments
• Health Metrics: Sleep, exercise, weight, and wellness data you choose to input
• Decision Logs: Decisions you track, including context, outcomes, and reflections
• Goals and OKRs: Objectives, key results, and progress tracking
• Relationship Data: Stakeholder information you input for network mapping
• Journal Entries: Notes, reflections, and mood logs
• Communication Preferences: Notification settings and email preferences

2.2 Information Collected Automatically

• Usage Data: Features used, time spent, interaction patterns
• Device Information: Browser type, operating system, device identifiers
• Log Data: IP address, access times, pages viewed, crashes
• Cookies: Essential cookies for authentication and session management

2.3 Information from Third Parties

• Calendar Integration: Event data from Google Calendar (with your permission)
• Email Insights: Communication patterns from Gmail (with your permission)
• Health Devices: Data from connected wearables (with your permission)
• Social Profiles: Public profile data from LinkedIn/Twitter (with your permission)

3. How We Use Your Information

We use collected information for the following purposes:

3.1 Service Delivery

• Calculate and display your CentaurScore™
• Generate personalized insights and recommendations
• Identify patterns in your behavior and decision-making
• Create daily briefings and coaching content
• Track progress toward your goals and objectives

3.2 Communication

• Send transactional emails (account confirmations, password resets)
• Deliver morning briefings and scheduled notifications
• Provide customer support and respond to inquiries
• Send product updates and feature announcements (opt-out available)

3.3 Improvement and Analytics

• Analyze aggregated, anonymized usage patterns to improve the Service
• Develop new features and functionality
• Ensure security and prevent fraud
• Debug and fix issues

4. Data Security

We implement robust, industry-leading security measures:

• Encryption at Rest: All stored data is encrypted using AES-256 encryption
• Encryption in Transit: All data transfers use TLS 1.3 encryption
• Authentication: Secure password hashing with bcrypt and optional MFA
• Access Control: Role-based access with least-privilege principles
• Infrastructure: SOC 2 compliant cloud infrastructure
• Monitoring: 24/7 security monitoring and intrusion detection
• Backups: Encrypted, geographically distributed backups
• Audits: Regular third-party security assessments

5. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties.

We may share your information only in these limited circumstances:

• With Your Consent: When you explicitly authorize sharing (e.g., sharing your score badge)
• Service Providers: With vendors who help us operate the Service (under strict confidentiality agreements)
• Legal Requirements: When required by law, court order, or government request
• Protection of Rights: To protect our rights, privacy, safety, or property
• Business Transfers: In connection with a merger, acquisition, or sale (with notice to you)

5.1 AI Processing

Our AI systems process your data to generate insights. This processing occurs on secure infrastructure under our control. We do not send your personal data to third-party AI providers in a way that exposes your identity or allows data retention outside our systems.

6. Data Retention

We retain your data according to these principles:

• Active Accounts: Data is retained while your account is active
• Account Deletion: Upon deletion request, all personal data is removed within 30 days
• Backups: Data may persist in encrypted backups for up to 90 days after deletion
• Legal Holds: We may retain data longer if required by law
• Anonymized Data: Aggregated, anonymized analytics may be retained indefinitely

7. Your Rights

Depending on your location, you may have the following rights:

• Access: Request a copy of your personal data
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your personal data
• Portability: Receive your data in a structured, machine-readable format
• Restriction: Request restriction of processing
• Objection: Object to certain types of processing
• Withdraw Consent: Withdraw consent at any time (for consent-based processing)

To exercise these rights, contact us at privacy@gocentaur.ai or use the settings in your account.

8. Cookies and Tracking

We use cookies minimally and only for essential purposes:

• Essential Cookies: Required for authentication and session management
• Analytics Cookies: Help us understand usage patterns (can be disabled)
• No Advertising Cookies: We do not use third-party advertising cookies
• No Cross-Site Tracking: We do not track you across other websites

You can manage cookie preferences through your browser settings. Disabling essential cookies may affect the functionality of the Service.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, primarily the United States. We ensure appropriate safeguards are in place:

• Standard Contractual Clauses for EU/EEA data transfers
• Compliance with applicable data protection laws
• Selection of vendors with appropriate certifications

10. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we learn we have collected information from a child, we will delete it promptly.

11. California Privacy Rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act:

• Right to Know: What personal information we collect and how we use it
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: We do not sell personal information
• Non-Discrimination: Equal service regardless of exercising privacy rights

12. European Privacy Rights (GDPR)

For users in the European Economic Area, we process personal data as follows:

• Legal Basis: Contract performance, legitimate interests, and consent
• Data Controller: Centaur is the data controller
• Supervisory Authority: You have the right to lodge a complaint with your local authority
• DPO Contact: dpo@gocentaur.ai

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes:

• We will update the "Last updated" date at the top
• We will notify you via email for significant changes
• We may provide an in-app notification

We encourage you to review this policy periodically. Continued use of the Service after changes constitutes acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy or our data practices:

• Privacy Inquiries: privacy@gocentaur.ai
• Data Protection Officer: dpo@gocentaur.ai
• General Support: support@gocentaur.ai
• Website: https://gocentaur.ai

We aim to respond to all privacy-related inquiries within 30 days.