Privacy Policy

1. Who We Are

CenterYou ("we," "us," or "our") is an AI automation company that builds, deploys, and manages AI-powered systems for small and medium enterprises. We operate through our website at centeryou.com and deliver Services directly to business clients worldwide.

For the purposes of applicable data protection laws, CenterYou acts as:

• Data Controller for personal data we collect directly from visitors to our website and prospective clients
• Data Processor for personal data our business clients share with us when we deliver Services on their behalf

Questions about this policy or how we handle your data should be directed to: Support@CenterYou.com

2. Scope of This Policy

This Privacy Policy applies to:

• Visitors to our website at centeryou.com
• Prospective clients who contact us, request proposals, or book calls
• Business clients who use our Services under a Service Agreement
• End users who interact with AI systems we have deployed for our business clients (chatbots, voice agents, etc.)

This policy does not apply to the data practices of our business clients when they independently use the AI systems we deploy for them. Our clients are responsible for their own privacy practices with respect to their end customers' data.

3. Information We Collect

3.1 Information You Provide Directly

• Contact information: Name, email address, phone number, company name, job title, and any other details you provide when submitting a contact form, booking a call, or sending us an email
• Business information: Industry, company size, current tools, business challenges, and goals you share during sales conversations or onboarding
• Service Agreement data: Billing information, payment details (processed through secure third-party payment processors), and contract information
• Communications: Content of emails, messages, or other communications you send us
• Feedback: Responses to surveys, reviews, or feedback requests

3.2 Information Collected Automatically

• Usage data: Pages visited, time spent on pages, links clicked, and navigation patterns on our website
• Device data: IP address, browser type and version, operating system, screen resolution, and device type
• Location data: Approximate geographic location derived from your IP address (country and city level only)
• Referral data: The website or source that directed you to our website
• Cookie data: Preferences and session information stored via cookies (see Section 14 for details)

3.3 Information from Third Parties

• Publicly available professional information (such as LinkedIn profiles) when researching prospective clients
• Information provided by referral partners when they introduce potential clients to us

3.4 Client Data (Business-to-Business)

When we deliver Services to business clients, we process Client Data on their behalf. This may include end-customer data such as:

• Contact information of our clients' customers (names, emails, phone numbers)
• Meeting recordings and transcripts
• CRM data including client interaction histories
• Documents, invoices, contracts, and business records
• Any other data our clients choose to process through the Services

We process this data only as a data processor, under our clients' instructions, as defined in our Service Agreement and any applicable Data Processing Agreement.

4. How We Use Your Information

We use personal data for the following purposes:

4.1 Providing and Improving Our Services

• Responding to enquiries, proposals, and support requests
• Delivering and managing the AI automation Services you have contracted for
• Processing payments and managing billing
• Providing technical support and troubleshooting
• Improving the quality, features, and functionality of our Services

4.2 Business Operations

• Conducting sales conversations and preparing proposals
• Onboarding new clients and managing ongoing relationships
• Maintaining business records and accounting
• Complying with legal and regulatory obligations

4.3 Marketing and Communications

• Sending information about our Services, case studies, and industry insights (only where you have consented or we have a legitimate interest)
• Sending transactional emails related to your account, billing, or Services
• Responding to your enquiries and follow-up communications

4.4 Analytics and Website Improvement

• Analyzing website traffic and user behavior to improve our website
• Understanding which content and Services are most relevant to visitors
• Tracking conversion rates and optimizing our marketing efforts

4.5 Legal Compliance and Protection

• Complying with applicable laws, regulations, and legal processes
• Protecting the rights, property, or safety of CenterYou, our clients, or others
• Detecting, preventing, or investigating fraud and security incidents
• Enforcing our Terms of Service and other agreements

5. Legal Basis for Processing (GDPR)

For individuals in the European Economic Area (EEA), United Kingdom, or other jurisdictions requiring a lawful basis for processing, we process personal data under the following bases:

• Contract performance: Processing necessary to fulfil our Service Agreement with you or to take steps prior to entering into a contract
• Legitimate interests: Processing necessary for our legitimate business interests, such as improving our Services, marketing to business prospects, preventing fraud, and maintaining security, provided these interests are not overridden by your rights
• Legal obligation: Processing necessary to comply with applicable laws (tax records, regulatory requirements)
• Consent: Where you have given specific, informed, and freely given consent (such as subscribing to our newsletter). You may withdraw consent at any time

6. How We Share Your Information

We do not sell, rent, or trade your personal data to any third party. We share data only in the following circumstances:

6.1 Service Providers and Sub-Processors

We share data with trusted service providers who assist us in operating our business and delivering our Services, including:

• Cloud infrastructure: AWS, Google Cloud, Microsoft Azure (hosting and data storage)
• AI API providers: OpenAI, Anthropic, Google AI (AI model processing; these providers commit to not using API data for model training)
• Communication tools: Email service providers, SMS gateways, WhatsApp Business API
• Payment processors: Stripe or equivalent (payment data; we do not store card details)
• Analytics: Web analytics providers (Google Analytics or equivalent)
• CRM and project management: Internal tools used to manage client relationships and projects

All service providers are bound by contractual obligations to protect your data and are prohibited from using it for any purpose other than providing services to us.

6.2 Legal Requirements

We may disclose personal data when required by law, court order, regulatory authority, or when we believe in good faith that such disclosure is necessary to protect our legal rights, prevent fraud, or protect the safety of any person.

6.3 Business Transfers

If CenterYou is involved in a merger, acquisition, or sale of assets, personal data may be transferred as part of that transaction. We will provide notice before personal data is transferred and becomes subject to a different privacy policy.

6.4 With Your Consent

We may share your data for other purposes with your explicit prior consent.

7. Data Retention

We retain personal data only for as long as necessary for the purposes described in this policy:

• Prospective client data: Up to 3 years from last contact, unless you request deletion
• Active client data: For the duration of the Service Agreement plus 7 years (to meet legal and accounting obligations)
• Client Data processed on behalf of clients: Deleted within 30 days of contract termination (see Terms of Service Section 17)
• Website analytics data: Up to 26 months
• Financial records: As required by applicable law (typically 7 years)
• Marketing consent records: For the duration of your subscription plus 3 years

When data is no longer required, we securely delete or anonymize it.

8. International Data Transfers

CenterYou operates globally and serves clients across multiple jurisdictions. Your personal data may be transferred to and processed in countries outside your home country, including countries that may not provide the same level of data protection as your home jurisdiction.

When we transfer personal data from the EEA, UK, or other regions with data transfer restrictions, we rely on appropriate safeguards, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• UK International Data Transfer Agreements (IDTAs)
• Adequacy decisions where applicable
• Binding Corporate Rules where appropriate

You may request a copy of the transfer safeguards applicable to your data by contacting us at Support@CenterYou.com.

9. Data Security

We take the security of your personal data seriously and implement industry-standard security measures, including:

• TLS/SSL encryption for all data in transit
• Encryption at rest for stored data
• Role-based access controls limiting data access to authorized personnel
• Multi-factor authentication for internal systems
• Regular security reviews and vulnerability assessments
• Secure, reputable cloud infrastructure with physical security controls
• Staff training on data protection and security practices

Despite these measures, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security and shall not be liable for any unauthorized access resulting from circumstances beyond our reasonable control.

10. Your Rights

Regardless of where you are located, you have certain rights regarding your personal data:

• Right to access: Request a copy of the personal data we hold about you
• Right to correction: Request that we correct inaccurate or incomplete personal data
• Right to deletion: Request that we delete your personal data (subject to legal obligations)
• Right to restrict processing: Request that we limit how we use your data in certain circumstances
• Right to data portability: Request a copy of your data in a commonly used, machine-readable format
• Right to object: Object to our processing of your data for legitimate interests or direct marketing
• Right to withdraw consent: Withdraw any consent you have given at any time, without affecting the lawfulness of prior processing

To exercise any of these rights, contact us at Support@CenterYou.com. We will respond within 30 days (or within the timeframe required by applicable law).

We may need to verify your identity before processing your request. We will not charge a fee for reasonable requests but may charge for manifestly unfounded or excessive requests.

11. GDPR Rights (EU and UK)

If you are located in the European Economic Area or the United Kingdom, you have the following additional rights under the General Data Protection Regulation (GDPR) or UK GDPR:

• All rights listed in Section 10
• The right to lodge a complaint with your local supervisory authority. In the UK, this is the Information Commissioner's Office (ICO). In the EU, this is the data protection authority in your country of residence
• The right not to be subject to solely automated decision-making that produces significant legal or similarly significant effects on you

Where we rely on legitimate interests as our legal basis, you have the right to object to such processing. We will assess your objection and cease processing unless we have compelling legitimate grounds that override your interests.

12. CCPA Rights (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to Know: Request details about the categories and specific pieces of personal information we collect, use, disclose, or sell
• Right to Delete: Request deletion of personal information we have collected from you, subject to certain exceptions
• Right to Correct: Request correction of inaccurate personal information
• Right to Opt-Out of Sale or Sharing: We do not sell or share your personal information for cross-context behavioral advertising. You may still submit a request at Support@CenterYou.com
• Right to Limit Use of Sensitive Personal Information: Request that we limit our use of sensitive personal information to what is necessary to provide the Services
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights

California residents may submit rights requests to Support@CenterYou.com. We will verify your identity before processing your request and respond within 45 days.

13. DPDPA Rights (India)

If you are located in India, we process your personal data in accordance with the Digital Personal Data Protection Act, 2023 (DPDPA). You have the right to:

• Access a summary of your personal data and the processing activities undertaken
• Correct inaccurate or misleading personal data
• Erase personal data where the purpose of processing has been fulfilled or you have withdrawn consent
• Nominate another individual to exercise these rights on your behalf in the event of your death or incapacity
• Lodge a grievance with us, which we will address within 30 days

You also have the right to lodge a complaint with the Data Protection Board of India.

14. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to improve your browsing experience. We use the following categories of cookies:

• Strictly necessary cookies: Essential for the website to function properly. These cannot be disabled
• Analytics cookies: Help us understand how visitors interact with our website (page views, traffic sources, user flows). We use these to improve our website
• Functional cookies: Remember your preferences (language, form data) to improve your experience
• Marketing cookies: Used to track visitors across websites to display relevant advertisements (used only with your consent where required by law)

You can manage your cookie preferences through our Cookie Policy page or by adjusting your browser settings. Please note that disabling certain cookies may affect website functionality.

For full details on cookies we use, see our Cookie Policy.

15. Children's Privacy

Our Services are intended for business use and are not directed at individuals under the age of 18 (or the applicable age of majority in your jurisdiction). We do not knowingly collect personal data from children.

If we become aware that we have inadvertently collected personal data from a child, we will take immediate steps to delete such data. If you believe we have collected data from a child, please contact us at Support@CenterYou.com.

16. Third-Party Links

Our website may contain links to third-party websites, services, or social media platforms. This Privacy Policy applies only to our website and Services. We are not responsible for the privacy practices of third-party websites. We encourage you to review the privacy policies of any third-party sites you visit.

17. AI and Automated Processing

Our Services use artificial intelligence to process data and generate outputs. Specifically:

• AI systems may process personal data (such as names, contact details, or conversation content) to deliver our Services
• Meeting transcription and summarization may process audio or video containing personal data of meeting participants
• Lead qualification chatbots collect and process data shared by website visitors
• Content generation systems may reference personal or business information you provide

We do not use AI systems to make fully automated decisions that produce significant legal or similarly significant effects on individuals without human review and oversight.

Personal data processed through AI systems is subject to the same protections described in this policy. Our AI providers (such as OpenAI and Anthropic) are contractually prohibited from using data submitted via their APIs to train their models.

18. Business Client Data (B2B Processing)

When we act as a Data Processor on behalf of our business clients:

• We process personal data only on documented instructions from our clients
• We do not use this data for our own purposes beyond delivering the Services
• We assist clients in responding to data subject rights requests when technically feasible
• We notify clients of any confirmed data breaches without undue delay
• We delete or return all Client Data upon termination of the Service Agreement
• We maintain records of processing activities as required by applicable law

If you are an end user who has interacted with an AI system (such as a chatbot) operated by one of our business clients, please contact that business directly regarding your personal data, as they are the Data Controller for that data.

19. Marketing Communications

We may send you marketing communications about our Services, industry insights, and company news where:

• You have given explicit consent to receive such communications, or
• You are an existing client and we have a legitimate interest in communicating about related Services (soft opt-in, where permitted by law)

Every marketing email we send includes a clear, easy unsubscribe mechanism. You can also opt out at any time by contacting us at Support@CenterYou.com. We will honor all opt-out requests promptly and within the timeframe required by applicable law.

Opting out of marketing communications will not affect transactional communications related to your account or Services.

20. Data Breach Notification

In the event of a personal data breach, we will:

• Notify affected individuals and/or supervisory authorities within the timeframes required by applicable law (72 hours under GDPR where required)
• Notify our business clients without undue delay where Client Data is affected
• Take immediate steps to contain the breach and prevent further unauthorized access
• Document the breach and our response, and cooperate with regulatory authorities as required
• Provide guidance on steps you can take to protect yourself where a breach creates a high risk to your rights and freedoms

21. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Services we offer, or applicable legal requirements. When we make material changes, we will:

• Update the "Last updated" date at the top of this page
• Notify active clients via email
• Where required by law, obtain fresh consent for materially changed processing activities

We encourage you to review this policy periodically. Your continued use of the Services after changes take effect constitutes your acceptance of the revised policy.

22. Contact and Complaints

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

CenterYou
Email: Support@CenterYou.com
Website: CenterYou.com

We will acknowledge your request within 5 business days and provide a full response within 30 days (or within the timeframe required by applicable law).

If you are not satisfied with our response, you have the right to lodge a complaint with the relevant supervisory authority in your jurisdiction.