Centi Logo
CENTI← Back to Home

Privacy Policy

Effective Date: November 25, 2025 | Last Updated: November 25, 2025

Breeze Platforms, Inc. ("Centi," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered business process automation platform (the "Service") available at centi.to.

By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with this Privacy Policy, please do not access or use the Service.

1. Company Information

Company Name: Breeze Platforms, Inc.

Address: 131 Continental Dr Suite 305, Newark, DE 19713, USA

Website: centi.to

Contact Email: jusung@centi.to

2. Information We Collect

2.1 Information You Provide Directly

  • Account Information: Name, email address, company name, job title, and other registration details.
  • Payment Information: Billing address, payment method details (processed through secure third-party payment processors).
  • Communications: Information you provide when contacting us for support or inquiries.

2.2 Information Collected Through Integrations

When you connect your business tools to Centi, we collect data necessary to provide our process automation services:

  • Email Data: Email content (subject lines, body text, attachments), metadata (sender, recipients, timestamps, message IDs).
  • Calendar Data: Event details (titles, descriptions, attendees, dates, times), calendar metadata (event IDs, reminders, recurrence patterns).
  • File Data: Documents and files stored in connected cloud storage services (Google Drive, OneDrive), file metadata (names, sizes, types, modification dates).
  • User Profile Information: Names, email addresses, and organizational structure from connected workspace platforms.

2.3 Information Collected Automatically

  • Usage Data: Information about how you interact with our Service, including features used, actions taken, and time spent.
  • Device Information: Browser type, operating system, device identifiers, IP address.
  • Log Data: Server logs, error reports, and system activity for debugging and security purposes.
  • Cookies and Similar Technologies: We use cookies and similar tracking technologies to enhance your experience and analyze usage patterns.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Service Delivery: To provide, maintain, and improve our AI-powered process mining and automation services.
  • Process Analysis: To analyze your business workflows, identify inefficiencies, and recommend automation opportunities.
  • Automation Execution: To execute approved automations within your connected business systems.
  • Account Management: To create and manage your account, process payments, and provide customer support.
  • Communications: To send service-related notifications, updates, and marketing communications (with your consent).
  • Security: To detect, prevent, and respond to fraud, abuse, or security incidents.
  • Legal Compliance: To comply with applicable laws, regulations, and legal processes.
  • Service Improvement: To analyze usage patterns and improve our algorithms, features, and user experience.

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), United Kingdom, and Switzerland, we process personal data based on the following legal grounds:

  • Contractual Necessity: Processing necessary to perform our contract with you and provide the Service.
  • Legitimate Interests: Processing necessary for our legitimate business interests, such as improving our services, preventing fraud, and ensuring security.
  • Consent: Processing based on your explicit consent, which you may withdraw at any time.
  • Legal Obligation: Processing necessary to comply with applicable laws and regulations.

5. Data Sharing and Disclosure

We may share your information in the following circumstances:

5.1 Service Providers (Sub-processors)

We engage trusted third-party service providers to assist in delivering our Service. These sub-processors are contractually obligated to protect your data and may only process it on our behalf:

  • Cloud Infrastructure: Amazon Web Services (AWS), for secure data hosting and storage.
  • Authentication: Stytch, for secure user authentication and session management.
  • Payment Processing: Stripe, for secure payment processing.
  • Analytics: Privacy-focused analytics providers for service improvement.
  • AI/ML Services: OpenAI and other AI providers for natural language processing and automation capabilities.

5.2 Third-Party Integrations

Our Service integrates with Google Workspace and Microsoft 365 via OAuth 2.0. Data exchanges through these integrations are performed at your direction. We are not a sub-processor of Google or Microsoft, and your use of these services is governed by their respective privacy policies and terms.

5.3 Legal Requirements

We may disclose your information if required by law, court order, or governmental authority, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

5.4 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your information.

6. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have different data protection laws than your jurisdiction.

For transfers from the EEA, UK, or Switzerland to countries not deemed adequate by the European Commission, we rely on:

  • Standard Contractual Clauses (SCCs): EU-approved contractual terms that provide appropriate safeguards for data transfers.
  • Data Processing Agreements: Binding agreements with our sub-processors that incorporate GDPR-compliant data protection obligations.

You may request a copy of the relevant safeguards by contacting us at jusung@centi.to.

7. Data Retention

We retain your personal data only as long as necessary to fulfill the purposes for which it was collected and to comply with legal obligations:

  • Active Account Data: Retained for the duration of your subscription and for up to 90 days after account termination to allow for data export.
  • Business Process Data: Retained for up to 12 months for active automation workflows, unless you request earlier deletion.
  • Backup Data: Retained for up to 30 days after deletion from primary systems for disaster recovery purposes.
  • Legal and Compliance Records: Retained as required by applicable laws (e.g., tax records for 7 years).

Upon expiration of the retention period or upon your valid deletion request, we will securely delete or anonymize your data using industry-standard methods.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:

  • Encryption: Data is encrypted in transit (TLS 1.3) and at rest (AES-256).
  • Access Controls: Role-based access controls and multi-factor authentication for system access.
  • Infrastructure Security: Hosted on SOC 2 Type II certified cloud infrastructure with regular security audits.
  • Monitoring: Continuous monitoring for security threats and anomalies.
  • Employee Training: Regular security awareness training for all personnel with data access.
  • Incident Response: Documented incident response procedures for security events.

9. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms:

  • We will notify affected customers without undue delay, and in any event within 72 hours of becoming aware of the breach.
  • Notification will include the nature of the breach, categories of data affected, likely consequences, and measures taken or proposed to address the breach.
  • We will cooperate with supervisory authorities as required by applicable law.
  • Where the breach is likely to result in a high risk to your rights and freedoms, we will communicate directly to affected individuals.

10. Your Privacy Rights

10.1 Rights Under GDPR (EEA, UK, Switzerland)

If you are located in the EEA, UK, or Switzerland, you have the following rights:

  • Right of Access: Request confirmation of whether we process your personal data and obtain a copy.
  • Right to Rectification: Request correction of inaccurate or incomplete personal data.
  • Right to Erasure: Request deletion of your personal data ("right to be forgotten").
  • Right to Restriction: Request restriction of processing under certain circumstances.
  • Right to Data Portability: Receive your personal data in a structured, machine-readable format.
  • Right to Object: Object to processing based on legitimate interests, including profiling.
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.
  • Right to Lodge a Complaint: File a complaint with your local supervisory authority.

10.2 Rights Under CCPA (California Residents)

If you are a California resident, you have the following rights under the CCPA:

  • Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected.
  • Right to Delete: Request deletion of your personal information, subject to certain exceptions.
  • Right to Opt-Out: Opt out of the "sale" of personal information. Note: We do not sell personal information.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

10.3 Exercising Your Rights

To exercise any of these rights, please contact us at jusung@centi.to. We will respond to your request within 30 days (or as required by applicable law). We may need to verify your identity before processing your request.

11. Cookies and Tracking Technologies

We use cookies and similar technologies for the following purposes:

  • Essential Cookies: Required for the Service to function properly (authentication, security).
  • Functional Cookies: Remember your preferences and settings.
  • Analytics Cookies: Help us understand how you use the Service to improve it.

You can manage cookie preferences through your browser settings. Note that disabling certain cookies may affect the functionality of the Service.

12. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child without parental consent, we will take steps to delete that information promptly.

13. Third-Party Links

Our Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page with a new "Last Updated" date. For significant changes, we will provide additional notice (such as email notification). Your continued use of the Service after such changes constitutes acceptance of the updated Privacy Policy.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Breeze Platforms, Inc.

131 Continental Dr Suite 305

Newark, DE 19713, USA

Email: jusung@centi.to

16. Data Processing Agreement (DPA)

For enterprise customers requiring a Data Processing Agreement in compliance with GDPR Article 28, please contact us at jusung@centi.to. We will provide a DPA that covers the subject matter, duration, nature, and purpose of processing, types of personal data, categories of data subjects, and the obligations and rights of both parties.