(610) 804-8021 [email protected]

Privacy Policy

Effective Date: February 2026 | Version 4.0

 

This policy may be updated. The current version is always available at centroid-ai.com/privacy

 

Introduction

 

This Privacy Policy describes how CentroidAI, Inc. (referred to as CentroidAI, we, us, or our) collects, uses, discloses, and protects information. This Policy applies to visitors to our website (centroid-ai.com), job applicants, and customers who use our services.

 

CentroidAI is an AI-powered behavioral intelligence platform serving organizations across life sciences, healthcare, medical technology, higher education, and non-profit sectors. Our products help organizations predict and act on behavioral change — in donor populations, patient cohorts, hospital accounts, alumni networks, and commercial relationships — while maintaining the highest standards of data privacy and security.

 

We are committed to protecting the privacy of all individuals whose data we may encounter, including your customers, patients, donors, students, and alumni.

 

CentroidAI, Inc. is a Delaware corporation headquartered in Knightdale, North Carolina, USA.

 

  1. Information We Collect

 

1.1 Information You Provide Directly

 

Job Applicants: When you apply for positions at CentroidAI, we collect information you submit including your name, contact information, resume, work history, and any other information you choose to provide. This information is used solely for recruitment and hiring decisions.

 

Business Contacts: When you inquire about our services or become a customer, we collect business contact information such as your name, company name, job title, email address, and phone number.

 

1.2 Information We Process on Behalf of Customers

 

As a data processor, we process data that our customers provide to us for analytics purposes. This data belongs to our customers, not to CentroidAI. We process this data only according to our customers’ instructions and applicable data processing agreements.

 

Depending on the product and customer, the data we process on behalf of customers may include: aggregated marketing and campaign performance data; donor behavioral and engagement patterns (plasma collection and non-profit sectors); de-identified or pseudonymized patient clinical data including laboratory values, medication history, and diagnostic codes (healthcare sector); commercial order and account activity data from enterprise resource planning (ERP) systems (life sciences and medical technology manufacturing sectors); healthcare professional behavioral and network data (medical technology sector); alumni engagement, giving history, and phonathon response data (higher education sector); and non-profit supporter and beneficiary engagement patterns (non-profit sector).

 

We strongly encourage our customers to anonymize or de-identify data before providing it to us whenever possible. We do not combine data across customers.

 

1.3 Information We Do NOT Collect from Website Visitors

 

When you visit centroid-ai.com, we do not collect personal information unless you voluntarily provide it. Specifically, we do not collect: social media account information, personal browsing history, search queries or content analytics, information about your customers or vendors, or financial information.

 

1.4 Cookies and Tracking Technologies

 

CentroidAI does not use cookies or behavioral tracking technologies on our website for advertising or cross-site tracking purposes. If we use analytics tools to understand aggregate website usage, we will identify them here and provide opt-out instructions. Current analytics tools in use: [list here, or state ‘none at this time’].

 

1.5 Children’s Information

 

Our services are not directed to children under 18 years of age. We do not collect personal information from children. If you believe we have inadvertently collected information about a child, please contact us immediately at [email protected], and we will promptly delete such information.

 

  1. How We Use Information

 

2.1 Our Direct Uses

 

We use information we collect directly for the following purposes: processing job applications and making hiring decisions; communicating with prospective and current customers about our services; providing customer support; complying with legal obligations; and protecting our rights and preventing fraud.

 

2.2 Processing Customer Data

 

We process customer data solely as instructed by our customers and as specified in our data processing agreements. We use customer data only to provide the analytics services our customers have contracted for. We do not use one customer’s data to benefit another customer.

 

2.3 AI and Machine Learning

 

Our platform uses proprietary artificial intelligence and machine learning methods to provide behavioral analytics services. Our commitments regarding AI practices:

 

Training Data: Our AI models are trained on aggregated, anonymized datasets. We do not use individual customer data to train our general-purpose models without explicit written consent.

 

Human Oversight: All AI-generated insights and recommendations are subject to quality review. Our AI assists human decision-making but does not make autonomous decisions affecting individuals.

 

Algorithmic Transparency: Upon request, we provide customers with documentation explaining how our platform processes their data, what factors influence outputs, and the general methodology of our models. This documentation is provided under applicable confidentiality agreements.

 

Bias Prevention: We regularly audit our algorithms for potential bias and take corrective action when issues are identified.

 

  1. Information Sharing and Disclosure

 

CentroidAI will never sell your personal information. We will never share your information with third-party marketing companies or mailing lists.

 

We may share information only in the following limited circumstances:

 

Service Providers (Sub-processors): We use a limited number of third-party service providers to help us operate our business. These providers are contractually bound to protect your information and may only use it to provide services to us. We will provide a list of sub-processors on demand.

 

Legal Requirements: We may disclose information if required by law, court order, or government regulation, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

 

Business Transfers: If CentroidAI is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify affected parties of any change in ownership or control.

 

  1. Data Security

 

We implement appropriate technical and organizational measures to protect information against unauthorized access, alteration, disclosure, or destruction.

 

Encryption: All data is encrypted in transit using TLS 1.2 or higher. Data at rest is encrypted using AES-256 encryption.

 

Access Controls: We implement role-based access controls and the principle of least privilege. All team members use multi-factor authentication.

 

Infrastructure: Our systems are hosted on SOC 2 Type II certified cloud infrastructure with data centers located in the United States.

 

Monitoring: We maintain logging and monitoring systems to detect and respond to potential security incidents.

 

Security Reviews: We conduct regular security assessments and vulnerability testing of our systems.

 

For more details about our security practices, please contact [email protected].

 

  1. Data Retention

 

Job Application Data: We retain job application materials for up to two (2) years after the position is filled, unless you request earlier deletion.

 

Customer Data: We retain customer data for the duration of our service agreement plus thirty (30) days, after which it is securely deleted unless a longer retention period is required by law or requested by the customer.

 

Business Contact Information: We retain business contact information as long as we have an ongoing business relationship, plus three (3) years thereafter for legal and compliance purposes.

 

  1. Your Rights

 

Depending on your location, you may have certain rights regarding your personal information: the right to access a copy of information we hold about you; the right to request correction of inaccurate information; the right to request deletion of your information, subject to legal exceptions; the right to data portability; and the right to object to certain processing.

 

To exercise any of these rights, please contact us at [email protected]. We will respond within thirty (30) days. We may need to verify your identity before processing your request.

 

California residents: We do not sell personal information as defined under the California Consumer Privacy Act (CCPA).

 

  1. Regulated Industries and Compliance

 

CentroidAI serves customers in several highly regulated industries. Our compliance approach for each:

 

Healthcare (HIPAA): Our infrastructure and processes are designed with HIPAA requirements in mind. We are prepared to enter into Business Associate Agreements (BAAs) with covered entities when appropriate. Contact [email protected] to request a BAA.

 

Higher Education (FERPA): When processing data on behalf of educational institutions, we operate as a school official with a legitimate educational interest as defined under FERPA, or under the direction of the institution as a data processor. We do not disclose student educational records except as directed by the institution or as required by law.

 

Non-Profit Organizations: When processing donor, beneficiary, or supporter data on behalf of non-profit organizations, we treat all such data as confidential and process it only for the analytics services contracted. We do not share, sell, or use non-profit supporter data for any purpose beyond the contracted service.

 

Life Sciences and MedTech: We offer comprehensive Data Processing Agreements (DPAs) that comply with applicable privacy regulations for pharmaceutical and medical device customers. Contact [email protected] to request our standard DPA.

 

  1. International Data Transfers

 

CentroidAI is based in the United States, and our data is processed and stored in the United States. For customers subject to GDPR or other international privacy regulations, we implement appropriate safeguards for international data transfers, including Standard Contractual Clauses where applicable. For EU-based customers, we offer data processing in EU-region infrastructure upon request.

 

  1. Security Incident Response

 

In the event of a security incident affecting personal information, we will: investigate and contain the incident promptly; notify affected individuals within seventy-two (72) hours of confirming a breach, unless law enforcement requests a delay; notify relevant regulatory authorities as required by applicable law; and provide information about the nature of the incident, data affected, and steps individuals can take to protect themselves.

 

To report a security concern, contact [email protected].

 

  1. Changes to This Policy

 

We may update this Privacy Policy from time to time. When we make material changes, we will update the Effective Date at the top, add a note to the Revision History below, and post a notice on our website. For material changes affecting existing customers, we will provide direct notification via email.

 

The current version of this Policy is always available at centroid-ai.com/privacy.

 

  1. Contact Us

 

General Privacy Inquiries: [email protected]

Security Concerns: [email protected]

Legal / DPA / BAA Requests: [email protected]

General Contact: [email protected]

 

Mailing Address: CentroidAI, Inc., Attn: Privacy, 1236 Hardin Hill Ln, Knightdale, North Carolina, USA

 

 

Version History

 

Version 4.0 – February 2026: Expanded company description and data type categories to reflect six-industry product line. Added FERPA (higher education) and non-profit data handling sections. Updated AI language. Added EU infrastructure option for international customers.