1.1 Definitions. We collect "Non-Personal Information" and "Personal Information." Non-Personal Information includes information that cannot be used to personally identify you, such as anonymous usage data, API usage statistics, general demographic information, referring/exit pages and URLs, platform types, preferences you submit, and number of API requests. Personal Information includes your email address, company name, billing information, and account configuration settings, which you submit to us through the registration process.

1.2 Information Collected via Technology and API Usage.

Account Creation: To activate the API Services, you need to submit your email address and create an account. To use the Service thereafter, you may need to submit additional information including company name, billing information, and API configuration preferences.

API Request Data: CENTURE DOES NOT COLLECT, STORE, OR RETAIN ANY PROMPTS, TEXT INPUTS, OR CONTENT THAT YOU SUBMIT THROUGH OUR API SERVICES UNLESS YOU EXPLICITLY ENABLE DATA RETENTION IN YOUR ACCOUNT SETTINGS. By default, all API requests are processed in real-time for prompt injection detection and the response is provided immediately. The original content is then discarded and not stored on our systems.

Scan Metadata: Even when content is not retained, we collect and store metadata about each scan including: (a) scan type, result classification, and object type scanned; (b) content size in bytes; (c) detection categories and confidence levels; (d) model evaluation results (provider, model name, detection outputs); (e) performance metrics (latency, error status, response codes); (f) cryptographically-salted content hashes for integrity verification purposes (see 'Content Integrity Verification' below). This metadata is retained for analytics, billing, service improvement, and quality assurance purposes.

Content Integrity Verification: To ensure the accuracy of user-submitted feedback on scan results, we store a salted cryptographic hash of each scanned content item. This hash allows us to verify that content you later submit as part of feedback matches the original scan, without storing the actual content. These hashes cannot be reverse-engineered to recover the original content.

MCP Proxy Usage Statistics: For users accessing our MCP (Model Context Protocol) proxy services, we collect usage statistics and performance metrics including: (a) connection metadata (IP address, user agent, session identifiers); (b) message direction, type, and method; (c) content types and message sizes; (d) connection duration and timestamps; (e) performance metrics (latency, error status). BY DEFAULT, WE DO NOT STORE MESSAGE CONTENT OR PAYLOADS FROM MCP PROXY COMMUNICATIONS. Message content storage is opt-in only and must be explicitly enabled in your account settings.

Optional Data Retention: You may choose to enable data retention in your account settings for specific purposes such as: (a) analytics and usage reporting for your account; (b) service improvement (anonymized and aggregated only); (c) compliance logging (if required for your use case). When data retention is enabled, we collect and store only the data you have explicitly chosen to retain. This applies to both API request content and MCP proxy message content.

Technical Information: We track technical information provided by your browser or API client when you access the Service, including: API endpoint usage patterns, request frequency and timing, error rates and response times, IP addresses (for security and rate limiting), user agent information, and referring URLs (for web dashboard access). We use cookies and similar technologies for the web dashboard to maintain your session and preferences. API services use authentication tokens instead of cookies.

1.3 Enterprise Audit Logging (Enterprise Feature). For organizations that have enabled enterprise audit logging features, we collect comprehensive activity logs for security monitoring, compliance, and administrative purposes. This includes: (a) detailed user actions (create, update, delete, and view operations on all resources); (b) actor information (user ID, first name, last name, email address); (c) technical context (IP address, user agent, source page route); (d) timestamps and affected resource identifiers; (e) impersonation data when administrative impersonation is used. Audit logs are retained according to your organization's configured retention settings and can be accessed by organization administrators through the dashboard. This feature must be explicitly enabled by an organization administrator and is not active by default.

1.4 Information You Provide by Registering for an Account. To create an account for the API Services, you will need to provide: (a) email address; (b) first and last name; (c) company name (optional but recommended); (d) password; (e) billing information (for paid plans); (f) API usage preferences and data retention settings. You may optionally upload a profile photo, which will be stored and displayed in the web dashboard. We also track your most recently accessed organization and project to improve your user experience by directing you to the appropriate workspace when you sign in.

1.5 Third-Party Application Connections and OAuth. When you connect third-party applications to Centure via OAuth or configure external integrations: (a) OAuth client metadata (application name, client IDs, redirect URIs, allowed scopes); (b) OAuth access tokens and refresh tokens (stored securely via third-party secret management services); (c) token expiration times and scope configurations; (d) user-specific or organization-wide credential associations. These credentials are used solely to facilitate authorized connections between Centure and your external applications, and are stored in WorkOS's Vault platform and encrypted at rest

1.6 Children's Privacy. The Site and API Services are not directed to anyone under the age of 18. We do not knowingly collect or solicit information from anyone under the age of 18, or allow anyone under the age of 18 to sign up for the Service. In the event that we learn that we have gathered personal information from anyone under the age of 18 without parental consent, we will delete that information as soon as possible. If you believe we have collected such information, please contact us at [email protected].

2.1 Personal Information.

Except as otherwise stated in this Privacy Policy, we do not sell, trade, rent or otherwise share for marketing purposes your Personal Information with third parties without your consent. We do share Personal Information with service providers who perform services for the Company, such as: (a) cloud infrastructure providers (for hosting our API Services); (b) payment processors including Stripe (for billing purposes, which stores Stripe customer IDs associated with your organization); (c) email service providers (for account notifications); (d) WorkOS (for authentication, enterprise audit logging, and secure OAuth credential storage via WorkOS Vault); (e) security monitoring services. These vendors use your Personal Information only at our direction and in accordance with our Privacy Policy and appropriate data processing agreements.

We use Personal Information to: (a) provide and maintain the API Services; (b) process billing and payments; (c) send service-related communications (API updates, security notifications, billing notices); (d) provide technical support; (e) detect and prevent fraud or abuse; (f) comply with legal obligations.

2.2 API Content and Prompts.

Default Behavior: We do NOT store, analyze, or use any prompts, text inputs, or content submitted through our API Services unless you explicitly enable data retention in your account settings.

When Data Retention is Enabled: If you choose to enable data retention, we may use retained data to: (a) provide analytics and insights for your account; (b) improve our prompt injection detection algorithms (only in anonymized, aggregated form); (c) generate usage reports and statistics; (d) maintain compliance logs if required for your use case.

We will never: (a) use your specific prompts or content for marketing purposes; (b) share your content with other customers; (c) train our models on your content without explicit consent; (d) access your content unless necessary for providing the service or with your explicit permission.

2.3 Non-Personal Information. We use Non-Personal Information to help us improve the Service and customize the user experience. We also aggregate Non-Personal Information to track trends and analyze usage patterns. This may include: (a) overall API usage statistics; (b) performance metrics and error rates; (c) feature usage analytics; (d) security threat patterns (anonymized). This Privacy Policy does not limit our use or disclosure of Non-Personal Information and we reserve the right to use and disclose such Non-Personal Information to our partners and other third parties at our discretion, provided it cannot identify you personally.

2.4 Business Transfers. In the event we undergo a business transaction such as a merger, acquisition by another company, or sale of all or a portion of our assets, your Personal Information may be among the assets transferred. You acknowledge and consent that such transfers may occur and are permitted by this Privacy Policy. Any acquirer would be bound by the same privacy protections outlined in this policy.

We implement comprehensive security measures designed to protect your information from unauthorized access, including:

Technical Safeguards: End-to-end encryption for all API communications, secure token-based authentication, regular security audits and penetration testing, encrypted data storage (for any retained data), and secure network architecture with firewalls and intrusion detection.

Operational Safeguards: Access controls limiting employee access to customer data, regular security training for all personnel, incident response procedures, and data retention and deletion policies.

Account Security: Your account is protected by your account password and API keys. We urge you to: (a) use strong, unique passwords; (b) keep your API keys secure and rotate them regularly; (c) enable two-factor authentication when available; (d) log out of your account after each web dashboard session.

However, these measures do not guarantee that your information will not be accessed, disclosed, altered or destroyed by breach of security systems. By using our Service, you acknowledge that you understand and agree to assume these risks.

You have the following rights regarding your Personal Information:

Access and Portability: You can access and download your account information through your dashboard at any time.

Correction: You can update your account information through your dashboard or by contacting support.

Deletion: You can request deletion of your account and associated data by emailing [email protected]. We will delete your account within 30 days of confirming your request.

Data Retention Control: You have complete control over what data (if any) is retained from your API requests through your account settings.

Marketing Communications: You can opt out of promotional communications by following the unsubscribe instructions in emails or updating your preferences in your account settings. Note that we may continue to send service-related communications regardless of your marketing preferences.

Data Processing Objection: You can object to certain types of data processing by contacting us at [email protected].

5.1 API Request Content and Metadata. By default, we do not retain any prompts, text inputs, or content from API requests. This data is processed in real-time and immediately discarded. However, we DO retain metadata about each scan (as described in Section 1.2) including scan results, detection categories, performance metrics, content size, and cryptographically-salted content hashes for integrity verification. This metadata cannot be used to reconstruct the original content and is retained for analytics, billing, service improvement, and quality assurance purposes. Similarly, for MCP proxy services, we retain usage statistics and connection metadata but do not store message content unless you explicitly enable data retention.

5.2 Account Data. We retain your account information (email, company name, billing information) for as long as your account is active and for a reasonable period after account closure for business and legal purposes.

5.3 Optional Retained Data. If you enable data retention features, we will retain the specified data according to your settings and our published retention schedules, which you can view and modify in your account dashboard.

5.4 Legal Requirements. We may retain certain information longer if required by law, regulation, or legal process.

Our Service is hosted in the United States. If you are accessing our Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States where our servers are located and our central database is operated. By using our Service, you consent to such transfer.

Our Site may contain links to other websites or applications. However, we are not responsible for the privacy practices employed by those websites. This Privacy Policy applies solely to information collected through our Site and API Services. We encourage our users to read the privacy statements of other websites before using them.

We reserve the right to change this Privacy Policy and our Terms of Service at any time. We will notify you of significant changes by: (a) sending a notice to the primary email address specified in your account; (b) posting a prominent notice on our Site; (c) providing notice through our API (for API-related changes). Significant changes will go into effect 30 days following such notification. Non-material changes or clarifications will take effect immediately. You should periodically check the Site and this privacy page for updates.

If you have any questions regarding this Privacy Policy or the practices of this Site, please contact us:

Abir Taheer

Address: 169 Madison Ave STE 38371 New York, New York 10016

Email: [email protected]

Telephone: (212) 970-ABIR