Legal
Privacy Policy
Centeye Inc (“Company,” “we,” “us”) provides this Privacy Policy to explain how we handle personal information in our capacity as a controller — that is, information we collect through our marketing and corporate website at centeye.io, our communications, sales and marketing activities, and events (collectively, the “Services” covered here).
1. Scope; Our Two Roles
We act in two distinct capacities. As a controller, we determine how and why we process personal information about website visitors, prospects, partners, and contacts — that processing is governed by this Policy. As a processor (service provider), we process data on behalf of, and under the documented instructions of, our business customers and channel partners when they use the Centeye product — including security telemetry such as logs, alerts, events, and network and identity data, which may contain personal information incidentally. That in-product processing is not governed by this Policy; it is governed by the applicable customer agreement and our Data Processing Agreement (“DPA”). If you are an individual whose data appears in security telemetry processed in the Centeye product, please direct requests to the customer or partner that controls that data.
2. Personal Information We Collect (and Statutory Categories)
In the past 12 months we have collected the following categories of personal information. The category names track the California Consumer Privacy Act (as amended, “CCPA/CPRA”) so this table can also serve as our “Notice at Collection.”
| CCPA Category | Examples (as we collect them) | Purpose / Source |
|---|---|---|
| Identifiers | Name, business email, employer, phone, IP address, online identifiers | Respond to inquiries; demos; account/sales — from you and your device |
| Commercial information | Products/services you inquired about; event attendance | Sales, marketing analytics — from you |
| Internet/network activity | Pages viewed, referring URLs, interactions, cookie data | Operate and improve the Site — collected automatically |
| Professional/employment | Job title, role, company size | Qualify and route inquiries — from you / data vendors |
| Geolocation (coarse) | City/region inferred from IP | Security, analytics — collected automatically |
| Inferences | Interests inferred from the above | Marketing personalization — derived |
We do not knowingly collect personal information from children under 16.
3. How and Why We Use Personal Information; Legal Bases
We process personal information to: respond to your inquiries and provide requested materials; operate, secure, and improve the Services; conduct sales and marketing (subject to your choices); analyze usage; and comply with law. Where the EU/UK GDPR applies, our legal bases are: performance of or steps toward a contract (responding to your requests); legitimate interests (operating and securing the Site, B2B marketing, analytics — balanced against your rights); consent (non-essential cookies and certain marketing, where required); and legal obligation (recordkeeping, responding to lawful requests).
4. Cookies and Tracking; “Sharing” for Advertising
We use cookies and similar technologies for essential operation, preferences, and analytics. Where required, we obtain consent through our cookie banner and honor recognized opt-out preference signals (including, where applicable, Global Privacy Control). See our Cookie Policy for details and your choices.
Do Not Sell or Share. We do not sell personal information for money. To the extent our use of advertising cookies constitutes a “sale” or “share” under the CCPA/CPRA, you may opt out by enabling Global Privacy Control in your browser or by contacting privacy@centeye.io.
5. How We Disclose Personal Information
We disclose personal information to: service providers/processors acting on our behalf (hosting, analytics, email, CRM) under contracts restricting their use; professional advisors; authorities where required by law or to protect rights and safety; and a successor in a merger, acquisition, financing, or asset sale. We do not disclose personal information to third parties for their own independent marketing without your consent.
6. Your Privacy Rights
All users
You may unsubscribe from marketing at any time via the link in our emails or by contacting us.
California (CCPA/CPRA)
Subject to verification, you may request to know, access, correct, or delete your personal information, and to opt out of sale/sharing and limit use of sensitive personal information. We will not discriminate against you for exercising these rights. You may use an authorized agent. We respond within the statutory timeframe.
EU/UK/EEA (GDPR)
You may request access, rectification, erasure, restriction, portability, and may object to processing based on legitimate interests or direct marketing, and withdraw consent. You may lodge a complaint with your supervisory authority. We do not make decisions producing legal or similarly significant effects based solely on automated processing.
Other U.S. states
Residents of states with comprehensive privacy laws (e.g., Virginia, Colorado, Connecticut, Texas, and others) have analogous rights, including to access, correct, delete, and opt out of targeted advertising, sale, and certain profiling.
How to exercise: contact privacy@centeye.io. We will verify your identity before responding.
7. Security Telemetry and Incidental Personal Information
The Centeye product processes security telemetry on behalf of our customers and partners — for example, system and application logs, security alerts and events, and network and identity metadata used to detect and respond to threats. This telemetry may contain personal information incidentally (such as usernames, email addresses, IP addresses, or device identifiers). We process such data only as a processor, under the customer’s documented instructions, for the purpose of providing the security service, and subject to the DPA. We do not use customer security telemetry to build or market to individuals, and we do not sell it.
Aggregated and de-identified threat intelligence. We may derive aggregated, de-identified, or statistical threat intelligence from telemetry to improve detection and protect all customers. Where we do so, we follow contractual and legal requirements and do not attempt to re-identify individuals.
8. Data Retention
We retain personal information only as long as necessary for the purposes described, applying criteria such as: the duration of our relationship with you; whether a legal obligation requires retention; and whether retention is advisable given our legal position (e.g., limitation periods). Representative periods: marketing contact data — until opt-out plus 24 months; web analytics — 14 months; in-product telemetry — per the DPA.
9. Security
We maintain administrative, technical, and physical safeguards designed to protect personal information appropriate to its sensitivity. No system is perfectly secure, and we cannot guarantee absolute security. Our handling of security incidents affecting customer data is addressed in the DPA and applicable customer agreements.
10. International Transfers
We are based in the United States and process information in the U.S. and other countries. Where we transfer personal information from the EEA, UK, or Switzerland, we rely on appropriate safeguards, such as the European Commission’s Standard Contractual Clauses and the UK Addendum, and apply supplementary measures where needed.
11. Changes; Contact
We may update this Policy and will revise the “Last updated” date; material changes will be communicated as required by law. Contact us at privacy@centeye.io.