Center.

← Back to Home

Privacy Policy

Effective Date: October 1, 2025

Last Updated: October 1, 2025

1. Introduction

Welcome to Center Labs Inc. ("Center," "we," "us," or "our"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered customer support platform and related services (collectively, the "Services").

By using our Services, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our Services.

Company Information:
Center Labs Inc.
120 East Beaver Creek Road, Suite 200
Richmond Hill, Ontario L4B 4V1
Canada

2. Information We Collect

We collect several types of information from and about users of our Services:

2.1 Account Information

  • Authentication Data: Email address, name, Google ID (if using Google OAuth), password hash (if using email/password authentication), profile picture
  • Company Information: Company name, VAT number, HST number, tax ID
  • Subscription Data: Subscription plan, status, expiration dates, maximum number of agents allowed

2.2 AI Agent Data

  • Agent Configuration: Agent name, description, guidelines, personality settings, enhanced descriptions, company URL
  • Agent Settings: Status, call service type, voice selection, widget settings, custom inactive messages
  • Integration Data: Shopify store information (if connected), phone number assignments, widget URLs and tokens

2.3 Interaction Data

  • Chat Logs: Chat session IDs, messages (role, content), token counts, response times, start/end times, message counts
  • Call Logs: Call session IDs, start/end times, duration, status, service type used
  • Analytics Data: Agent performance metrics, interaction statistics, test call/chat counts

2.4 File and Document Data

  • Uploaded Files: Document files (PDF, DOCX, TXT), audio files (MP3, M4A, WAV, WEBM, OGG), file metadata (name, type, size, path)
  • Commentary: User-provided notes and annotations on files (max 1000 characters)
  • Extracted Content: Text extracted from documents, audio transcriptions, text chunks with vector embeddings for semantic search

2.5 Payment Information

  • Billing Data: Stripe customer ID, payment intent IDs, transaction amounts, payment status
  • Note: Credit card information is processed and stored by Stripe. We do not directly store full credit card numbers.

2.6 Technical and Usage Data

  • Device Information: IP address, browser type, operating system, device identifiers
  • Usage Data: Pages visited, features used, time spent on platform, click patterns
  • Cookies and Tracking: Session cookies, analytics cookies (via PostHog)

2.7 Shopify Integration Data

  • Store Information: Shop domain, custom domain, installed app status
  • Access Tokens: Encrypted Shopify access tokens (using AES-256-GCM encryption)
  • Product Data: Synchronized product information from your Shopify store
  • API Scopes: Granted permissions (products, orders, customers, inventory)

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Service Delivery: To provide, maintain, and improve our AI customer support platform
  • AI Training: To train and improve AI agent responses using your knowledge base and interaction history
  • Authentication: To verify your identity and manage your account access
  • Billing: To process payments and manage subscriptions
  • Communication: To send service notifications, updates, and respond to inquiries
  • Analytics: To understand usage patterns and improve our Services
  • Integration Management: To connect your AI agents with third-party services (Shopify, Twilio)
  • Security: To detect, prevent, and address fraud, abuse, and security issues
  • Legal Compliance: To comply with legal obligations and enforce our terms of service

5. Data Sharing and Third Parties

We do not sell your personal information. We share your information only with the following trusted service providers who help us operate our Services:

5.1 Third-Party Service Providers

Google OAuth

Used for: Authentication and identity verification

Data shared: Email, name, Google ID, profile picture

Stripe

Used for: Payment processing and subscription management

Data shared: Email, customer ID, payment amounts, billing information

Twilio

Used for: Voice call functionality and phone number management

Data shared: Phone numbers, call metadata, agent configurations

Shopify

Used for: E-commerce integration (when you connect your store)

Data shared: Store domain, product data (when synced), customer support queries

PostHog

Used for: Analytics and product insights

Data shared: Usage patterns, feature interactions, anonymized behavioral data

Amazon Web Services (AWS S3)

Used for: Secure file storage

Data shared: Uploaded files, documents, audio recordings

Thingy

Used for: Multimodal AI conversation engine

Data shared: Conversation data, agent configurations, session information

These service providers are contractually obligated to protect your data and use it only for the purposes we specify. We do not share your data with any other third parties for marketing purposes.

6. Data Retention

We retain your personal information for as long as necessary to provide our Services and fulfill the purposes outlined in this Privacy Policy:

  • Active Accounts: We retain account data for the duration of your active subscription
  • Chat and Call Logs: We retain interaction logs for 60 days from the date of the interaction
  • Uploaded Files: Files are retained until you delete them or close your account
  • Payment Records: We retain payment records for 7 years to comply with tax and accounting regulations
  • Deleted Accounts: When you request account deletion, we begin the deletion process immediately and complete it within 30 days, except for data we are legally required to retain

Note: Currently, we do not have automatic deletion policies for inactive accounts. You must request deletion to remove your data.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

7.1 Rights Under GDPR (EU/EEA Users)

  • Right to Access: Request a copy of the personal data we hold about you
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data ("right to be forgotten")
  • Right to Data Portability: Request a copy of your data in a structured, machine-readable format
  • Right to Restriction: Request that we limit how we use your data
  • Right to Object: Object to our processing of your data for certain purposes
  • Right to Withdraw Consent: Withdraw consent for processing based on consent at any time
  • Right to Lodge a Complaint: File a complaint with your local data protection authority

7.2 Rights Under PIPEDA (Canadian Users)

Canadian users have similar rights to access, correct, and delete their personal information under PIPEDA (Personal Information Protection and Electronic Documents Act).

7.3 How to Exercise Your Rights

To exercise any of these rights, please contact our Data Protection Officer at martin@gocenter.ai. We will respond to your request within 30 days and begin the deletion process immediately upon request.

We may ask you to verify your identity before processing your request to ensure the security of your personal information.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience and collect usage information:

8.1 Types of Cookies We Use

  • Essential Cookies: Required for authentication and basic platform functionality
  • Analytics Cookies: PostHog analytics to understand usage patterns and improve our Services
  • Preference Cookies: Remember your settings and preferences

8.2 Managing Cookies

You can control cookies through your browser settings. However, disabling certain cookies may limit your ability to use some features of our Services. Most browsers allow you to:

  • View and delete cookies
  • Block third-party cookies
  • Block cookies from specific sites
  • Block all cookies

9. Security Measures

We implement industry-standard security measures to protect your personal information:

  • Encryption: Data in transit is protected using TLS/SSL encryption. Sensitive data (like Shopify access tokens) is encrypted at rest using AES-256-GCM encryption
  • Access Controls: Strict access controls and authentication mechanisms (JWT tokens)
  • Password Security: Passwords are hashed using industry-standard algorithms and never stored in plain text
  • Secure Infrastructure: Our Services are hosted on secure cloud infrastructure (Heroku for backend, Vercel for frontend)
  • Regular Monitoring: We continuously monitor for security threats and vulnerabilities
  • Data Backups: Regular backups to prevent data loss

While we strive to protect your personal information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

10. International Data Transfers

Center Labs Inc. is headquartered in Canada, but our Services are deployed in the United States. Your personal information may be transferred to, stored, and processed in the United States or other countries where our service providers operate.

When we transfer data from the EEA, UK, or Switzerland to countries that do not provide an adequate level of data protection, we implement appropriate safeguards such as:

  • Standard Contractual Clauses approved by the European Commission
  • Privacy Shield certification (where applicable)
  • Other legally approved mechanisms

By using our Services, you consent to the transfer of your information to the United States and other countries as described in this Privacy Policy.

11. Children's Privacy

Our Services are not intended for children under the age of 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us at martin@gocenter.ai, and we will delete such information from our systems.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will:

  • Update the "Last Updated" date at the top of this Privacy Policy
  • Notify you via email or through a prominent notice on our Services for material changes
  • Provide you with an opportunity to review the updated policy before it takes effect

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

13. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Data Protection Officer

Name: Martin Musiol
Email: martin@gocenter.ai
Company: Center Labs Inc.
Address: 120 East Beaver Creek Road, Suite 200
Richmond Hill, Ontario L4B 4V1
Canada

We will respond to all requests, inquiries, or concerns within 30 days.

This Privacy Policy was last updated on October 1, 2025 and is effective as of October 1, 2025.

© 2026 Center Labs Inc. All rights reserved.