← Back to Home

Privacy Policy

Centuri ("we", "us", or "our") operates the website centuri-ai.com. This policy explains what information we collect, how we use it, and your rights regarding that information.

---

1. Information We Collect

Centuri acts as a Data Controller for information collected via our website and a Data Processor for information processed during client security engagements.

A. Website Visitor Data

• Usage data. When you visit the site, our hosting provider (Cloudflare) may automatically record standard server log data — including your IP address, browser type, pages visited, and timestamps.
• Booking information. If you schedule a call via our calendar link (Google Calendar), your name, email address, and any notes you submit are received by us.

B. Security Engagement Data

During authorized red-teaming or security audits, we may process data contained within your AI systems. This processing is performed strictly under your instruction as the Data Controller.

2. How We Use Your Information

Our processing is based on Legitimate Interests (GDPR Article 6(1)(f)) — specifically for the purposes of ensuring network and information security, and providing requested services to our clients.

• To fulfill authorized security engagements and deliver findings reports.
• To maintain the security and performance of our infrastructure.
• To communicate regarding ongoing projects or inquiries.

We do not sell, rent, or share personal information with third parties for marketing purposes.

3. Cookies & Tracking

This site does not use first-party cookies or tracking pixels. Cloudflare may set functional cookies required for CDN and security operations. We do not run advertising networks or behavioral tracking on this site.

4. Third-Party Services

We use the following third-party services that may process data on our behalf:

• Cloudflare — CDN and hosting. Subject to Cloudflare's privacy policy.
• Google Calendar — Meeting scheduling. Subject to Google's privacy policy.

5. Data Retention & Disposal

We adhere to "Privacy by Design" principles:

• Website Data: Retained only as long as necessary for the purpose it was collected.
• Engagement Data: Raw logs and mission data gathered during an audit are purged within 90 days of final report delivery, unless otherwise specified in your Scope of Work.
• Redaction: We proactively redact PII from final vulnerability reports to minimize risk.

6. International Transfers

Centuri is based in the United States. For clients in the European Economic Area (EEA) or UK, we utilize Standard Contractual Clauses (SCCs) to ensure data transferred to the US receives an equivalent level of protection.

7. Your Rights

Under GDPR and applicable privacy laws, you have the right to access, rectify, or erase your personal data, and the right to object to or restrict certain processing. To exercise these rights, contact security@centuri-ai.com.

8. Children

This site is not directed at children under 13. We do not knowingly collect information from children.

9. Changes to This Policy

We may update this policy from time to time. The effective date at the top of this page will reflect any changes. Continued use of the site after an update constitutes acceptance of the revised policy.

10. Browser Extension (Centuri Shield)

Centuri Shield is a browser extension designed with a Local-First security architecture. When using the extension, the following privacy protocols are enforced:

• Zero Data Transmission. Centuri Shield does NOT collect, store, or transmit your chat communications, PII, or API keys. All scanning, detection, and redaction are performed locally within your browser.
• Data Isolation. No data audited by the extension is ever sent to Centuri or any third-party services.
• Local Settings. Your security policy preferences are stored exclusively on your device using chrome.storage.local.
• Permissions. The extension utilizes activeTab and scripting permissions solely to provide real-time DLP protection on AI chat domains you authorize.

11. Centuri Scanner (Web Tool)

The Centuri Intelligence Scanner is a browser-based forensic tool designed for 100% private code auditing. When using the scanner:

• No File Uploads. Files and folders dropped into the scanner are processed entirely within your local browser environment. Your code, system prompts, and configuration files are never transmitted to Centuri's servers or any third-party services.
• On-Device Analysis. Heuristic scanning and risk detection logic are executed on your client device.
• Volatile Reports. Forensic risk reports are generated in temporary browser memory and are permanently destroyed when the page is refreshed or closed.

12. Contact

Questions about this policy? Reach us at security@centuri-ai.com.