Privacy Policy
Effective Date: October 1, 2025
TLDR;
- What we collect: Limited personal data through our website and marketing tools (cookies, analytics, forms)
- Why we collect it: To operate our services, improve user experience, and provide relevant B2B marketing
- Who helps us: Trusted partners like Google Analytics, HubSpot, and PostHog help us understand usage and deliver content
- Your consent: We'll ask permission before setting non-essential cookies (where required by law) and you can change preferences anytime
- Your security: Your data is protected with strong security practices and never sold
- Data retention: We only keep your data as long as necessary
- Your rights: Depending on where you live (EU, UK, California, etc.), you can access, correct, delete, or limit use of your information
- Contact us: Exercise your rights anytime at privacy@centercode.com
Introduction
The following is intended to explain how we use this website, and any personal data we collect, to market and sell our products, and to explain the tools, services, and technologies we leverage to do so. Above all, our goal is to always be responsible in how we collect, store, and use your information, while complying with all relevant regulations.
Regardless, we comply with and are passionate about this entire policy and would encourage you to take your time in reviewing it. If you have any questions, please don’t hesitate to contact us at privacy@centercode.com.
Intended Audiences
The primary audience of this website is businesses interested in learning more about Centercode and its offerings. Centercode Labs is designed for professionals involved in product development and management, including Product Managers, Market Researchers, UX Managers, and User or Beta Test Managers. While the apps are publicly accessible and free to use, they are specifically created to provide value, insight, and engagement for individuals working in product-focused roles.
Scope
This privacy policy describes our privacy practices related to personal data that we collect through Centercode websites and related services (the “Sites”).
Visitor Tracking and Cookies
When you visit our Sites or interact with our marketing and sales content (including emails), we automatically collect certain information about your interactions through cookies, logs, and similar tracking technologies. These tools help us operate the Sites, understand usage, improve our services, and provide more relevant marketing. In some cases, our trusted partners may also set cookies to deliver targeted advertising.
How We Use Tracking Technologies
We use cookies and other passive data collection methods to:
- Operate and secure the Sites.
- Prevent fraud and misuse of our services.
- Measure and analyze how people use the Sites.
- Run experiments such as telemetry collection and A/B testing.
- Send targeted advertising to those who have visited the Sites.
- Understand responses to our emails and other communications.
- Improve our services, features, and your overall experience.
Consent
Where required by law (for example, in the EEA, UK, and Switzerland), we seek your explicit consent before placing non-essential cookies (such as analytics or marketing cookies). You may manage or withdraw your consent at any time through our cookie banner or your browser settings.
Third-Party Cookies and Opting Out
The following third-party services may place cookies or use similar tracking technologies (e.g., pixels, web beacons, clear gifs):
- Google Analytics: Helps us understand how visitors interact with our Sites and compile reports to improve our offerings. The information we receive is aggregated and does not identify you individually. See the Google Privacy Policy and opt out here.
- HubSpot: Tracks visits to our Sites, forms you complete, and your interactions with our communications. If you have provided us with Personal Data (e.g., filling out a form), HubSpot may associate that data with your activity. See the HubSpot Privacy Policy and opt out here.
- PostHog: Provides product analytics, feature usage tracking, and session replay capabilities to help us understand how users interact with our Sites and services. The information collected is generally aggregated and does not identify you individually unless you have chosen to provide Personal Data through other interactions with us (e.g., submitting a form). This data helps us improve our features, diagnose issues, and enhance user experience. See the PostHog Privacy Policy.
- Vercel Web Analytics: Provides privacy-first web analytics without cookies or persistent tracking. Vercel uses server-side aggregation to collect non-identifying traffic metrics (page views, referrers, device types) to help us understand site performance and usage patterns. No personal data is collected or stored. See the Vercel Privacy Policy.
Global Privacy Control (GPC): We automatically honor the Global Privacy Control (GPC) browser signal. If you enable GPC in your browser settings, we will respect your opt-out preference for analytics tracking. GPC is available in browsers such as Firefox, Brave, and via browser extensions for Chrome and Edge.
To learn more about cookies generally and how to adjust your browser preferences, visit resources such as the FTC's Online Tracking page or, if you reside in the European Union, Your Online Choices.
The Data We Collect and Receive
To operate and enable your use of the Sites, operate our business and services, contact you about Centercode, and for other legitimate business interests described in this policy, we receive and collect certain information from you and about you, which includes Personal Data.
When we use the term Personal Data, we mean information relating to an identified or identifiable individual (e.g., name, email address, phone number, location data, mailing address) (or as otherwise defined in the laws that apply).
By submitting or providing Personal Data or other information to us, you are representing that you have authority to do so and that we have full authorization to use this information in accordance with this privacy policy, even if the information relates to other individuals or entities.
How We Use Data
We use personal data to provide, secure, and operate the Sites. This includes analyzing usage and running experiments such as telemetry collection and A/B tests to improve features and performance. We process inputs and outputs to deliver AI-powered functionality and monitor its performance, and we communicate with you through updates, service notices, and onboarding messages.
Where appropriate, and with your consent when required, we also use data for B2B marketing activities. In addition, we handle data as necessary for legal compliance, audits, accounting, defending legal claims, and in connection with corporate transactions.
GDPR Legal Bases Mapping:
- Analytics → Consent (EU/EEA/UK/CH) or Legitimate interests (Rest of World)
- Marketing → Consent
- Service communications and onboarding → Performance of contract
- Security and fraud prevention → Legitimate interests
- Legal obligations → Compliance with law
How We Share Data
We share Personal Data with trusted third-party service providers who help us operate the Sites and deliver our services. See Visitor Tracking and Cookies above for details on specific third-party services and how they use tracking technologies.
Security
We take the security of the Personal Data that we hold very seriously. We maintain a written security policy for the security, integrity, and protection of the Personal Data we hold against unauthorized disclosure or loss. We have put in place physical, technical, and organizational processes and measures designed to safeguard all Personal Data.
These safeguards help prevent accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, the Personal Data that we hold. However, you should be aware that no security procedures or protocols are guaranteed to be 100% secure, and there is always some risk assumed when you share information.
If you have reason to believe that your Personal Data with us is no longer secure or you would like more information about our security practices, please contact us at privacy@centercode.com. If any Personal Data under our control is compromised as a result of a breach of security, we will investigate the situation and, where appropriate or required by law, notify those individuals whose information may have been compromised and take other steps in accordance with applicable laws and regulations.
Updating Email Preferences
To opt out of receiving emails or communications from us, please contact us at optout@centercode.com. We will respond promptly.
Data Retention
We retain Personal Data for as long as necessary to fulfill the purposes described in this policy:
- Marketing contact data: up to 3 years after last interaction
- Log data and cookies: typically 12-24 months, unless retention is required for security or compliance
Data Modification, Deletion, and Other Rights of European Residents
Individuals located in certain countries, including those residing in the European Union, the European Economic Area, the United Kingdom, and Switzerland (“European Residents”), have certain statutory rights regarding their Personal Data. For European Residents, reference to “Personal Data” in this privacy policy is equivalent to “personal data” as defined in the EU/UK GDPR.
Subject to any exemptions provided by law, these individuals may have the right to request access to their Personal Data, or seek to update, delete, or correct Personal Data. If your request relates to Personal Data within the scope of the GDPR, your rights may be exercised by contacting privacy@centercode.com. Any European Resident who is dissatisfied with our handling of a request regarding Personal Data within the scope of the GDPR, has a right to lodge a complaint with his or her local data protection authority responsible for monitoring the application of the GDPR.
For your protection, we may need to take additional steps to verify your identity before implementing any request relating to your Personal Data. If you have designated an authorized agent to exercise your rights on your behalf, please note that to protect your Personal Data, we will need to verify that your authorized agent has permission from you to make requests on your behalf, and we may need to also verify your authorized agent’s identity. If we are unable to do so, and you have not received a response from us, please contact us directly regarding your request. We will respond to your request within one month of receipt of your request, extendable by up to two further months where necessary, in accordance with applicable law. Please note that we may need to retain certain information for recordkeeping purposes, such as retaining copies of agreements you have entered into with us and/or for audit and investigation purposes, or in the event of a court order or requirement of law.
Deleted or updated Personal Data stored in our backup systems will be automatically deleted or updated within a reasonable period of time during our backup procedures, except as otherwise required by applicable law.
California and Similar State Privacy Rights
If you are a resident of California or another U.S. state with similar privacy laws (such as Colorado, Connecticut, Utah, or Virginia), you may have additional rights with respect to your Personal Data, subject to applicable law. These rights are in addition to those described above for European residents.
Your Rights
-
Right to Know / Access: You may request that we disclose the categories of Personal Data we have collected, the sources, the purposes for which we use it, and the categories of third parties with whom we share it. You may also request a copy of the specific pieces of Personal Data we hold about you (data portability).
-
Right to Deletion: You may request that we delete your Personal Data, subject to certain legal exceptions (for example, if we must retain it to comply with law or complete a transaction).
-
Right to Correct: You may request that we correct inaccurate Personal Data we maintain about you.
-
Right to Opt Out of Sale or Sharing: You may direct us not to sell or "share" your Personal Data as defined under California law. Centercode does not sell Personal Data to third parties.
-
Right to Limit Use of Sensitive Personal Information: Where applicable, you may direct us to limit the use of your sensitive Personal Data to what is necessary to perform our services or comply with law.
-
Right to Non-Discrimination: You will not receive discriminatory treatment for exercising your privacy rights.
How to Exercise These Rights
To exercise these rights, please contact us at privacy@centercode.com or by using the contact information listed in the "Questions or Concerns" section. You do not need to create an account to submit a request. We will take reasonable steps to verify your identity (or your authorized agent's identity) before fulfilling your request.
Links to Third-Party Sites
The Sites and emails that come from us may contain links to other websites on the Internet. We encourage you to review the privacy policies of all such third parties. Please note that we are not responsible for the privacy policies and collection, use, and disclosure practices (including the data security practices) of these third parties, including those that are our customers.
Data of Children
The Sites are not intended for minors under the age of 16 (or under 13 where applicable law sets a lower threshold). We do not knowingly or specifically collect information from these minors through the Sites or otherwise. If you believe that we have mistakenly or unintentionally collected information from minors or have any questions or concerns regarding the use of our services to collect information from minors, please contact us at privacy@centercode.com so that we may investigate and delete the information from our servers as necessary.
International Transfer of Data
The Personal Data and other information we collect from you is used, stored, and/or processed by us in the United States, where we are located. In addition, in the circumstances described in this privacy policy where your Personal Data and other information is transferred to a third party (such as our service provider), this data may also be used, stored, and/or processed outside of the United States in any country in which the third party has facilities or engages service providers. These countries may not offer the same legal protections offered in your country and may be considered by your country to offer insufficient legal protections.
European Residents have a right to withdraw their consent to cross-border transfers of their data, and if you wish to do so with respect to your Personal Data that we control, you may contact us at privacy@centercode.com. The withdrawal of consent will not affect the lawfulness of actions based on your consent prior to your withdrawal.
When we transfer Personal Data outside of the EEA, UK, or Switzerland, we rely on appropriate safeguards such as Standard Contractual Clauses approved by the European Commission, adequacy decisions, or other lawful mechanisms.
Changes to Our Privacy Policy
We reserve the right to change this privacy policy. If we make changes to this policy, you will find the revised privacy policy posted on the Sites, along with the effective date of the revised privacy policy. Your use of and access to the Sites after any changes become effective will be considered your acceptance of those changes and will constitute your agreement to be bound by the new or modified privacy policy.
Subprocessors
| Subprocessor | Purpose | Primary Region(s) | Policy/Docs |
|---|---|---|---|
| PostHog | Product analytics, Feature usage, Session replay | EU/US | https://posthog.com/privacy |
| Upstash | Serverless data storage and caching | US/EU | https://upstash.com/trust/privacy.pdf |
| Vercel | Hosting, edge functions, CDN delivery, Web Analytics | Global | https://vercel.com/legal/privacy-policy |
| Neon | Managed database | US/EU | https://neon.com/privacy-policy |
| HubSpot | CRM, forms, chat, marketing automation | US/EU | https://legal.hubspot.com/privacy-policy |
| OpenAI | Natural language processing AI feature delivery (no training on your data) | US/EU | https://openai.com/policies/privacy-policy |
| Resend | Email transfer | US | https://www.resend.com/legal/privacy-policy |
Subprocessor Updates
We may update this list. Customers will be notified of material changes at least 30 days in advance, through a notice on our Sites.
Questions or Concerns
Questions about this Privacy Policy or our information practices should be directed to Centercode using the following:
- General requests: privacy@centercode.com
- Privacy Officer: dpo@centercode.com
- Mail: 23422 Mill Creek Dr., Suite 105, Laguna Hills, CA 92653, USA
- Phone: (800) 705-6540