Privacy Policy

1. Information We Collect

We collect information that you provide directly to us and information generated through your use of the Platform:

• Account Information: Name, email address, phone number, organization details, and role within your organization.
• Financial Data: Payment details, bank account information, transaction records, and vendor/supplier information that you enter into the Platform.
• Usage Data: Log data, device information, IP addresses, and how you interact with the Platform.
• Communication Data: Messages sent through the Platform, support requests, and feedback.

2. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Platform
• Process payments and financial transactions on your behalf
• Send transactional notifications (payment approvals, confirmations, alerts)
• Provide customer support
• Detect and prevent fraud, abuse, and security incidents
• Comply with legal and regulatory obligations
• Generate anonymized, aggregated analytics to improve our services

3. Data Security

We take the security of your data seriously and implement multiple layers of protection:

• Encryption of sensitive data at rest and in transit
• Two-factor authentication (2FA) for account access
• Secure SFTP connections for banking file transfers
• Regular security audits and vulnerability assessments
• Role-based access controls within organizations
• Encrypted storage of credentials and API keys

4. Data Sharing

We do not sell your personal data. We may share your information with:

• Payment Providers: To process payments you initiate (e.g., Paystack, bank SFTP integrations).
• ERP/Accounting Integrations: When you connect third-party services like Xero, we share the data necessary for synchronization.
• Service Providers: Third-party services that help us operate the Platform (hosting, email delivery, SMS providers).
• Legal Requirements: When required by law, regulation, or legal process.

5. Data Retention

We retain your data for as long as your account is active or as needed to provide services. Financial transaction records are retained for a minimum of 7 years to comply with regulatory requirements. After account cancellation, your data is retained for 30 days before permanent deletion, during which time you can export your data or reactivate your account.

6. Your Rights

You have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data (subject to legal retention requirements)
• Export your data in a portable format
• Withdraw consent for optional data processing
• Object to processing of your data for specific purposes

To exercise any of these rights, contact us at privacy@getcentry.app

7. Cookies and Tracking

We use essential cookies to maintain your session and preferences. We do not use third-party advertising cookies. Analytics cookies are used only in anonymized, aggregated form to help us understand how the Platform is used and improve the user experience.

8. International Data Transfers

Your data may be processed in countries other than your own. We ensure that appropriate safeguards are in place for any international data transfers, including standard contractual clauses and data processing agreements with our service providers.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Platform. Your continued use of the Platform after changes constitutes acceptance of the updated policy.