#ClientCentric

Privacy Policy

Last updated: May 29, 2026 · Effective May 29, 2026

This policy explains what Centric3, LLC collects, why, and the choices you have. In short: when you contact us, we use your details to reply to the request you started; marketing email and non-essential analytics run only with your consent — and you can reject as easily as you accept. We honor Global Privacy Control (GPC) signals.

On this page

What we collect
Lawful basis
How we use it
Cookies & consent
Third parties & sub-processors
Data retention
Your rights & data requests
Children’s privacy
Changes to this policy
Contact us

What we collect

We collect only what we need to respond to you and run this site:

Information you give us. Your name, email, company, and message when you use the contact form, request a project, take the AI Readiness Assessment, or subscribe to our insights.
Technical and usage data. Standard request data and anonymous, aggregated usage — collected only if you allow analytics cookies.
Consent state. A pseudonymous record of the cookie and marketing choices you make, so we can honor them.

There are no accounts or logins on this site. We do not sell your personal data, and we do not build advertising profiles.

Lawful basis for processing

We rely on two distinct bases, depending on what you do:

Contract & legitimate interest — inbound requests: When you submit the contact or project (configurator) form, we forward your details to our CRM to reply to the request you started. Because you initiated the contact, this proceeds regardless of your cookie choice. We stamp your marketing-consent state on the record but do not start any marketing sequence without your consent.
Consent — marketing & analytics: Our newsletter (double opt-in) and any non-essential analytics run only with your explicit consent. You can withdraw consent at any time — from the cookie manager below, an unsubscribe link, or by contacting us.

How we use your information

To reply to inbound questions and project enquiries you send us.
To deliver your AI Readiness Assessment result link (which expires after 24 hours).
To send Centric3 insights — only if you have opted in (double opt-in).
To understand site usage in aggregate — only with your analytics consent — so we can improve the site.
To keep a pseudonymous record of your consent choices for compliance and to honor them.

We do not use your data for automated decisions that produce legal or similarly significant effects.

Cookies & consent

We use Cookiebot as our consent management platform with Google Consent Mode v2. Non-essential cookies are denied by default until you make a choice. Cookies fall into three groups:

Necessary — always on; required for the site to function and to remember your consent.
Analytics — off by default; anonymous usage measurement, only with your consent.
Marketing — off by default; campaign relevance, only with your consent.

Rejecting is as easy as accepting — both are a single click of equal prominence. We also honor the Global Privacy Control (GPC) browser signal: when GPC is set, we treat it as an opt-out of analytics and marketing (including a CCPA/CPRA “Do Not Sell or Share” request).

Third parties & sub-processors

We share data only with vetted service providers who process it on our behalf under a data processing agreement. International transfers are covered by Standard Contractual Clauses (SCCs).

Sub-processor	Purpose	Region
HubSpot	CRM — system of record for contacts and enquiries	US (SCCs)
Cookiebot	Consent management (CMP)	EU
Cal.com	Meeting scheduling (loaded on intent)	EU/US
Resend	Transactional email (confirmations, result links)	US (SCCs)
Vercel	Hosting & content delivery	Global edge
Upstash	Ephemeral key-value store (tokens, rate limits)	US/EU
Cloudflare Turnstile	Bot protection on forms	Global edge
Google Analytics 4	Anonymous, consent-gated, server-side measurement	US (SCCs)

The full data processing register, sub-processor SCCs, and our security posture are documented on our Trust & data-handling page.

Data retention

CRM contact data is kept while our relationship is active and for as long as required by law, then deleted or anonymized. HubSpot is the system of record.
Assessment result tokens are non-identifying and auto-delete after 24 hours.
Delivery queue. If a CRM write needs retrying, a single encrypted entry (AES-256-GCM) is held transiently for roughly an hour, then drained and removed — it exists only to make sure no enquiry is lost.
Consent records are kept as an append-only log so we can prove and honor your choices.

Your rights & data requests

Depending on where you live, you have the right to:

Access the personal data we hold about you.
Rectify data that is inaccurate or incomplete.
Erase your data (“right to be forgotten”).
Port your data to another provider.
Withdraw consent for marketing or analytics at any time.
Opt out of sale/sharing — honored automatically when GPC is set.
Lodge a complaint with your data protection authority.

Request your data or its deletion

Use either route below. We verify your identity first, keep a PII-free audit reference, and respond within about 30 days. Erasure is carried out in our CRM (HubSpot).

Request my data or email hello@centric3.com

Children’s privacy

This site and our services are intended for businesses and are not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us data, contact us at hello@centric3.com and we will delete it.

Changes to this policy

We may update this policy as our practices or the law evolve. When we do, we revise the “Last updated” date at the top of this page. For material changes, we will provide a more prominent notice. Continued use of the site after an update means you accept the revised policy.

Contact us

Questions about this policy or your data? Reach us at hello@centric3.com.

Centric3, LLC — founded 2022. Written requests can be sent to the same address.