Privacy Policy
Last updated: December 24, 2025
Summary: We respect your privacy and are committed to protecting your personal data.
This policy explains how we collect, use, and safeguard your information in compliance with GDPR, UK GDPR,
PIPEDA, and other applicable privacy laws.
1. Introduction
Cenrixa ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains
how we collect, use, disclose, and safeguard your information when you use our project management
platform and related services.
This policy applies to all users of Cenrixa, including users in the European Economic Area (EEA),
United Kingdom, Canada, and other jurisdictions with data protection laws.
2. GDPR Compliance (EU and UK Users)
If you are located in the European Economic Area (EEA) or United Kingdom, you have specific rights
under the General Data Protection Regulation (GDPR) and, for UK users, the UK GDPR as incorporated
by the Data Protection Act 2018.
Data Controller
Cenrixa is the data controller for personal data processed in connection with your use of our services.
For contact details, please see Section 12 below.
Legal Basis for Processing
We process your personal data based on the following legal grounds:
- Contract Performance (Article 6(1)(b)): Processing necessary to provide our services to you
- Legitimate Interests (Article 6(1)(f)): Processing for our legitimate business interests (security, fraud prevention, service improvement), where these interests are not overridden by your rights
- Consent (Article 6(1)(a)): Processing based on your explicit consent (e.g., marketing communications, non-essential cookies)
- Legal Obligation (Article 6(1)(c)): Processing required to comply with applicable laws
Your GDPR Rights
Under GDPR/UK GDPR, you have the following rights:
- Right of Access (Article 15): Request a copy of your personal data. We will respond within 30 days.
- Right to Rectification (Article 16): Correct inaccurate or incomplete data
- Right to Erasure (Article 17): Request deletion of your personal data ("right to be forgotten"), subject to legal retention requirements
- Right to Restrict Processing (Article 18): Limit how we use your data in certain circumstances
- Right to Data Portability (Article 20): Receive your data in a structured, commonly used, machine-readable format
- Right to Object (Article 21): Object to processing based on legitimate interests or direct marketing
- Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent, without affecting the lawfulness of prior processing
- Rights Related to Automated Decision-Making (Article 22): Not be subject to decisions based solely on automated processing that significantly affect you
To exercise any of these rights, please contact us at privacy@cenrixa.com.
We will respond to your request within one month, as required by law.
Data Transfers
If we transfer your data outside the EEA or UK, we ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- UK International Data Transfer Agreement (IDTA) or UK Addendum to EU SCCs for UK transfers
- Adequacy decisions for countries with equivalent data protection laws
- Supplementary measures where required by Schrems II guidance
UK-Specific Information
For users in the United Kingdom:
- Your data protection rights are governed by the UK GDPR and the Data Protection Act 2018
- You have the right to lodge a complaint with the Information Commissioner's Office (ICO)
- ICO Contact: ico.org.uk/make-a-complaint
or call 0303 123 1113
- We conduct Transfer Impact Assessments for international data transfers as required
3. PIPEDA Compliance (Canadian Users)
If you are located in Canada, your personal information is protected under the Personal Information
Protection and Electronic Documents Act (PIPEDA) and applicable provincial legislation.
Your PIPEDA Rights
- Right to Access: Request access to your personal information
- Right to Correction: Challenge the accuracy of your personal information
- Right to Withdraw Consent: Withdraw consent for data collection, subject to legal or contractual restrictions
- Right to Complain: File a complaint with the Office of the Privacy Commissioner of Canada
PIPEDA Principles We Follow
- Accountability: We are responsible for personal information under our control and have designated a privacy officer
- Identifying Purposes: We identify the purposes for data collection at or before the time of collection
- Consent: We obtain meaningful consent for data collection, use, and disclosure
- Limiting Collection: We only collect data necessary for identified purposes
- Limiting Use, Disclosure, and Retention: We only use data for stated purposes and retain it only as long as necessary
- Accuracy: We keep personal information accurate and up-to-date
- Safeguards: We protect personal information with appropriate security measures
- Openness: We make our privacy policies readily available
- Individual Access: We provide access to personal information upon request
- Challenging Compliance: You may challenge our compliance with these principles
Quebec Law 25 Compliance (Quebec Users)
If you are located in Quebec, you have additional rights under the Act respecting the protection of
personal information in the private sector (Quebec Law 25):
- Right to Data Portability: Receive your personal information in a commonly used technological format
- Right to De-indexation: Request that links to your personal information be de-indexed from search results
- Right to Information: Be informed about automated decision-making processes that use your personal information
- Breach Notification: You will be notified of privacy breaches that create a risk of serious harm
We have appointed a privacy officer responsible for ensuring compliance with privacy legislation.
Contact: privacy@cenrixa.com
Quebec users may also contact the Commission d'accès à l'information du Québec (CAI) at
www.cai.gouv.qc.ca.
4. Information We Collect
Information You Provide
- Account Information: Name, email address, password (encrypted), organization name
- Profile Information: Profile photo, job title, contact details
- Content: Projects, tasks, comments, files, and other content you create
- Communications: Messages, support requests, feedback
- Payment Information: Billing address, payment card details (processed securely by Stripe)
Information Collected Automatically
- Usage Data: Features used, actions taken, time spent
- Device Information: Browser type, operating system, device identifiers
- Log Data: IP address, access times, pages viewed, referring URL
- Cookies: See our Cookie Policy for details
5. How We Use Your Information
| Purpose |
Legal Basis (GDPR) |
| Provide and maintain our services |
Contract performance |
| Process transactions and send billing information |
Contract performance |
| Send service-related communications |
Contract performance / Legitimate interests |
| Respond to support requests |
Contract performance |
| Improve our services and develop new features |
Legitimate interests |
| Detect and prevent fraud and security issues |
Legitimate interests / Legal obligation |
| Send marketing communications (with consent) |
Consent |
| Comply with legal obligations |
Legal obligation |
6. Data Sharing and Disclosure
We do not sell your personal data. We may share your information with:
- Service Providers: Third parties that help us operate our services (hosting, payment processing, analytics)
- Team Members: Other users in your organization who need access to collaborate
- Legal Requirements: When required by law, court order, or government request
- Business Transfers: In connection with a merger, acquisition, or sale of assets
- With Your Consent: When you explicitly authorize sharing
7. Data Security
We implement industry-standard security measures to protect your data:
- 256-bit AES encryption for data at rest and in transit
- End-to-end encryption for sensitive communications
- Regular security audits and penetration testing
- Enterprise-grade secure cloud infrastructure
- Two-factor authentication available for all accounts
- Secure data centers with physical access controls
8. Data Retention
We retain your personal data for as long as necessary to:
- Provide our services to you
- Comply with legal obligations
- Resolve disputes and enforce agreements
- Maintain business records as required by law
When you delete your account, we will delete or anonymize your personal data within 30 days,
except where retention is required for legal purposes.
9. Children's Privacy
Cenrixa is not intended for children under 16 years of age. We do not knowingly collect personal
information from children. If we learn that we have collected data from a child, we will delete
it promptly.
10. Third-Party Links
Our services may contain links to third-party websites. We are not responsible for the privacy
practices of these external sites. We encourage you to review their privacy policies.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by:
- Posting a notice on our website
- Sending an email to registered users
- Updating the "Last updated" date at the top of this policy
12. Contact Us
If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us: