Legal

Privacy Policy

Your privacy matters to us. This policy explains how we collect, use, and protect your personal data.

Last updated: February 1, 2026

1. Data Controller

The data controller responsible for the processing of your personal data is:

SIXA AG
Musterstraße 1
8001 Zürich
Switzerland

Email: privacy@central.app
Phone: +41 (0) 44 000 00 00

2. What Data We Collect

We collect the following categories of personal data when you use our platform:

2.1 Account Information

  • Name and email address
  • Company name and business address
  • Phone number (optional)
  • Password (stored in hashed form)

2.2 Usage Data

  • Log data (IP address, browser type, pages visited, timestamps)
  • Feature usage analytics
  • API call logs and request metadata

2.3 Product Data

  • Product information you upload or import (names, descriptions, specifications, images)
  • Custom field definitions and values
  • Enrichment results and AI-generated content

2.4 Payment Information

  • Billing address and invoicing details
  • Payment information is processed by our payment provider and is not stored on our servers

3. How We Use Your Data

We process your personal data for the following purposes:

  • Service Delivery: To provide, maintain, and improve the Central platform, including AI-powered product enrichment, data processing, and content optimization.
  • Account Management: To create and manage your account, authenticate your identity, and provide customer support.
  • Communication: To send you service-related notifications, updates, security alerts, and, where permitted, marketing communications.
  • Analytics: To understand how our services are used and to improve user experience, features, and performance.
  • Legal Compliance: To comply with applicable laws, regulations, and legal processes.
  • Security: To detect, prevent, and address fraud, abuse, and security incidents.

4. Legal Basis for Processing

We process your personal data on the following legal bases under the GDPR and the Swiss Federal Act on Data Protection (FADP):

  • Contract Performance (Art. 6(1)(b) GDPR): Processing necessary to fulfill our contractual obligations to you.
  • Legitimate Interests (Art. 6(1)(f) GDPR): Processing necessary for our legitimate business interests, such as improving our services and ensuring security.
  • Consent (Art. 6(1)(a) GDPR): Where you have given explicit consent, for example for marketing communications or non-essential cookies.
  • Legal Obligation (Art. 6(1)(c) GDPR): Processing required by applicable law.

5. Cookies & Tracking Technologies

We use cookies and similar technologies to provide and improve our services. These include:

  • Essential Cookies: Required for the platform to function (session management, authentication, security). These cannot be disabled.
  • Analytics Cookies: Help us understand usage patterns and improve the platform. We use privacy-focused analytics tools.
  • Preference Cookies: Remember your settings and preferences (language, theme, display options).

You can manage your cookie preferences at any time through your browser settings. Disabling certain cookies may affect the functionality of the platform.

6. Third-Party Services

We use the following categories of third-party services to operate the platform:

  • Cloud Infrastructure: For hosting and data storage (servers located in the EU/EEA).
  • AI Processing: For product data enrichment and content generation. Product data may be processed by AI model providers under strict data processing agreements.
  • Payment Processing: For handling subscription payments securely.
  • Email Services: For transactional and, where consented, marketing emails.
  • Analytics: For understanding platform usage and performance.

All third-party providers are bound by data processing agreements that ensure compliance with applicable data protection regulations.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy:

  • Account Data: Retained for the duration of your account and up to 30 days after account deletion.
  • Product Data: Retained for the duration of your subscription. Upon termination, data is deleted within 90 days unless legal retention obligations apply.
  • Usage Logs: Retained for up to 12 months for analytics and security purposes.
  • Billing Records: Retained for up to 10 years as required by Swiss commercial law.

8. Your Rights

Under the GDPR and Swiss data protection law, you have the following rights:

  • Right of Access: You can request a copy of all personal data we hold about you.
  • Right to Rectification: You can request correction of inaccurate personal data.
  • Right to Erasure: You can request deletion of your personal data, subject to legal retention requirements.
  • Right to Restrict Processing: You can request that we limit the processing of your data in certain circumstances.
  • Right to Data Portability: You can request your data in a structured, machine-readable format.
  • Right to Object: You can object to processing based on legitimate interests or for direct marketing purposes.
  • Right to Withdraw Consent: Where processing is based on consent, you can withdraw it at any time.

To exercise any of these rights, please contact us at privacy@central.app. We will respond to your request within 30 days.

9. International Data Transfers

Your data is primarily processed and stored within the European Economic Area (EEA) and Switzerland. Where data is transferred to third countries, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission and the Swiss Federal Data Protection and Information Commissioner (FDPIC).

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including encryption in transit and at rest, access controls, regular security audits, and incident response procedures. However, no method of transmission or storage is 100% secure.

11. Children’s Privacy

Central is a business-to-business platform and is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us at privacy@central.app.

12. Changes to This Policy

We may update this privacy policy from time to time. Material changes will be communicated via email or a prominent notice on our platform. The “Last updated” date at the top of this page indicates when the policy was last revised.

13. Contact for Privacy Inquiries

For any questions or concerns regarding this privacy policy or our data practices, please contact:

Data Protection Officer
SIXA AG
Musterstraße 1
8001 Zürich, Switzerland
Email: privacy@central.app

You also have the right to lodge a complaint with the competent supervisory authority, in particular in the EU/EEA Member State of your habitual residence, place of work, or place of the alleged infringement. In Switzerland, the competent authority is the Federal Data Protection and Information Commissioner (FDPIC).