Privacy Policy

1. Who we are

CeliaConnect is a product of Zentrosoft LLC, a New York limited liability company (“Zentrosoft,” “we,” “us”). This policy describes how we handle information when you visit celiaconnect.com, sign up for the service, or contact us. For data we process on behalf of customer institutions, we act as a Data Processor; the institution is the Data Controller. Our obligations in that role are governed by our Data Processing Agreement.

2. What we collect

• Institutional contact information. Names, work email addresses, job titles, and institution names for the staff who sign up, administer the tenant, and use the product. We also collect billing contact details when you subscribe.
• Operational data from your Slate instance. Anonymous Slate IDs and behavioral signals (event codes, stage transitions, yes/no flags, numeric fields mapped through your data dictionary). We do not ingest student names, email addresses, phone numbers, physical addresses, SSNs, dates of birth, essay content, recommendation letters, financial account numbers, or other personally identifying information from Slate.
• Product usage analytics. Pages visited inside the app, features used, timing, and error events, for service operation, billing, and improvement.
• Website analytics. We use Cloudflare Web Analytics on celiaconnect.com. It is cookieless and does not fingerprint visitors.
• Support communications. Messages you send us, their content, and metadata needed to resolve the issue.
• Cookies. Session cookies required to keep you logged in. No advertising cookies, no cross-site tracking, no third-party analytics cookies.

3. How we collect it

We collect information you voluntarily submit (forms, account creation, support messages), information your Slate instance sends to us through the service-account query you configure, server-side logs generated by your use of the product, and cookieless analytics events from visits to our marketing site.

4. How we use it

• To provide, operate, maintain, and secure the service.
• To bill you and record the transaction.
• To communicate with you about service updates, security notices, support requests, and, if you opted in, product news.
• To improve the product — including training or tuning internal components using aggregated, de-identified data. We do not use customer data to train third-party foundation models.
• To comply with legal obligations and enforce our Terms.

5. Who we share with

We share data only with sub-processors that help us deliver the service, and only to the extent necessary. Current sub-processors:

• Cloudflare, Inc. (United States) — cloud infrastructure (Workers, D1, KV, R2, Pages, Queues, Analytics Engine, Web Analytics).
• Anthropic, PBC (United States) — AI reasoning for CeliaConnect’s analyses. Receives only anonymized, non-PII operational data, by architectural guarantee.
• Stripe, Inc. (United States) — subscription billing and payment processing.
• Mailgun Technologies (Pathwire) (United States) — transactional and opt-in marketing email.

We do not sell personal information. We do not share data for advertising. We disclose data to law enforcement only when legally compelled and, where lawful, will notify the affected customer. The full, current list is maintained at /legal/subprocessors/.

6. The no-PII architecture

The most important thing to understand about CeliaConnect’s privacy posture is structural, not procedural. Our data pipeline from Slate passes through a mapping layer (your data dictionary) that converts Slate field values into semantic signals before any data reaches Celia or our AI sub-processor. The queries we ship for you to install in Slate deliberately do not select PII fields. Runtime guardrails fail closed if a PII-shaped value is detected in a payload that would otherwise be sent to Anthropic.

As a practical matter this means Celia and Anthropic never see: student names, email addresses, phone numbers, physical addresses, SSNs, dates of birth, health or disability information, financial account numbers, essay content, recommendation letters, photos, or biometric data. Those stay inside your Slate instance, under your control, subject to Slate’s own protections.

7. Data lifecycle

• During subscription. Your tenant database is isolated per institution. Export is available at any time in CSV or JSON.
• Grace period. On cancellation or deactivation, a thirty (30) day grace window begins during which the tenant can be reactivated on request.
• Deletion. After the grace window, we permanently delete the tenant database and supporting operational caches.
• Compliance archive. We retain an envelope-encrypted compliance archive in Cloudflare R2 for seven (7) years after deletion, consistent with higher-education retention norms (FERPA-aligned). Access requires dual-control and is logged. You may shorten or lengthen this period by written agreement in the DPA.
• Audit log. Every lifecycle event is recorded in a hash-chained audit log that you can export.

8. Your rights

Regardless of where you live, you may ask us to:

• Access the personal information we hold about you.
• Correct inaccurate information.
• Delete information we no longer need to process.
• Export information in a portable format.
• Restrict or object to certain processing.

Send requests to solutions@zentrosoft.com. We respond within 30 days. For data we process on behalf of an institution, we route requests to that institution as Data Controller.

9. FERPA alignment

CeliaConnect is designed to align with the Family Educational Rights and Privacy Act (FERPA, 20 U.S.C. § 1232g). Because we do not ingest personally identifying student records from your Slate instance, we do not process “education records” as FERPA defines them in the hands of our service. For the limited operational signals we do process, we act under the direct control of the institution under a written agreement (the DPA) that restricts use of the information to the purposes for which we are engaged.

10. GDPR (EU, UK, EEA users)

If you are in the EU, UK, or EEA, the General Data Protection Regulation and the UK GDPR give you rights to access, rectification, erasure, restriction, portability, and objection. Our legal basis for processing is (a) performance of a contract (to provide the service) and (b) legitimate interest (to secure, operate, and improve the service). For institutional customers we act as Processor under Article 28 and our DPA governs that relationship. International transfers rely on the Standard Contractual Clauses where applicable. You may lodge a complaint with your local supervisory authority.

11. CCPA (California residents)

Under the California Consumer Privacy Act and CPRA, California residents have rights to know, delete, correct, and port their personal information, to opt out of sale or sharing, and to non-discrimination for exercising these rights. We do not sell personal information and do not share it for cross-context behavioral advertising. To exercise rights, contact solutions@zentrosoft.com.

12. Do Not Track

Our website does not rely on cross-site tracking, so there is no tracking to disable. We honor the spirit of Do Not Track by default: no advertising cookies, no third-party analytics, no fingerprinting.

13. Security measures

• Encryption in transit (TLS 1.2+) and at rest (AES-256 on Cloudflare storage).
• Per-tenant database isolation. Every query, cache lookup, and AI call is scoped by Organization ID.
• Envelope encryption of Slate service credentials using a per-tenant Data Encryption Key wrapped by a Cloudflare-held Key Encryption Key.
• Hash-chained audit log for tamper evidence on every write to Slate and every privileged action.
• Least-privilege access for Zentrosoft personnel, MFA on all admin consoles, and quarterly access reviews.
• Runtime PII guardrails that fail closed before any outbound AI call.

14. Incident notification

If we confirm a security incident affecting your tenant, we will notify your designated security contact within twenty-four (24) hours, describe what we know, and update you as the investigation progresses.

15. Children

CeliaConnect is a B2B product sold to higher-education institutions. It is not intended for use by children under 13, and we do not knowingly collect information from them. Our institutional customers work predominantly with applicants aged 17 and older.

16. Changes to this policy

We may update this policy from time to time. For material changes, we will email the administrative contact on file and post a changelog entry at the top of this page. For non-material changes, we will update the “Last updated” date. Your continued use of the service after an update constitutes acceptance of the revised policy.

17. Contact

Privacy questions and rights requests: solutions@zentrosoft.com

Data-protection inquiries: solutions@zentrosoft.com

Zentrosoft LLC — New York, USA.