Privacy & PCI Policy.
This Privacy Policy explains how Centuric LLC ("Centuric," "we," "us") collects, uses, protects, and shares information when you use the MyCallPath.ai communications platform ("Service"), visit our website, or interact with us as a customer or prospect. It also describes how we handle payment card data under the Payment Card Industry Data Security Standard (PCI DSS).
We collect what we need to deliver phone service, bill you, and improve the platform. We never sell your data. Payment card data is processed by a PCI-DSS-certified third party and never stored on our servers. Your call recordings and transcripts belong to you, and you can request deletion.
1. Information We Collect
Account and contact information
When you sign up or request a demo, we collect your name, company name, business email address, phone number, billing address, and the number of users you intend to provision. We may also collect industry, role, and preferred contact method.
Service usage data
To deliver the Service, we process Call Detail Records (CDRs) and message metadata, including originating and terminating phone numbers, call start time, duration, disposition, jurisdiction, device identifiers, and IP addresses of registered endpoints.
Communications content
Depending on the features you enable, we may process: voice call audio (for routing, recording, and transcription), SMS and MMS message content (for delivery and compliance), voicemail audio and text transcripts, and video conferencing audio and video streams.
AI-derived data
If you enable conversation-intelligence features, we generate derived data including call transcripts, topic tags, sentiment scores, summaries, and action-item extractions. These outputs are stored alongside the source recording and treated with the same protections.
Website and product analytics
We collect standard web telemetry on mycallpath.ai including IP address, browser type, pages viewed, referrer, and timestamps. We use this to operate and improve the site. We do not use third-party advertising cookies.
2. How We Use Information
We use the information we collect to:
- Provision, deliver, and maintain the Service, including routing calls, delivering messages, and producing AI outputs you have requested
- Bill you accurately and process payments through our PCI-compliant payment processor
- Provide technical support, respond to inquiries, and communicate about service changes
- Detect, investigate, and prevent fraud, abuse, and security incidents
- Comply with legal obligations, including E911 dispatch, lawful intercept orders, and tax reporting
- Improve the platform through aggregated, de-identified analytics that cannot be traced back to individuals
We do not use customer call content, transcripts, or message content to train third-party AI models. AI features that operate on your data run within infrastructure governed by this policy and our underlying carrier agreements.
3. Payment Card Data & PCI Compliance
We do not store, transmit, or process full payment card numbers on our own systems. All payment card data is captured directly by a PCI-DSS Level 1 certified payment processor through tokenization. Centuric only ever sees a non-sensitive token, the last four digits, and the card brand.
Scope of PCI compliance
Centuric processes payments through a third-party payment processor (such as Stripe, Authorize.net, or equivalent) that maintains PCI DSS Level 1 certification. The cardholder data environment (CDE) is operated entirely by that processor. Centuric is a PCI-DSS SAQ-A merchant: we never come into contact with the primary account number, CVV, or magnetic stripe data.
What we store
For each payment method on file, we retain only:
- The processor-issued payment token (which cannot be used outside our merchant account)
- The last four digits of the card number
- The card brand (Visa, Mastercard, etc.)
- The expiration month and year
- The cardholder name and billing ZIP code
How payments are transmitted
When you enter card information in our checkout or customer portal, the data is transmitted directly from your browser to the payment processor over a TLS 1.2 or higher encrypted connection. The processor returns a token to us. At no point does the card number traverse Centuric's network or appear in our logs.
If you call to provide card information
If you provide payment card information to Centuric staff by phone, we enter the card directly into the payment processor's secure portal. We do not write down, email, or otherwise record card numbers. Calls in which payment information is provided are not subject to call recording.
Cardholder rights
You may remove a stored payment method at any time through the customer portal or by contacting billing@centuric.com. Removal takes effect immediately for future charges.
4. Call Recording, Transcription & Consent
You control whether call recording, transcription, and conversation-intelligence features are enabled on your account. When enabled, you are responsible for obtaining any consent required by federal, state, or local law before recording or analyzing a call.
Several U.S. states (including California, Florida, Pennsylvania, Washington, Massachusetts, and others) require all-party consent. The Service can be configured to play a consent notification at the start of recorded calls; you must enable and verify this feature where required by your jurisdiction.
Recordings and transcripts are stored encrypted at rest, accessible only to authorized users within your account, and retained according to the retention period you configure (default: 90 days). You may export or delete recordings and transcripts at any time.
5. Data Sharing
We share information only as necessary to deliver the Service or comply with law:
| Recipient | Purpose |
|---|---|
| Underlying carriers | Routing voice calls, delivering SMS, providing emergency services, and meeting STIR/SHAKEN attestation requirements |
| Payment processor | Charging the payment method on file under PCI-DSS controls |
| Email delivery service | Sending transactional notifications, lead acknowledgements, and customer communications |
| Cloud infrastructure providers | Operating the platform within U.S.-based data centers under standard data processing agreements |
| Law enforcement | Only in response to a valid subpoena, court order, or other lawful request, including E911 dispatch and lawful intercept |
We do not sell personal information. We do not share customer call content, transcripts, or message data with advertisers, data brokers, or any party not listed above.
6. Data Retention
We retain personal data for as long as your account is active and for a reasonable period thereafter to meet legal, tax, and operational requirements. Specifically:
- Call Detail Records (CDRs): retained for at least 18 months to support billing disputes and regulatory inquiries
- Recordings, transcripts, and AI outputs: retained according to your configured retention setting (default 90 days, configurable up to 7 years)
- Billing records and invoices: retained for 7 years for tax and audit purposes
- Account profile and contact information: retained for the life of the account plus 24 months after termination
- Website analytics: retained in aggregated form for up to 26 months
Following the applicable retention period, data is deleted from production systems and purged from backups in the next backup rotation cycle.
7. Security
We protect personal data with administrative, technical, and physical safeguards appropriate to the sensitivity of the data, including:
- Encryption in transit (TLS 1.2 or higher) and at rest (AES-256)
- Role-based access controls and least-privilege principles for our personnel
- Multi-factor authentication on administrative systems
- Continuous logging and monitoring of access to customer environments
- Annual third-party security assessments and vulnerability management
- Vendor due diligence on subprocessors handling personal data
No system is perfectly secure. In the event of a confirmed data breach affecting your personal data, we will notify you and the appropriate authorities within the timeframes required by applicable law.
8. Your Rights
Depending on where you reside, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you
- Correction: Request that we correct inaccurate or incomplete data
- Deletion: Request that we delete personal data, subject to legal retention obligations
- Portability: Request export of your data in a portable format
- Restriction or objection: Restrict certain processing activities
- Withdrawal of consent: Where we rely on consent, withdraw it at any time
To exercise any of these rights, contact privacy@centuric.com. We will respond within 30 days. California residents have additional rights under the CCPA/CPRA; we do not sell or share personal information for cross-context behavioral advertising.
9. HIPAA
The Service can be configured to support compliance obligations under the Health Insurance Portability and Accountability Act (HIPAA) for Covered Entities and Business Associates. If you require a Business Associate Agreement (BAA), contact compliance@centuric.com before transmitting protected health information through the Service. We do not treat the Service as HIPAA-compliant by default without an executed BAA.
10. Cookies and Tracking
The mycallpath.ai marketing site uses minimal first-party cookies necessary for functionality (such as remembering whether you have closed a notice). We do not use third-party advertising or behavioral tracking cookies. Within the customer portal, we use session cookies required for authentication.
11. International Users
The Service is operated from the United States and is intended for use by businesses located in the United States and Canada. If you access the Service from outside North America, you consent to the transfer of your data to the United States, where data protection laws may differ from those in your jurisdiction.
12. Children
The Service is not directed to children under 18 and we do not knowingly collect personal data from minors. If you believe a minor has provided personal data through the Service, contact us at privacy@centuric.com and we will delete it.
13. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes affecting how we use or disclose personal data will be communicated by email to account administrators at least 30 days before they take effect. The effective date at the top of this policy indicates the most recent version.
14. Contact Us
For privacy questions, data subject requests, or to report a concern:
Centuric LLC — Privacy Office
Sunrise, Florida
Privacy: privacy@centuric.com
Compliance: compliance@centuric.com
Billing: billing@centuric.com