Last updated: 3 May 2026
Privacy Policy
PitchCentric is a product of Centric Labs ("we", "us", or "our"). This Privacy Policy explains how we collect, use, store, and protect your information when you use pitchcentric.com and our API ("the Service").
1. Data We Collect
Account information
When you register, we collect your name, email address, password (hashed using bcrypt), and the role you select (e.g. Founder, Communications, Investor Relations). If you sign in via Google or Microsoft OAuth, we receive your name, email, and profile picture from those providers.
OAuth tokens
If you connect a Gmail or Microsoft 365 account for email sending, we store the OAuth access and refresh tokens in our database (encrypted at rest). We use these tokens solely to send outreach emails on your behalf. We do not read, index, or store the content of your inbox.
Usage data
We log API requests (method, path, response code, latency) to our application logs. These logs do not contain request or response bodies.
Podcast catalogue queries
Search queries you run in the catalogue are logged with your user ID for quality improvement and abuse prevention. We do not sell query data to third parties.
Payment data
Billing is handled by Stripe. We store your Stripe Customer ID and subscription status but never store full card numbers or CVVs.
2. How We Store Your Data
All data is stored in a PostgreSQL database hosted on Azure. Data is encrypted at rest and in transit. OAuth tokens and session secrets are stored using environment-level secrets management and are not accessible to application code via plaintext environment variables at runtime.
3. How We Use Your Data
- To provide the Service (podcast discovery, AI pitch generation, email outreach)
- To authenticate you and maintain your session
- To send transactional emails (verification, password reset, outreach confirmations)
- To detect and prevent abuse
- To improve recommendation quality and model accuracy
We do not sell your personal data. We do not use your data to train AI models without your explicit consent.
4. Sub-processors
We share data with the following third parties as necessary to provide the Service:
| Sub-processor | Purpose | Data shared |
|---|---|---|
| Anthropic | AI pitch generation | Podcast metadata, episode summaries, your profile bio |
| OAuth sign-in, email sending | Email address, OAuth token | |
| Microsoft | OAuth sign-in, email sending | Email address, OAuth token |
| Stripe | Payment processing | Email, billing address |
| Azure | Hosting & infrastructure | All data at rest |
| Apollo.io | Contact enrichment | Domain name, host first/last name |
| AWS SES | Transactional email delivery | Recipient email address, email subject/body |
5. Your Rights
Depending on your jurisdiction, you may have the following rights:
- Access: Request a copy of all data we hold about you.
- Deletion: Request deletion of your account and all associated data. We will process deletion requests within 30 days.
- Portability: Request an export of your data in JSON format.
- Correction: Request correction of inaccurate data.
- Objection: Object to processing based on legitimate interests.
To exercise any of these rights, email privacy@pitchcentric.com.
6. Data Retention
Active account data is retained for as long as your account remains open. If you delete your account, your personal data is removed within 30 days. Anonymised usage aggregates may be retained indefinitely.
Application logs are retained for 90 days. Backup snapshots are retained for 30 days.
7. Cookies
We use a single session cookie for authentication. We do not use advertising cookies or third-party tracking cookies.
8. Children
The Service is not directed at children under 16. We do not knowingly collect personal data from children.
9. Changes to This Policy
We may update this policy from time to time. Material changes will be announced via email to registered users at least 14 days before they take effect.
10. Contact
Centric Labs
Email: privacy@pitchcentric.com