Privacy Policy

Ciento

Last Updated: November 25, 2025

1. Introduction

Welcome to Ciento. Ciento Labs Inc. (“Company,” “we,” “us,” “our”) respects your privacy and is committed to protecting it through our compliance with this policy.

This policy describes the types of information we may collect from you or that you may provide when you use the Ciento mobile application (available on iOS and Android), our website, and our conversational interfaces via WhatsApp or Telegram (collectively, our "Service").

By accessing or using the Service, you agree to this privacy policy.

2. Information We Collect About You

We collect several types of information from and about users of our Service.

A. Information You Provide to Us

  • Account Information: Name, email address, phone number (specifically your WhatsApp or Telegram handle), and password.
  • Voluntary Financial Data: We do not directly access, scrape, or connect to your financial institution accounts. We only process financial data (such as expense entries, budget limits, or balances) that you manually input into the Service or send to us via chat.
  • Conversational & AI Data: When you interact with Ciento via WhatsApp or Telegram, we collect the content of your messages, prompts, and audio files to generate AI responses.

B. Information Collected Automatically (App & Device)

  • Usage Details: Traffic data, logs, and communication data (e.g., time spent in-app).
  • Device Information: We may collect information about your mobile device and internet connection, including the device's unique device identifier (UUID), IP address, operating system, and browser type.
  • Push Notifications: If you grant permission, we may send push notifications to your mobile device regarding budget alerts or account updates. You can manage these permissions in your device settings.

C. Information from Third Parties

  • Meta (WhatsApp) & Telegram: We receive your phone number and profile name associated with your WhatsApp or Telegram account when you initiate a chat with our Service.

3. How We Use Your Information

We use information that we collect about you or that you provide to us:

  • To Provide the Service: To process your natural language queries via chat and retrieve relevant insights based on the data you have manually provided (e.g., "How much did I spend on groceries this month?").
  • To Improve Our AI Models: We may use anonymized and aggregated interaction data to refine our prompt engineering and improve the accuracy of our AI responses. We will not use your personally identifiable financial information for third-party AI model training without your explicit consent.
  • To Secure Your Account: To verify your identity via your linked mobile number and prevent fraud.
  • To Send Notifications: To send you push notifications or chat alerts regarding your budget limits, subscription updates, or security alerts.

4. Artificial Intelligence & Chatbot Disclosures (Meta & Google)

Our Service utilizes artificial intelligence (AI) to process your messages. By using the Service, you acknowledge the following:

  • AI Processing: Your messages are processed by Google Gemini (via Google LLC). While Google does not use your data to train their public models by default, data may be retained temporarily for abuse monitoring.
  • Accuracy Disclaimer: AI-generated responses regarding your finances are estimates based on the data you provided. They may occasionally be inaccurate or "hallucinate." You should always verify important financial figures against your actual bank statements.
  • Human Interaction: You understand that you are communicating with an automated AI agent, not a human.

5. Prohibited Data (Safety & Compliance)

To ensure the security of your data and compliance with Meta's Business Policies:

  • No Sensitive Financial Credentials: You agree NOT to input or send full credit card numbers, bank account passwords, PINs, or CVV codes via WhatsApp, Telegram, or the App.
  • No Sensitive Personal Data: Do not send health data, government ID numbers (SIN/SSN), or other sensitive categories of data through the chat interface.

6. Data Retention

We retain your data until you decide to delete it.

  • User-Controlled Retention: We will retain your Personal Information, Financial Data, and Chat History for as long as your account is active. You have full control to maintain this history to track your financial progress over time.
  • Deletion: If you delete your account or request data deletion, we will delete your data from our active production servers (including our database and cache) within 30 days.
  • Legal Exception: Notwithstanding the above, we may retain specific transaction records for a period of up to seven (7) years solely to comply with legal and tax obligations (e.g., Canada Revenue Agency or IRS requirements). This retained data will be archived and isolated from active use.

7. Disclosure of Your Information

We do not sell your personal information to third parties. We disclose personal information only to the trusted service providers necessary to run our infrastructure.

Service Providers & International Data Transfers

We are based in British Columbia, Canada and use service providers located in other jurisdictions. By using the Service, you acknowledge that your data may be transferred to and processed in these countries.

Service ProviderRoleHeadquarters & JurisdictionContact
Supabase, Inc.Database & Authentication65 Chulia Street #38-02/03, Singapore 049513privacy@supabase.com
Microsoft AzureCloud InfrastructureOne Microsoft Way, Redmond, WA, USAprivacy@microsoft.com
Hostinger InternationalCloud Hosting (n8n)61 Lordou Vironos Street, 6023 Larnaca, Cyprusgdpr@hostinger.com
n8n GmbHWorkflow AutomationNovalisstr. 10, 10115 Berlin, Germanyprivacy@n8n.io
Redis Ltd.Caching & Performance303 2nd St, San Francisco, CA, USAprivacy@redis.com
Expo (650 Industries)Mobile App Framework624 University Ave, Palo Alto, CA, USAlegal@expo.dev
Google LLC (Gemini)AI & LLM Processing1600 Amphitheatre Pkwy, Mountain View, CA, USAGoogle Privacy
WhatsApp LLCMessaging Platform1601 Willow Road, Menlo Park, CA, USAPrivacy Policy
Telegram FZ-LLCMessaging PlatformBusiness Central Towers, Dubai, UAEPrivacy Policy

Note: Data sent to the United States may be subject to access by US law enforcement under the US CLOUD Act.

8. Your Data Rights (GDPR & CCPA)

We align our user rights with the highest global standards, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

Regardless of where you live, you have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate data.
  • Erasure (Right to be Forgotten): Request that we delete your data.
  • Portability: Request a copy of your data in a structured, machine-readable format (JSON/CSV).

Notice to California Residents (CCPA)

  • Do Not Sell My Personal Information: Ciento Labs Inc. does not sell your personal information for monetary value.
  • Right to Opt-Out of Sharing: We may use third-party analytics tools. You have the right to opt-out of sharing your data for cross-context behavioral advertising. You may exercise this right by contacting us.

To exercise any of these rights, please contact product@cientolabs.com.

9. Data Security

The security of your data is our top priority. We use End-to-End Encryption where possible and Encryption-at-Rest for all database records.

  • Platform Security: Interactions via WhatsApp and Telegram are subject to the encryption standards of those respective platforms.
  • Input Security: As you enter data manually, please avoid inputting sensitive credentials (such as passwords or full credit card numbers) into the chat interface.

10. Children's Privacy

Our Service is intended solely for users who have reached the age of majority in their jurisdiction of residence (19 years of age in British Columbia, Canada). We do not knowingly collect information from children. If we learn we have collected personal information from a minor without verification of parental consent, we will delete that information.

11. Governing Law and Jurisdiction

This policy and your use of the Service shall be governed by and construed in accordance with the laws of the Province of British Columbia and the federal laws of Canada applicable therein. Any dispute arising out of or in connection with this policy shall be subject to the exclusive jurisdiction of the courts located in Vancouver, British Columbia.

12. Changes to Our Privacy Policy

We will review this privacy policy annually to ensure it complies with evolving laws and technologies.

  • Standard Changes: We will notify you at least 15 days in advance of any material changes to this policy via email or a chat notification.
  • Urgent Updates: For changes required to address security vulnerabilities, abuse, or immediate legal requirements, we may provide 1 day notice or effective-immediately notice.
  • Continued Use: Your continued use of the Service after such changes constitutes acceptance of the new policy.

13. Contact Information

To ask questions or comment about this privacy policy and our privacy practices, contact us at:

Ciento Labs Inc.

Email: product@cientolabs.com

Headquarters: Vancouver, BC, Canada