Centilo

Privacy Policy

Last updated: March 15, 2026

1. Introduction

Centilo ("we," "us," or "our") operates the website centilo.co and the Centilo progressive web application (collectively, the "Service"). This Privacy Policy describes how we collect, use, and protect information when you use our Service. Centilo is designed with a privacy-first, local-first architecture to minimize data collection.

2. Zero-PHI Design

Centilo is architected to never collect, transmit, or store Protected Health Information (PHI) as defined by HIPAA. Key design principles include:

  • All calculator inputs and outputs are processed entirely in your browser. No patient data is ever sent to our servers.
  • The optional patient tracker uses anonymous tracking codes (format: CEN-XXXX) that cannot be linked back to any individual patient.
  • We do not collect names, dates of birth, medical record numbers, or any other patient identifiers.

3. Local Data Storage (IndexedDB)

Centilo uses IndexedDB, a browser-based storage technology, to store data locally on your device. This includes:

  • Saved measurements and tracking data (stored only on your device)
  • User preferences (unit system, locale)
  • Cached calculator data for offline use

This data never leaves your device and is not synced to the cloud. You can delete all locally stored data at any time by clearing your browser's site data for centilo.co.

4. Payment Processing (Stripe)

If you purchase a premium subscription, payment processing is handled entirely by Stripe, Inc. We do not store, process, or have access to your full credit card number, bank account details, or other financial information. Stripe's collection and use of your information is governed by their own privacy policy at stripe.com/privacy.

We receive from Stripe only: subscription status, billing period dates, and a customer identifier used to manage your account. No payment card data is stored on our servers.

5. Affiliate Relationships and Advertising

Centilo.co participates in affiliate programs including Amazon Associates, BoardVitals, Lecturio, and others. When you click affiliate links and make purchases, we may earn a commission at no additional cost to you.

We use Google AdSense to display contextual advertisements. AdSense uses contextual targeting (not behavioral tracking) on our site. We do not use personalized advertising.

Affiliate tracking cookies may be placed by third-party retailers when you click affiliate links. These cookies are used solely for purchase attribution and do not track your clinical calculator usage.

Our clinical calculator results and recommendations are never influenced by affiliate relationships or advertising partnerships.

6. Progressive Web App and Offline Use

Centilo can be installed as a progressive web app (PWA) and used offline. When used offline, all data remains on your device and no network requests are made. The service worker caches application assets for offline availability but does not cache or transmit any user-entered data.

7. Children's Privacy (COPPA)

Centilo is a tool designed for healthcare professionals. It is not directed at children under the age of 13, and we do not knowingly collect personal information from children. While the calculators may process pediatric clinical values (age, weight, height), these inputs are processed locally in the browser and never transmitted to our servers.

8. Your Rights

Because Centilo stores data locally on your device, you have full control:

  • Access: All your data is stored in your browser and accessible to you at any time.
  • Deletion: Clear your browser's site data for centilo.co to delete all locally stored information.
  • Portability: Your data is stored in standard browser IndexedDB format and is under your control.
  • Cookies: You can manage or disable cookies through your browser settings at any time.

9. Analytics and Tracking

Centilo does not use server-side analytics to track individual users. Standard web server logs (IP address, user agent, pages visited) may be collected by our hosting provider (Vercel) in accordance with their privacy policy. We do not correlate these logs with individual user identities.

10. US State Privacy Rights (CCPA/CPRA)

If you are a resident of California, Virginia, Colorado, Connecticut, or another US state with a comprehensive privacy law, you may have additional rights regarding your personal information.

Information We Collect

As described in this Privacy Policy, Centilo collects minimal personal information. The categories of personal information we may collect include: identifiers (email address for account holders), internet or network activity (standard server logs collected by Vercel), and commercial information (subscription status via Stripe). Calculator inputs are processed locally in your browser and are never collected by us.

Your Rights

Under applicable US state privacy laws, you may have the right to:

  • Know what personal information we collect, use, and disclose about you
  • Delete personal information we have collected from you
  • Opt out of the sale or sharing of your personal information (Centilo does not sell personal information)
  • Non-discrimination for exercising your privacy rights

We do not sell personal information as defined by the California Consumer Privacy Act (CCPA) or the California Privacy Rights Act (CPRA). We do not use sensitive personal information for purposes beyond those permitted by law.

To exercise any of these rights, contact us at privacy@centilo.co. We will respond within 45 days as required by applicable law.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Your continued use of the Service after any changes constitutes acceptance of the updated policy.

12. Contact

If you have questions about this Privacy Policy, please contact us at the email address provided on our website.