Privacy Policy

This policy applies to two distinct categories of individuals whose personal information we process, and our role differs between them:

(a) Site Visitors and Prospective Customers. Individuals who visit the Site, submit contact or demo request forms, or use our free web-based tools. For this category, Azarix AI is the responsible party (privacy controller) and determines the purposes and means of processing.

(b) Callers Whose Calls Are Handled by the Service. Individuals who telephone a number operated by one of our business customers and whose call is answered and processed by our Service. For this category, the business customer is the responsible party; Azarix AI processes caller personal information solely as a service provider acting on the customer's instructions pursuant to a written data processing agreement. Individuals seeking to exercise privacy rights with respect to their call data should direct their request to the business they contacted. We will, upon request, inform a caller which business customer is the responsible party.

From Site Visitors and Prospective Customers

When you submit a contact or demo request form, we collect the information you provide, which may include:

• First name
• Phone number
• Business type and industry
• Preferred contact time
• Any additional information you voluntarily include

Our free web-based tools (Missed Revenue Calculator, Review Report) process your inputs locally in your browser. No inputs are transmitted to or stored on our servers unless you explicitly submit a form.

Automatically Collected Technical Data

When you visit the Site, we and our analytics providers automatically collect:

• IP address (truncated to the subnet level where technically feasible)
• Browser type and version, operating system, and device type
• Pages visited, time on page, referring URL, and clickstream data
• Cookie identifiers (see Section 9)

From Callers (Processed on Behalf of Business Customers)

• Caller telephone number as delivered by the carrier
• Audio recording of the call
• Machine-generated transcript of the call
• Information the caller discloses during the call, which may include name, civic address, service request details, and appointment preferences

We collect and use personal information only for purposes that a reasonable person would consider appropriate in the circumstances, and that are identified at or before the time of collection:

• Responding to demo and contact requests — to contact you when you request us to do so
• Delivering and operating the Service — including real-time call answering, transcription, appointment booking, and confirmation messaging
• Improving the Service — using de-identified or aggregated data to evaluate and improve AI model accuracy; we do not use identifiable caller recordings or transcripts to train models without separate written consent
• Generating call summaries — transcripts and job summaries are delivered to the subscribing business customer
• Billing and account management — for existing business customers
• Marketing communications — where we have obtained your express or implied consent under CASL (see Section 8)
• Legal and regulatory compliance — to satisfy applicable legal obligations, respond to lawful demands from public authorities, and enforce our agreements

We collect only what is necessary for the purposes identified above. We do not sell, rent, or trade personal information to any third party for that party's own marketing or commercial purposes, and we have not done so in the preceding 12 months.

We do not disclose personal information to third parties except to the following service providers engaged to help us operate the Service. Each provider is contractually bound to: (a) process personal information only as instructed by us; (b) refrain from using it for their own independent purposes; and (c) implement security safeguards at least equivalent to those described in Section 6.

• Twilio Inc. (San Francisco, California, USA) — telephony infrastructure, call routing, call recording storage, and SMS delivery
• OpenAI, L.L.C. (San Francisco, California, USA) — real-time voice transcription and AI conversation generation
• Google LLC (Mountain View, California, USA) — cloud infrastructure, calendar integration, and web analytics (Google Analytics 4 with IP anonymization enabled)

We will notify you of any material addition to or change in this list by updating this policy before the change takes effect. Where we have a direct contact relationship with you, we will also provide direct notice.

All three service providers identified in Section 4 are headquartered and primarily operate in the United States. By using our Site or Service, your personal information — and, where you are a business customer, the personal information of callers whose calls you route through our Service — will be transferred to and processed in the United States.

CLOUD Act Disclosure. The United States Clarifying Lawful Overseas Use of Data Act, Pub. L. 115-141 (CLOUD Act) authorizes U.S. federal law enforcement to compel U.S.-based cloud service providers to produce data stored anywhere in the world, including data belonging to non-U.S. persons, and does not require notice to the data subject or to Azarix AI. This risk is present with each of the U.S. sub-processors listed in Section 4.

We take the following steps to mitigate cross-border transfer risks: (a) executing data processing agreements with each sub-processor that restrict use of personal information to specified purposes and require appropriate security measures; (b) requiring sub-processors to notify us of any government access request to the extent they are legally permitted to do so; and (c) applying TLS 1.2 or higher encryption in transit and AES-256 encryption at rest.

If you are a resident of Quebec, the foregoing constitutes the required pre-collection disclosure of cross-border transfer and the protections applicable to your personal information, as required by section 17 of Law 25.

We implement physical, administrative, and technical safeguards proportionate to the sensitivity of the personal information we hold, including:

• Encryption of personal information in transit (TLS 1.2 or higher) and at rest (AES-256)
• Role-based access controls limiting access to personal information to personnel with a documented business need to know
• Multi-factor authentication required for all internal systems that store or process personal information
• Regular review and audit of access logs and permissions
• Documented incident response and breach notification procedures

In the event of a breach of security safeguards that creates a real risk of significant harm to an individual, we will notify the Office of the Privacy Commissioner of Canada as required by PIPEDA, and we will notify the Commission d'accès à l'information where Law 25 applies, and will notify affected individuals without unreasonable delay as required by applicable law.

• Call recordings and transcripts: retained for 90 days from the date of the call, then securely and permanently deleted from all production and backup systems
• Contact and demo request submissions: retained until you request deletion or for 12 months following our last business contact with you, whichever is earlier
• Customer account data: retained for the duration of the business relationship and for 7 years thereafter to satisfy applicable tax and corporate record-keeping obligations
• Web analytics data: aggregated and anonymized within 26 months of collection; no identifiable individual-level data is retained beyond that period

Where a legal obligation requires us to retain personal information for a specified period, we will do so notwithstanding a deletion request, and we will notify you of that limitation in our response to your request.

We send commercial electronic messages (“CEMs”) — including promotional emails and SMS messages — only where we have obtained your express or implied consent as defined under CASL. Implied consent arises where you have an existing business relationship with us within the preceding two years, subject to the conditions set out in CASL.

Every CEM we send will: (a) clearly identify Azarix AI as the sender; (b) include our mailing address; and (c) contain a functioning unsubscribe mechanism that we will honour within 10 business days of receipt. To unsubscribe at any time, click the unsubscribe link in any marketing message or email info@azarixai.com with “Unsubscribe” in the subject line.

Transactional messages — including appointment confirmations, call summaries, and service notifications — do not constitute CEMs and are sent as necessary to deliver the Service, regardless of marketing consent status.

We use the following categories of cookies:

• Strictly necessary cookies: required for the Site to function, including session state, security tokens, and load balancing. These cannot be disabled without materially impairing site functionality.
• Analytics cookies: set by Google Analytics 4 (with IP anonymization enabled) to measure aggregate traffic and usage. No cross-site behavioural advertising cookies are deployed.

You may disable non-essential cookies through your browser settings. Doing so may affect certain site functionality. We do not use cookies to serve targeted or behavioural advertising.

Subject to applicable law, you have the following rights with respect to your personal information held by Azarix AI:

• Access: to be informed of the existence, use, and disclosure of your personal information and to receive a copy of it
• Correction: to request amendment of inaccurate or incomplete personal information
• Deletion: to request erasure of your personal information, subject to our legal retention obligations and Section 7
• Withdrawal of consent: to withdraw consent at any time on reasonable notice, subject to legal or contractual restrictions; withdrawal does not affect the lawfulness of processing that occurred prior to withdrawal
• Data portability (Quebec residents): to receive personal information you provided to us in a structured, commonly used, and technological format, where technically feasible, as required by Law 25
• De-indexing (Quebec residents): to request that we cease disseminating your personal information or de-index any hyperlink attached to your name where dissemination causes injury, contravenes law or a court order, as provided under Law 25

To exercise any of these rights, contact our Privacy Officer at info@azarixai.com with sufficient information to identify you and describe your request. We will acknowledge your request within 5 business days and respond substantively within 30 days. If we cannot respond within 30 days, we will notify you of the extended timeline and the reason for the extension before the 30-day period expires.

We may decline a request where permitted or required by law — for example, where producing requested records would reveal the personal information of another individual who has not consented to disclosure. We will advise you in writing of any limitation and the reasons for it, to the extent we are permitted to do so.

The Service is directed exclusively to business owners and operators and is not intended for individuals under 18 years of age. We do not knowingly collect personal information from minors. If we become aware that personal information has been collected from an individual under 18 without verifiable parental or guardian consent, we will delete that information as promptly as practicable.

We may amend this policy from time to time. For material changes — including changes to the categories of personal information we collect, the purposes for which we use it, the third parties to whom we disclose it, or the security measures we apply — we will post the revised policy on this page with an updated effective date no fewer than 30 days before the changes take effect. Where we have a direct contact relationship with you, we will also provide direct notice.

Continued use of the Site or Service after a material change takes effect constitutes acceptance of the revised policy. If you do not accept the revised policy, you must discontinue use of the Service and may contact us to request deletion of your personal information.

If you have concerns about how we have handled your personal information, please contact our Privacy Officer (Section 14) so that we may attempt to resolve the matter. We will acknowledge your complaint within 5 business days and provide a substantive response within 30 days.

If you are not satisfied with our response, you may file a complaint with the applicable supervisory authority:

• Office of the Privacy Commissioner of Canada (OPC) — for matters governed by PIPEDA: www.priv.gc.ca
• Commission d'accès à l'information du Québec (CAI) — for matters governed by Law 25: www.cai.gouv.qc.ca

Accountability for Azarix AI's compliance with this policy and applicable privacy legislation rests with our designated Privacy Officer. All privacy inquiries, access requests, correction requests, deletion requests, and complaints should be directed to:

Privacy Officer, Azarix AI
info@azarixai.com