Want to submit a privacy request?
Access, correct, delete, or withdraw consent — or just ask a question. Our secure form is at the bottom of this page. We respond within 30 days.
Privacy Policy
How we handle your information.
iHospitality Inc. ("we", "us", "our") operates under Canada's PIPEDA and Quebec's Law 25. This policy applies to callers who interact with our AI receptionist, to business clients who use our platform, and to visitors of our website.
1. About this policy
iHospitality Inc. provides AI-powered receptionist services to Canadian businesses. This Privacy Policy explains how we collect, use, disclose, and protect personal information in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation, including Quebec's Act respecting the protection of personal information in the private sector (Law 25).
2. Who we are
Organization: iHospitality Inc.
Service: AI Receptionist — voice answering, appointment booking, call management, chat widget, missed-call follow-up
Jurisdiction: Ontario, Canada
Privacy Officer contact: via our online privacy form — all questions, concerns, and requests go through the same verified intake, preventing spoofing or tampering.
3. What we collect
When you call a business using our AI receptionist service, we may collect:
- Caller phone number — provided automatically by your phone carrier
- Call recordings and transcripts — audio and text of your conversation with the AI
- Names or details shared during the call — if you provide your name, reason for calling, or other information
- Appointment details — if you book an appointment (date, time, service type, staff preference)
- Call metadata — call duration, timestamp, outcome (answered, missed, transferred)
When you use our website or portal, we may collect:
- Business contact information — name, email, phone, business name, industry (entered by you during signup)
- Billing data — handled by Stripe; we do not store credit card numbers ourselves
- Staff portal session data — a login session cookie so you don't have to sign in repeatedly (see Section 10, Cookies)
4. Why we collect it
We collect personal information for the following purposes, as required by PIPEDA Principle 2 (Identifying Purposes):
- Service delivery — to answer calls, provide business information, and book appointments on behalf of the business you called
- Call summaries — to provide the business owner with a summary of your call so they can follow up
- Quality and improvement — to monitor service quality and refine call handling procedures
- Missed call recovery — to notify the business of missed calls so they can return your call
- Billing and account management — for business clients who subscribe to our platform
- Legal compliance — to meet tax, accounting, and law-enforcement obligations when legally required
5. Consent
Under PIPEDA, consent must be meaningful and appropriate to the sensitivity of the information:
- Implied consent — by calling a business that uses our AI receptionist, you consent to the collection of your phone number and call metadata for the purpose of handling your call
- Explicit consent — call recordings are announced at the start of each call ("This call may be recorded for quality purposes"). By continuing the call, you consent to the recording. In Quebec, we provide bilingual (English/French) notice as required under Law 25.
- Outbound SMS consent — any outbound text message you receive from us includes STOP instructions (CASL-compliant). Reply STOP and we remove your number immediately.
- Withdrawal — you may withdraw consent at any time, and we will stop collecting and using your data going forward.
6. Data retention
We retain personal information only as long as necessary to fulfill the purposes for which it was collected. Retention is enforced by automated scheduled jobs — these are not aspirational, they run in production every week.
| Data Type | Retention | After Expiry |
|---|---|---|
| Call transcripts | 90 days | Permanently deleted; aggregate AI summary retained (no direct identifiers) |
| Call recordings (audio) | 90 days | Permanently deleted from Twilio via API |
| Call logs & metadata | 12 months | Caller phone number anonymized; aggregate statistics retained |
| Appointments | 12 months after completion | Deleted |
| AI call summaries | Retained | Contain no direct personal identifiers |
| n8n workflow execution data | 90 days | Purged from database |
| Billing records (invoices) | 6 years | Retained for Canadian tax law compliance (CRA), then deleted |
When a business cancels their subscription — whether by opting out of recurring billing, receiving a full refund, or filing a chargeback — service is disabled and the retention timeline above begins. All associated data is deleted within the retention window from that disable event. Partial refunds (goodwill credits) do not affect service or trigger deletion.
See our Data Handling Guide for the full technical breakdown.
7. Third-party processors
We use the following third-party services to deliver our product. Each processes data under strict contractual obligations:
| Provider | Purpose | Data Shared | Compliance |
|---|---|---|---|
| Twilio | Call routing & telephony | Phone numbers, call audio | SOC 2 Type II, Canadian PoPs |
| Anthropic (Claude) | AI conversation processing | Call transcript (real-time) | Zero-retention API — no training on inputs |
| Airtable | Business data storage | Call records, appointments, client info | SOC 2 Type II, AES-256 at rest |
| Stripe | Payments & subscriptions | Billing name, email, card details (we never see card numbers) | PCI-DSS Level 1 |
| Hostinger | Transactional email & domain hosting | Recipient email + message bodies for verification emails and operator alerts | ISO 27001 |
We do not use advertising networks, behavioural-tracking pixels (Facebook Pixel, Google Ads tracking, etc.), or third-party analytics that identify individual visitors.
8. Data protection
- Encryption in transit — all data transmitted over TLS 1.2 or higher
- Encryption at rest — AES-256 encryption for stored data
- North American hosting — our server infrastructure is located in North America
- Per-tenant isolation — each business's data is logically separated and access-controlled
- Access controls — scoped API tokens, file-level permissions, no shared credentials
- Secrets management — API keys and credentials encrypted at rest (SOPS + age) and never written to logs
- Automated lifecycle — data retention policies enforced by automated scheduled processes, auditable via
--dry-run - Per-call consent audit log — each call record stores the consent text that was in effect at the time of the call
9. Your rights
Under PIPEDA and Quebec Law 25, you have the right to:
- Access — request a copy of personal information we hold about you
- Correction — request correction of inaccurate personal information
- Deletion — request deletion of your personal information (right to erasure)
- Withdrawal of consent — withdraw your consent to ongoing collection or use
- Data portability — receive your data in a structured, machine-readable format (JSON export)
- Complain — file a complaint with the Office of the Privacy Commissioner of Canada (or the CAI for Quebec residents) if you are not satisfied with our response
How to make a request
Use the privacy request form at the bottom of this page. The form sends a 6-digit verification code to your email so we can confirm it's really you, then routes your request into our audit-logged intake. We respond within 30 days, as required by PIPEDA (often much sooner). Deletion requests are processed using an automated system that removes all associated records, recordings, and cached data.
10. Cookies & tracking
We keep this short because we do very little:
- Staff portal session cookie — a single HTTPS-only, same-site cookie that keeps you signed in to the staff portal. Expires after 7 days of inactivity. Essential; no opt-out because without it you cannot use the portal.
- No advertising or retargeting — we do not run Facebook Pixel, Google Ads tracking, TikTok pixel, LinkedIn Insight Tag, or any other third-party tracking script.
- No cross-site behavioural analytics — we do not use Google Analytics, Segment, Mixpanel, or similar.
- Server-side aggregated traffic stats only — our nginx server logs anonymized request paths to monitor uptime and abuse. Logs are rotated and deleted after 14 days.
If we ever add any analytics or tracking technology, we will update this policy and notify existing customers before enabling it.
11. Children's privacy
Our service is designed for Canadian businesses and their adult customers. We do not knowingly collect personal information from children under the age of 13. If you are a parent or guardian and believe your child under 13 has provided us with personal information (for example, by calling a business that uses our AI receptionist), please submit a deletion request and we will remove it promptly and verify the deletion.
For Quebec residents: under Law 25, personal information of a minor under 14 is handled with heightened consent requirements. We do not knowingly process minor data; if such data is identified, it is deleted at the earliest opportunity.
12. How we comply with PIPEDA — principle-by-principle
PIPEDA is built on 10 Fair Information Principles. Here is what each principle means and how we meet it. For the full compliance picture — including what we don't claim — see our Compliance at a Glance page.
| Principle | How We Comply |
|---|---|
| 1. Accountability | Our Privacy Officer is reachable via the privacy request form. We are a Canadian federally-incorporated company and named data controller. |
| 2. Identifying Purposes | Purposes listed in Section 4 before or at the time of collection. |
| 3. Consent | Call recordings are announced at the start of every call; outbound SMS includes STOP instructions; portal users accept terms at signup. See Section 5. |
| 4. Limiting Collection | We collect only the data needed to handle your call and operate the service — see Section 3. Nothing collected for marketing or resale. |
| 5. Limiting Use, Disclosure, Retention | Data is used only for the purposes identified, never sold or shared with advertisers. Automated retention jobs enforce the schedule in Section 6. |
| 6. Accuracy | Business clients can correct their profile data from the staff portal; end-callers can submit a correction request. |
| 7. Safeguards | TLS 1.2+ in transit, AES-256 at rest, per-tenant isolation, SOPS-encrypted secrets, automated backups, intrusion monitoring. See Section 8. |
| 8. Openness | This policy, our Data Handling Guide, and per-call consent text are publicly available. |
| 9. Individual Access | Any individual can submit an access request. We respond with a JSON export and human-readable summary within 30 days. |
| 10. Challenging Compliance | If you are not satisfied with our response, escalate to the Office of the Privacy Commissioner of Canada (or the CAI for Quebec residents). |
13. Breach notification
We are required under PIPEDA's Breach of Security Safeguards regulations to notify you of any breach that creates a real risk of significant harm. We maintain an internal breach log and monitoring systems; in the event of a qualifying breach, affected individuals will be notified without undue delay, and a report will be filed with the Office of the Privacy Commissioner of Canada.
14. Sale or transfer of business
If iHospitality Inc. is ever sold, merged, or has its assets transferred, personal information may be part of the transferred assets. We will only transfer data to a party that agrees to honour this Privacy Policy (or an equivalent one) and will notify affected individuals through our website and by email where possible, before the transfer takes effect, unless doing so is legally restricted.
15. International transfers
Our primary infrastructure is Canadian. Some of our third-party processors (listed in Section 7) operate in the United States under standard contractual clauses and certifications (SOC 2, ISO 27001, PCI-DSS). We do not knowingly transfer personal data outside of the US/Canada corridor. If you are an EU resident and use our service, please contact us via the privacy request form — we do not target the EU market and may need to limit service.
16. Changes to this policy
We may update this Privacy Policy from time to time. For material changes — new categories of data, new purposes, or new third parties receiving your data — we will notify existing business clients by email before the change takes effect, with a reasonable opportunity to review. For non-material changes (clarifications, typos, updated compliance references), we update the "Last Updated" date above. We encourage you to review this page periodically.
17. Submit a privacy request
Use this form to submit any privacy request or question — access, correction, deletion, withdrawal of consent, or a general question. Every submission is verified by a 6-digit code sent to your email, then routed into our audit-logged intake. We respond within 30 days, usually much sooner.
Request received
We'll respond to the email you provided within 30 days — usually much sooner. Your reference ID is —.
Keep this reference ID if you need to follow up. A copy of this receipt has been sent to your email.