Privacy Policy

1. Introduction

Aria AI ("we", "us", "our"), located in Montreal, Quebec, Canada, is committed to protecting the privacy of our users and their customers. This Privacy Policy explains how we collect, use, disclose, and safeguard personal information in accordance with Quebec's Act respecting the protection of personal information in the private sector (Law 25), Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), and Canada's Anti-Spam Legislation (CASL).

2. Information We Collect

From Subscribers (Our Clients)

• Account information: name, email address, business name, phone number
• Billing information: payment details processed securely through Stripe (we do not store credit card numbers)
• Website data: publicly available content from your business website used to train your AI agent
• Usage data: feature usage, login activity, and configuration preferences

From End Users (Your Customers)

• Chat interactions: messages exchanged with the AI agent
• Contact information: name, email, phone number voluntarily provided during chat or booking
• Voice calls: caller phone number, call duration, and call recordings (when voice services are enabled)
• Booking details: preferred dates, appointment notes

Automatically Collected

• IP addresses, browser type, and device information
• Cookies and similar tracking technologies for session management

3. How We Use Your Information

• To provide, operate, and improve the Aria AI platform
• To process subscriptions and billing
• To train and customize AI agents based on your business data
• To capture and relay leads and booking requests to you
• To provide voice receptionist services including call routing and recording
• To send transactional communications (account confirmations, billing receipts)
• To send commercial electronic messages only with your express or implied consent, in compliance with CASL
• To comply with legal obligations

4. Data Sharing and Disclosure

We do not sell your personal information. We may share information with:

• Service providers: Stripe (payments), Twilio (phone/voice), Vapi (voice AI), Anthropic (AI processing), Neon (database hosting), Vercel (application hosting)
• Subscribers: End user data (leads, chat logs, call records) is shared with the subscriber whose AI agent was used
• Legal requirements: When required by law, court order, or governmental authority

5. Data Storage and Security

• Data is stored on servers located in the United States (AWS US-East) via our hosting providers.
• All data in transit is encrypted using TLS 1.2 or higher.
• Passwords are hashed using bcrypt before storage.
• Payment information is handled entirely by Stripe and is PCI-DSS compliant.
• Voice recordings are retained for up to 30 days and then automatically deleted.
• We implement reasonable technical and organizational measures to protect personal information against unauthorized access, loss, or alteration.

6. Data Retention

• Account data: retained for the duration of your subscription plus 30 days after cancellation.
• Captured leads: retained for the duration of the subscriber's account.
• Voice recordings: retained for up to 30 days.
• Chat logs: retained for the duration of the subscriber's account.
• Billing records: retained as required by Canadian tax law (typically 7 years).

7. Your Rights

Under Quebec privacy law (Law 25) and PIPEDA, you have the right to:

• Access the personal information we hold about you
• Correct inaccurate or incomplete information
• Delete your personal information (subject to legal retention requirements)
• Withdraw consent for processing at any time
• Data portability — receive your data in a structured, commonly used format
• File a complaint with the Commission d'accès à l'information du Québec (CAI)

To exercise these rights, contact us at support@heyaria.ca. We will respond within 30 days.

8. CASL Compliance

We comply with Canada's Anti-Spam Legislation (CASL). We only send commercial electronic messages with express or implied consent. All commercial messages include:

• Clear identification of the sender (Aria AI, Montreal, QC)
• Our valid physical mailing address
• A functioning unsubscribe mechanism (reply "STOP" or use the unsubscribe link)

Unsubscribe requests are processed within 10 business days as required by CASL.

9. Cookies

We use essential cookies for session management and authentication. We do not use third-party advertising or analytics cookies. By using our Service, you consent to the use of essential cookies.

10. Children's Privacy

Our Service is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a prominent notice on our website at least thirty (30) days before they take effect.