This privacy policy ("Privacy Policy") describes how AI Buddy Catalyst Labs Inc. ("AI Buddy", "Company", "we", "our", or "us") will collect, use, disclose and protect your Personal Information (as defined below) through the DocDirector web application, browser extensions, APIs, related websites, mobile apps, and any other products or services provided by us from time to time ("Services"). The Privacy Policy and the Terms of Use applies to all individuals whose Personal Information is collected, used, disclosed, or safeguarded by us in connection with the Services. For clarification, "you" includes terms such as "your" and "yourself."

Terms capitalized but not defined in this Privacy Policy have the meanings set out in the Terms of Use.

1. Who We Are & Scope (Accountability)

This policy explains how we collect, use, disclose, and safeguard Personal Information (as defined below) in Canada. We comply with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA). We also honour applicable provincial private-sector privacy laws where they apply.

We have appointed a Privacy Officer responsible for this policy and our compliance program. You can contact the Privacy Officer at aukik@aibud.ca.

We maintain internal policies, training, vendor oversight, and incident response procedures to ensure accountability across our team and service providers.

2. Amendment

We may amend or change this Privacy Policy at our sole discretion at any time, and in accordance with the amendment provisions set out in the Terms of Use. The use of the information we collect at any given point is subject to the Privacy Policy in effect at the time of collection. If we make any material changes we will notify you by email or by means of notice on the Services prior to the change becoming effective in the same manner as set out in Section 2 (Amendment) of our Terms.

We will post the most current Privacy Policy on the URL you are currently visiting, and your use of the Services is subject to the most current Privacy Policy as posted on this URL. We encourage you to periodically check our Privacy Policy for the latest information on our current policy.

3. What We Collect & Why (Identifying Purposes)

Pursuant to applicable law, we do not collect your Personal Information or anonymous, aggregated data from you except as set out below:

3.1 At Registration

When you register for an account, in order to provide the Services, we collect the following personal information ("Personal Information"): your name, password, contact information, and billing information.

3.2 When Using the Services

We automatically collect device and usage data, including your IP address, browser type, device identifiers, operating system, preferences, and internet provider or mobile carrier. We may also store data locally on your device (e.g., browser storage, caches, or cookies).

3.3 Through Interactions

When you contact us (e.g., via forms, email, or in-app communication), we collect the information you provide.

3.4 Traffic Data

We use cookies and similar technologies to understand how the Services are used and to improve performance.

3.5 Cookies & Usage Data

We use essential session and persistent cookies to operate the Services, secure accounts, and personalize your experience, and non-essential cookies for other purposes. We may link cookie data with your account information to tailor the Services and measure performance. You can manage preferences anytime via our Cookie Settings link in the footer or in-app. Third-party embeds (e.g., videos, maps) may set cookies; we disclose these in our cookie list and provide controls where feasible.

3.6 Online and Mobile Advertising

Third-party advertisers and analytics providers may use cookies and similar technologies across websites and apps to deliver targeted ads and measure effectiveness.

3.7 Analytics Tools

We may use third-party analytics services that rely on cookies or other technologies. These tools are configured to minimize collection and use of Personal Information, and we will update this policy if practices materially change.

3.8 Location Data

When you access the Services, we may collect location information (e.g., IP-based location or GPS signals) to support functionality, troubleshoot issues, and improve the Services.

4. Use and Disclosure of Personal Information

We will not use or disclose Personal Information for purposes other than as follows:

4.1 General Use

1. to enforce our Terms;
2. to provide customer service and support, administrative messages, resolve disputes, and troubleshoot problems including helping third-party service providers fulfil their functions;
3. to fulfill your requests for certain features of the Services or referrals to third-party service providers;
4. to customize, measure, and improve the Services, including without limitation, learning user preferences;
5. to offer or provide you with products and services including providing you information relating to receipts, technical notices, updates, and security alerts;
6. to inform you of targeted marketing, service updates, and promotional offers unless you opt out;
7. to measure our performance and to share performance information with others;
8. to use and disclose aggregated and anonymized data to our community, investors, and the public in connection with research and development, our proprietary data, and analytical tools;
9. to comply with legal or regulatory requirements (as described below); and
10. to fulfill other purposes, subject to your explicit consent.

4.2 Third Party Disclosure

Where a third party to this Privacy Policy directly or indirectly provides the Company with the ability to provide the Services to you (each of which is a "Subprocessor"), we may supply Personal Information to such Subprocessor in exchange for such functionality, and such third parties are listed in Schedule "A" of this Privacy Policy entitled "Subprocessors". Our Subprocessors are restricted from using your Personal Information in any way other than for the service they are providing. We ensure that such third parties maintain reasonable and appropriate safeguards.

4.3 Disclosure of Payment Card Information

To use certain Services, we may require your credit card account information. By submitting your credit card account information through to us, you expressly consent to sharing of your information with third party payment processors, other third party service providers, and applicable businesses. In accordance with Section 8 of the Terms of Use (Fees), the foregoing does not apply to you, and we will not request your credit card account information unless you have access to paid features.

4.4 Affiliates or Acquisition of AI Buddy

In the event that all or a portion of AI Buddy, or one or more of AI Buddy divisions, is acquired by one or more third parties as a result of an acquisition, merger, sale, reorganization, consolidation, liquidation or another similar transaction, your Personal Information may be one of the transferred assets. We may also share information from or about you with subsidiaries, joint ventures, affiliates, or other companies under common control, in which case we will require them to honour this Privacy Policy.

4.5 Retaining Information

We may retain your Personal Information while you have an account with us and thereafter for as long as we need it for our data backup cycle for use by us only in the case of disaster recovery or to maintain business operations in the case of an emergency as set out in Schedule B attached hereto.

4.6 Legally Required Disclosure

Notwithstanding the foregoing, we reserve the right (and you authorize us) to share or disclose your Personal Information when the Company determines, at its sole discretion, that the disclosure of such information is necessary or appropriate: (a) to enforce our rights against you or in connection with a breach by you of this Privacy Policy or the Terms of Use; (b) to investigate or respond to suspected illegal or fraudulent activity or to protect the safety, rights, or property of us, our users, or others; (c) to prevent prohibited or illegal activities; or (d) when required by any applicable law, rule, regulation, subpoena, or other legal process.

5. Your Consent and Privacy Settings

By using the Services, you consent to the collection, use and disclosure of your Personal Information by us in the manner described in this Privacy Policy. You may always opt not to disclose certain Personal Information, but this may restrict your access to certain features of the Services. For example, your name and email address are necessary to complete the registration process. At any time after registration, you may opt out of most email communication from us by clicking on the opt-out link at the bottom of our emails, or adjust your consent settings by (a) contacting us at the contact details listed below; or (b) using in-product settings (e.g., email preferences, cookie controls). However, we may still contact you for administrative purposes. Withdrawing consent will not apply to actions we have already taken based on your prior consent.

By providing us your email address, you expressly consent and agree to receive emails and notifications from us to the email address provided by you, including for the following purposes, without limitation: service updates, surveys, newsletters, promotional offers, and marketing.

For non-essential cookies/analytics or marketing emails, we use opt-in controls and provide an easy way to opt out later.

6. Only What is Necessary (Limiting Collection)

Where practical, we use de-identified or aggregated data to reduce privacy impact.

We do not knowingly collect information from children under 18 without verifiable parental consent. We offer our services only to users aged 18 or above.

7. Keeping Information Accurate (Accuracy)

We rely on you to help keep your Personal Information accurate, complete and up to date as necessary for the purposes for which it is to be used. You can review and edit key fields in your account or contact us to request corrections.

When updating your personal information, we may ask you to verify your identity before we can act on your request. Unless required by law, we may reject requests that are unreasonably repetitive, require disproportionate technical effort, risk the privacy of others, or would be extremely impractical. Where we can provide information access and correction, and when required by law, we will do so for free.

For critical fields (e.g., billing contacts), we may periodically prompt you to confirm accuracy.

8. Safeguards & Security (Safeguards)

We apply industry standard administrative, technical, and physical safeguards proportionate to the sensitivity of the information, including access controls, encryption in transit and at rest, secure software development practices, and vendor due diligence.

We restrict employee access on a least-privilege basis and provide privacy/security training.

If we detect a breach of security safeguards that creates a real risk of significant harm, we will notify affected individuals and report to regulators as required by law.

Please note that no data transmission over the internet or otherwise can be guaranteed to be completely secure. As a result, while we strive to protect your Personal Information, we cannot warrant the security of any information you transmit to us, and you do so at your own risk.

9. Your Access Rights (Individual Access)

You can request access to your Personal Information in our custody/control, learn how it has been used or disclosed, and request corrections where inaccurate or incomplete.

To submit an access or correction request, contact aukik@aibud.ca. We will verify your identity, respond within timelines prescribed by law, and provide reasons if we cannot fulfil a request (subject to legal exceptions). Where feasible, we provide copies in a portable format.

10. Questions & Complaints (Challenging Compliance)

If you have a concern about our privacy practices, contact our Privacy Officer first: aukik@aibud.ca. We will investigate and respond promptly.

If you remain unsatisfied, you may contact the Office of the Privacy Commissioner of Canada (OPC) or your provincial privacy regulator to file a complaint. Visit priv.gc.ca for current contact information and guidance.

We keep records of requests and complaints and use outcomes to improve our program.

11. Cross-Border Transfers

Our service providers may process Personal Information outside of your province or Canada (e.g., the United States or EU). While in another jurisdiction, information may be subject to local laws and lawful access requests. If your information is stored on computer systems in a country other than the country in which your information was collected, the Company will use its best efforts to protect your Personal Information. Storage locations will be selected in countries that have similar privacy laws to the applicable laws.

Foreign storage locations, if any, that may process or store your data, will be listed and updated within Schedule A of this Privacy Policy, entitled "Subprocessors". Any such transfers will also be subject to audit and tracking requirements set forth in this Privacy Policy.

We use contractual and technical safeguards (e.g., standard contractual clauses, encryption) and vendor due diligence to protect Personal Information during cross-border processing. Contact aukik@aibud.ca for details about cross-border safeguards relevant to your use.

12. Automated Decision-Making & AI Features

Some features may use automated processing or machine learning to personalize or accelerate workflows. We design these features to be assistive and include human override where meaningful decisions are involved.

In some cases, data provided by the user is taken in context, and prompts created by the AI Buddy team are used to enrich Outputs. Further, LLMs use their respective reasoning models. In case of AI Orchestration, the AI makes a decision on tool calling.

We avoid using your content to train models without your consent (unless strictly necessary to provide the feature, in which case the specific Service will notify the user). We describe data flows and options in-product and in supporting documentation.

You can contact us to learn how a feature works in plain language and what information it relies on.

13. Third-Party Links

Our Services may link to third-party sites or apps (each individually a "Third-party Site" and collectively the "Third Party Sites") are provided as a convenience to you only and do not imply an endorsement by us of a Third Party Site or the company it purports to represent. Their privacy practices are governed by their own policies, which we encourage you to review before providing information. We do not assume any responsibility for information and materials found on, or the privacy practices of, a Third Party Site. This Privacy Policy does not apply to a Third Party Site.

14. Disclaimer

If you choose to access the Services, you do so at your own risk, and are responsible for complying with all local laws, rules and regulations. We may limit the availability of the Services, in whole or in part, to any person, geographic area and/or jurisdiction we choose, at any time and in our sole discretion. Our Privacy Policy does not cover the information practices of other companies and organizations who advertise our Services, and who may use cookies, pixel tags, and other technologies to serve and offer relevant advertisements.

15. Notifications

In the unlikely event that we believe that the security of your Personal Information in our possession or control may have been compromised, we will seek to notify you of that development in accordance with applicable law. If a notification is appropriate, we may notify you by the email address registered to your account.

We will never send email messages to customers requesting confidential information such as passwords, credit card numbers, or social security or social insurance numbers. Please do not act on any such emails as you may compromise your Personal Information by replying or by following links to a fraudulent website and in the case that you do act on such emails, we shall not be liable for any damages or costs you have incurred for such acts.

16. General

16.1 Severability

If any portion of this Privacy Policy is deemed unlawful, void or unenforceable by any arbitrator or court of competent jurisdiction, this Privacy Policy as a whole shall not be deemed unlawful, void or unenforceable, but only that portion of this Privacy Policy that is unlawful, void or unenforceable shall be stricken from this Privacy Policy.

16.2 Headings

The insertions of headings are for convenient reference only and are not to affect the interpretation of this Privacy Policy.

16.3 How to Contact Us

For questions or concerns on our Privacy Policy or practices, contact our Privacy Officer at aukik@aibud.ca or mail us at:

If you do not receive acknowledgment of your inquiry or your inquiry has not been satisfactorily addressed, you can contact the Privacy Commissioner of Canada at: