AI Buddy Privacy Policy
Effective date: 2025-08-15 • Last updated: 2025-08-15
1) Who we are & scope (Accountability)
This policy explains how AI Buddy Catalyst Labs Inc. ("AI Buddy," "we," "us") collects, uses, discloses, and safeguards Personal Information in Canada. It applies to our websites, apps, and services (the "Services").
We comply with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA). We also honour applicable provincial private-sector privacy laws where they apply.
We have appointed a Privacy Officer responsible for this policy and our compliance program. You can contact the Privacy Officer at info@aibud.ca or 315 Holmwood Avenue, Postal Code K1S2R2, Ottawa, Canada.
We maintain internal policies, training, vendor oversight, and incident response procedures to ensure accountability across our team and service providers.
2) What we collect & why (Identifying Purposes)
We collect only what we need for identified purposes explained at or before the time of collection. Typical categories include: account/contact details, billing information, device and usage data, content you submit, and support communications.
Main purposes include: delivering and securing the Services, account administration and billing, customer support, product improvement (analytics, error logs), optional marketing (with consent), and legal compliance.
At each collection point, we state the purpose in clear language (e.g., sign-up form, checkout, support form). If we later need a new purpose, we will seek fresh consent where required.
3) Your consent choices (Consent)
We obtain meaningful consent before collecting, using, or disclosing Personal Information, except where permitted or required by law. Consent may be express (e.g., checkbox) or implied (e.g., when you voluntarily provide information for a purpose we explain).
You may withdraw consent at any time, subject to legal or contractual restrictions, by contacting info@aibud.ca or using in-product settings (e.g., email preferences, cookie controls).
For non-essential cookies/analytics or marketing emails, we use opt-in controls and provide an easy way to opt out later.
If we need to rely on a different lawful basis or obtain parental/guardian consent for minors, we will explain this clearly at the time.
4) Only what's necessary (Limiting Collection)
We limit collection to information reasonably necessary for the stated purposes. We avoid collecting sensitive or unrelated data unless essential and consented to.
Where practical, we use de-identified or aggregated data to reduce privacy impact.
We do not knowingly collect information from children under 13 without verifiable parental consent.
5) Use, disclosure, and retention (Limiting Use, Disclosure & Retention)
We use and disclose Personal Information solely for the purposes described in this policy or at collection, unless you consent otherwise or law permits/mandates.
Typical disclosures include service providers (hosting, analytics, payment processors, support tools) under written contracts with privacy and security obligations. See Schedule A: Sub-processors.
We retain Personal Information only as long as necessary for the purposes and legal requirements, then securely delete or de-identify it. See Schedule B: Retention Periods.
If we consider a corporate transaction, we apply confidentiality safeguards and, where required, notify you of any material changes to this policy.
6) Keeping information accurate (Accuracy)
We rely on you to help keep your information accurate and up to date. You can review and edit key fields in your account or contact info@aibud.ca to request corrections.
For critical fields (e.g., billing contacts), we may periodically prompt you to confirm accuracy.
7) Safeguards & security (Safeguards)
We apply administrative, technical, and physical safeguards proportionate to the sensitivity of the information, including access controls, encryption in transit and at rest, secure software development practices, and vendor due diligence.
We restrict employee access on a least-privilege basis and provide privacy/security training.
If we detect a breach of security safeguards that creates a real risk of significant harm, we will notify affected individuals and report to regulators as required by law.
8) Transparency (Openness)
This policy, our cookie preferences, and contact channels are available from our website footer and in-app settings.
We describe our data practices in plain language and will announce material changes to this policy with clear effective dates.
For questions about our practices, contact our Privacy Officer at info@aibud.ca
9) Your access rights (Individual Access)
You can request access to your Personal Information in our custody/control, learn how it has been used or disclosed, and request corrections where inaccurate or incomplete.
To submit an access or correction request, contact info@aibud.ca. We will verify your identity, respond within timelines prescribed by law, and provide reasons if we cannot fulfil a request (subject to legal exceptions).
Where feasible, we provide copies in a portable format.
10) Questions & complaints (Challenging Compliance)
If you have a concern about our privacy practices, contact our Privacy Officer first: info@aibud.ca. We will investigate and respond promptly.
If you remain unsatisfied, you may contact the Office of the Privacy Commissioner of Canada (OPC) or your provincial privacy regulator to file a complaint. Visit priv.gc.ca for current contact information and guidance.
We keep records of requests and complaints and use outcomes to improve our program.
Cookies, analytics & tracking
We use essential cookies to operate the Services and non-essential cookies (e.g., analytics, personalization) only with consent. You can manage preferences anytime via our Cookie Settings link in the footer or in-app.
For analytics, we configure tools to minimize personal data (e.g., IP truncation where supported) and honour your opt-out choices.
Third-party embeds (e.g., videos, maps) may set cookies; we disclose these in our cookie list and provide controls where feasible.
Cross-border transfers
Our service providers may process Personal Information outside of your province or Canada (e.g., the United States or EU). While in another jurisdiction, information may be subject to local laws and lawful access requests.
We use contractual and technical safeguards (e.g., standard contractual clauses, encryption) and vendor due diligence to protect Personal Information during cross-border processing.
Contact info@aibud.ca for details about cross-border safeguards relevant to your use.
Marketing communications (CASL note)
We send commercial electronic messages only with consent or as otherwise permitted by Canada's Anti-Spam Legislation (CASL). You can unsubscribe at any time using in-message links or by contacting us.
Unsubscribing from marketing does not affect essential service communications (e.g., security, billing).
Automated decision-making & AI features
Some features may use automated processing or machine learning to personalize or accelerate workflows. We design these features to be assistive and include human override where meaningful decisions are involved.
We avoid using your content to train models without your consent (unless strictly necessary to provide the feature). We describe data flows and options in-product and in supporting documentation.
You can contact us to learn how a feature works in plain language and what information it relies on.
Third-party links
Our Services may link to third-party sites or apps. Their privacy practices are governed by their own policies, which we encourage you to review before providing information.
Changes to this policy
We may update this policy from time to time to reflect changes in our practices or laws. We will post the updated version with a new "Last updated" date and, where changes are material, provide prominent notice.