1. About This Policy
iHospitality Inc. ("we", "us", "our") provides AI-powered receptionist services to Canadian businesses. This Privacy Policy explains how we collect, use, disclose, and protect personal information in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation.
This policy applies to callers who interact with our AI receptionist service and to business clients who use our platform.
2. Who We Are
Organization: iHospitality Inc.
Service: AI Receptionist (voice answering, appointment booking, call management)
Privacy Officer: privacy@ihospitality.ca
Mailing Address: Ottawa, Ontario, Canada
3. What We Collect
When you call a business using our AI receptionist service, we may collect:
- Caller phone number — provided automatically by your phone carrier
- Call recordings and transcripts — the audio and text of your conversation with the AI
- Names or details shared during the call — if you provide your name, reason for calling, or other information
- Appointment details — if you book an appointment (date, time, service type, staff preference)
- Call metadata — call duration, timestamp, outcome (answered, missed, transferred)
4. Why We Collect It
We collect personal information for the following purposes, as required by PIPEDA Principle 2 (Identifying Purposes):
- Service delivery — to answer calls, provide business information, and book appointments on behalf of the business you called
- Call summaries — to provide the business owner with a summary of your call so they can follow up
- Quality and improvement — to monitor service quality and refine call handling procedures
- Missed call recovery — to notify the business of missed calls so they can return your call
5. Consent
Under PIPEDA, consent must be meaningful and appropriate to the sensitivity of the information:
- Implied consent — by calling a business that uses our AI receptionist, you consent to the collection of your phone number and call metadata for the purpose of handling your call
- Explicit consent — call recordings are announced at the start of each call ("This call may be recorded for quality purposes"). By continuing the call, you consent to the recording
- Withdrawal — you may request deletion of your data at any time (see Section 9)
6. Data Retention
We retain personal information only as long as necessary to fulfill the purposes for which it was collected:
| Data Type | Retention Period | After Expiry |
|---|---|---|
| Call transcripts | 90 days | Permanently deleted; AI summary retained |
| Call recordings (audio) | 90 days | Permanently deleted from Twilio |
| Call logs & metadata | 90 days | Caller phone number anonymized; aggregate statistics retained |
| Appointments | 90 days after completion | Deleted |
| AI call summaries | Retained | Contain no direct personal identifiers |
Retention is enforced automatically by scheduled processes that run weekly. These are not aspirational — they are running in production.
When a business cancels their subscription, all associated data is deleted within 90 days of cancellation.
7. Third-Party Processors
We use the following third-party services to deliver our product. Each processes data under strict contractual obligations:
| Provider | Purpose | Data Shared | Compliance |
|---|---|---|---|
| Twilio | Call routing & telephony | Phone numbers, call audio | SOC 2 Type II, Canadian points of presence |
| Anthropic (Claude) | AI conversation processing | Call transcript (real-time) | Zero-retention API policy — no training on inputs |
| Airtable | Business data storage | Call records, appointments, client info | SOC 2 Type II, AES-256 encryption at rest |
8. Data Protection
- Encryption in transit — all data transmitted over TLS 1.2 or higher
- Encryption at rest — AES-256 encryption for stored data
- North American hosting — our server infrastructure is located in North America
- Per-tenant isolation — each business's data is logically separated and access-controlled
- Access controls — scoped API tokens, file-level permissions, no shared credentials
- Automated lifecycle — data retention policies are enforced by automated scheduled processes
9. Your Rights
Under PIPEDA, you have the right to:
- Access — request a copy of personal information we hold about you
- Correction — request correction of inaccurate personal information
- Deletion — request deletion of your personal information (right to erasure)
- Withdrawal of consent — withdraw your consent to ongoing collection or use
How to Make a Request
Email privacy@ihospitality.ca with your request. Include:
- Your phone number (so we can locate your records)
- The approximate date(s) you called
- The business you were calling, if known
We will respond within 30 days, as required by PIPEDA. Deletion requests are processed using an audit-logged, automated system that removes all associated records, recordings, and cached data.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated by updating the "Last Updated" date above. We encourage you to review this page periodically.
11. Contact
For questions, concerns, or complaints about our privacy practices:
Privacy Officer
Email: privacy@ihospitality.ca
iHospitality Inc. — Ottawa, Ontario, Canada
If you are not satisfied with our response, you have the right to file a complaint with the Office of the Privacy Commissioner of Canada.