Privacy Policy
Last Updated: April 22, 2026
1. Introduction
This Privacy Policy describes how 15336732 CANADA INC. (the "Company," "we," "us," or "our"), collects, uses, discloses, and protects information in connection with the Agentic Front Desk service (the "Service").
We are committed to protecting the privacy and security of all individuals whose data is processed through the Service. This Policy applies to: (a) business subscribers ("Subscribers") who use the Service, (b) the end-user clients ("Callers") who interact with the AI receptionist, and (c) visitors to our website.
2. Our "Zero-Data Ownership" Commitment
Agentic Front Desk is built on a "Secure Broker" architecture. Unlike traditional SaaS platforms, we do not store your customers' Sensitive Personal Information (SPI) or Protected Health Information (PHI) in our own databases. All persistent client data resides exclusively in the Subscriber's own business tools (records and calendar), which they own and control entirely.
We are a Data Processor, not a Data Controller. We process data transiently on behalf of our Subscribers to facilitate appointment scheduling and related communications.
3. Information We Collect
3.1 Subscriber Information (Business Accounts)
When you subscribe to the Service, we collect:
- Account Information: Business name, contact name, email address, phone number, and mailing address.
- Billing Information: Payment card details (processed and stored exclusively by Stripe, Inc.; we do not store card numbers).
- Configuration Data: Business records ID, calendar IDs, service names, professional names, and business settings.
3.2 Caller Information (End Users / Patients / Clients)
When a Caller interacts with the AI receptionist, the following data is processed transiently:
- Caller ID: The phone number from which the call originates, used to cross-reference the Subscriber's business records.
- Voice Audio: Real-time audio streams processed during active calls to generate text transcripts and AI responses. Audio is not recorded or stored.
- Conversational Data: The AI's interpretation of the caller's intent (e.g., "book haircut on Monday at 2 PM").
- Calendar Data: Appointment details read from and written to the Subscriber's Google Calendar.
3.3 Website Visitor Information
When you visit our website, we may collect standard web analytics data including IP address, browser type, referring page, and pages visited. This data is collected via cookies and similar technologies as described in Section 12.
4. How We Use Information
We use the information we collect for the following purposes:
- To provide, operate, and maintain the Service.
- To process appointments, cancellations, and schedule modifications on behalf of Subscribers.
- To send SMS appointment confirmations and reminders (where enabled by the Subscriber).
- To generate anonymized usage analytics and billing reports.
- To monitor service health, diagnose technical issues, and improve reliability.
- To comply with legal obligations, including tax reporting and regulatory requirements.
- To detect, prevent, and address fraud, abuse, and security incidents.
We do NOT use Personal Data for:
- Direct marketing or advertising (we will never contact your clients for our own purposes).
- Selling, renting, or sharing data with third-party marketers.
- Training, fine-tuning, or improving AI models (see Section 5).
- Profiling individuals for purposes unrelated to appointment scheduling.
5. SMS and Mobile Privacy Compliance
No mobile information will be shared with third parties or affiliates for marketing/promotional purposes. All other categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.
Consent for SMS messaging is collected independently and is used solely for the purposes of appointment confirmations and reminders requested by the Caller or Subscriber. Message frequency varies based on appointment activity and user requests. As always, message and data rates may apply for any messages sent to you from us and to us from you. If you have any questions about your text plan or data plan, please contact your wireless provider.
6. AI Model Training — Absolute Prohibition
No customer data from any source — including voice audio, text transcripts, caller phone numbers, appointment details, client names, health information, or any other Personal Data — is or will ever be used to train, fine-tune, evaluate, benchmark, or improve any Large Language Model (LLM), artificial intelligence model, or machine learning system.
This is an unconditional, irrevocable commitment. Client data is utilized strictly as ephemeral context window inputs to facilitate the immediate transaction and is discarded from the AI model's context upon session termination.
7. Data Retention
| Data Category | Retention Period | Storage Location |
|---|---|---|
| Client PII (names, phones, appointments) | Not stored by us | Subscriber's Google Workspace |
| Conversation session state | Auto-deleted within 2 hours | AWS DynamoDB (encrypted, TTL) |
| Call audit records | 90 days | AWS CloudWatch / DynamoDB |
| Operational/error logs | 30 days | AWS CloudWatch |
| Billing & invoice records | 7 years (tax compliance) | Stripe |
| Voice audio recordings | Not recorded or stored | N/A |
8. Third-Party Sub-Processors
We utilize the following industry-leading sub-processors to power our infrastructure:
| Sub-Processor | Purpose | Data Region |
|---|---|---|
| Amazon Web Services (AWS) | Core compute (Lambda, Fargate, ECS), session storage (DynamoDB), email (SES) | ca-central-1 (Canada) |
| Twilio Inc. | Voice gateway, PSTN call routing, real-time audio Media Streams, SMS delivery | United States |
| Google Cloud Platform (Gemini Live) | Real-time AI language model inference for voice conversations | United States |
| Google Workspace (Calendar & Sheets) | Appointment calendar management; client CRM data (Subscriber-owned) | North America |
| Stripe, Inc. | Payment & subscription billing | United States |
Each sub-processor is contractually bound to data protection obligations consistent with this Privacy Policy and applicable law.
9. Cross-Border Data Transfers
The majority of data processing occurs within Canada (AWS ca-central-1). However, certain sub-processors (Twilio, Google Gemini Live, Stripe) may process data in the United States. All cross-border transfers are protected by:
- Contractual safeguards equivalent to PIPEDA requirements.
- Standard Contractual Clauses (SCCs) where applicable under GDPR.
- Sub-processor compliance with SOC 2 Type II and/or ISO 27001 certifications.
10. Data Security
We implement the following security measures to protect data processed through the Service:
- Encryption in Transit: All data transmitted between components uses HTTPS/TLS 1.3. Live call audio is streamed over WSS (WebSocket Secure / TLS 1.3) between Twilio and our processing pipeline.
- Encryption at Rest: Ephemeral session data in DynamoDB is encrypted using AES-256 (AWS-managed keys).
- Access Controls: Production access is restricted via MFA, role-based access control (RBAC), and least-privilege principles.
- Tenant Isolation: Each Subscriber's Google credentials and data are architecturally isolated. Cross-tenant data access is impossible by design.
- Vulnerability Management: Regular patching, automated security scanning, and periodic access reviews.
11. Your Rights (PIPEDA / GDPR)
Depending on your jurisdiction, you may have the following rights regarding your Personal Data:
- Access: Request a copy of Personal Data we hold about you.
- Rectification: Request correction of inaccurate or incomplete data.
- Erasure: Request deletion of your Personal Data (subject to legal retention requirements).
- Portability: Request your data in a structured, machine-readable format.
- Objection: Object to processing of your data for specific purposes.
- Withdrawal of Consent: Withdraw previously given consent at any time.
Because virtually all persistent Personal Data resides in the Subscriber's own Google Workspace, most data subject requests can be fulfilled directly by the Subscriber without our involvement. For requests directed at data held by us (audit records, billing data), please contact us at the address below.
We will respond to valid requests within thirty (30) days.
12. Data Breach Notification
In the event of a confirmed data breach affecting Personal Data, we will:
- Notify affected Subscribers without undue delay and within 72 hours of confirmation.
- Provide details of the breach scope, affected data categories, and remediation steps.
- Cooperate with Subscribers in meeting their own regulatory notification obligations.
- Report to the Office of the Privacy Commissioner of Canada (OPC) as required by PIPEDA.
Because we store no persistent database of client PII, the maximum exposure in a Processor-side breach is limited to data in active telephony sessions at the time of the breach.
13. Cookies & Website Analytics
Our website uses cookies and similar tracking technologies for:
- Essential Cookies: Required for basic website functionality (session management, security).
- Analytics Cookies: To understand website traffic patterns and improve user experience. We do not use these cookies to track individual users across other websites.
You can manage cookie preferences through your browser settings. Disabling essential cookies may affect website functionality.
14. Children's Privacy
The Service is not directed to individuals under the age of 18. We do not knowingly collect Personal Data from children. If we become aware that we have collected data from a child, we will promptly delete it.
15. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email to active Subscribers with at least fourteen (14) days' notice. The "Last Updated" date at the top of this page indicates when the policy was last revised. Continued use of the Service after the effective date constitutes acceptance.
16. Contact Us
If you have questions about this Privacy Policy, wish to exercise your data protection rights, or need to report a privacy concern, please contact us:
15336732 CANADA INC.
Privacy Officer
Email: support@moonlightai.ca
For complaints that cannot be resolved directly, you may contact the Office of the Privacy Commissioner of Canada at www.priv.gc.ca.