1. Who this policy covers
This policy applies to:
- Visitors to infolead.ca and its subdomains
- Users of our public AI demos (Castor, Lyra)
- Customers using InfoLead Voice Core services
- The end-callers and end-users who interact with InfoLead Voice Core deployments at our customers' businesses
2. What we collect
2.1 Website visitors
- Standard server logs (IP address, browser type, pages viewed, timestamps), retained for 90 days for security and operational purposes.
- Aggregate website analytics via Vercel Analytics, a cookieless, privacy-friendly analytics service. Vercel Analytics processes IP addresses for short-term aggregation and does not store identifiable visitor profiles or persistent tracking identifiers.
- We do not currently set tracking cookies. If we introduce cookies in the future, we will update this policy and provide cookie controls on the website.
2.2 Demo users (Castor, Lyra)
When you interact with our public AI demos (Castor and Lyra), we process:
- The text or voice messages you send
- Session metadata (timestamp, IP-derived region, message count)
Demo conversations may be retained and analyzed for service quality evaluation, system improvement, and model optimization. We apply technical measures to reduce the linkage between conversation content and personally identifying information, except where you voluntarily provide contact details. If you do not wish your demo input to be used for these purposes, please do not enter personal information into the demo, or refrain from using it.
Demo conversations are processed by third-party AI inference providers under our contracts and applicable cross-border transfer protections (see Section 5).
2.3 Voice Core customers
When you sign up as an InfoLead Voice Core customer, we collect:
- Business and contact information (company name, owner name, business phone, email, billing address)
- Operational configuration (business hours, FAQ content, calendar credentials with your authorization)
- Usage data (call volume, system uptime, error logs)
- Billing data, processed by PCI DSS-compliant third-party payment service providers
2.4 End-callers (people who call your Voice Core number)
This is the most sensitive category and the one our customers most need to understand.
When a member of the public calls a phone number operated by InfoLead Voice Core on behalf of one of our customers, we may process:
- Their phone number (caller ID)
- The audio of the call
- A text transcript of the call
- The structured outcome (appointment booked, message taken, transferred to human, etc.)
We apply a tiered retention structure for end-caller data:
| Data tier | Retention | Purpose |
|---|---|---|
| Raw call audio | 90 days | Dispute resolution and quality auditing |
| Call transcripts | 365 days | Quality analysis and service improvement |
| Anonymized aggregate data (personally identifying elements removed) | Indefinite | Service insights and system improvement |
Each Voice Core deployment opens with an audible consent notice in English and Mandarin at the start of every call: "This call may be recorded for service quality. Press [n] to transfer to a human agent." End-callers who prefer not to be recorded may opt to be transferred to a human agent. Per Canadian one-party consent law (Criminal Code s. 184), recording is lawful when one party (the InfoLead-operated agent) consents; the audible notice exceeds this minimum standard.
3. Why we collect it
We collect personal information for the following purposes:
- To deliver the services you signed up for
- To bill you accurately
- To monitor system reliability and security
- To debug and improve service quality
- To comply with legal obligations
We do not sell personal information to third parties. We do not use customer call content for advertising, profiling, or AI model training.
4. Who we share it with (sub-processors)
We rely on the following categories of service providers under data-protection contracts to deliver our services:
- Telephony providers — primarily Canada and USA
- AI inference providers — primarily USA
- Cloud hosting and edge delivery providers — primary data residency in Toronto, Canada; global edge network for static content
- Payment processors — PCI DSS-compliant providers
All sub-processors are bound by contracts requiring data protection standards comparable to PIPEDA. Specific sub-processor identities are disclosed to customers under signed Service Agreements when operationally relevant.
5. Cross-border transfers
Some of our service providers process data in the United States. By using our services, you understand that personal information may be subject to U.S. law, including lawful access by U.S. government authorities. We require all sub-processors to maintain data protection standards comparable to PIPEDA.
6. Data retention
| Data category | Retention period |
|---|---|
| Website server logs | 90 days |
| Demo conversations (raw) | Up to 90 days; anonymized aggregates retained longer for service improvement |
| Customer account records | Duration of customer relationship + 7 years post-termination |
| Raw call audio | 90 days |
| Call transcripts | 365 days |
| Anonymized aggregate call data | Indefinite |
| Billing records | 7 years (Canada Revenue Agency requirement) |
7. Security
We implement industry-standard technical and organizational safeguards including encryption in transit (TLS 1.2+), encryption at rest, access controls, and audit logging. No system is 100% secure; if a breach occurs that creates a real risk of significant harm, we will notify affected individuals and the Office of the Privacy Commissioner of Canada in accordance with PIPEDA.
8. Your rights
Under PIPEDA, you have the right to:
- Access the personal information we hold about you
- Request correction of inaccurate information
- Withdraw consent (subject to legal or contractual restrictions)
- File a complaint with the Office of the Privacy Commissioner of Canada (priv.gc.ca)
To exercise these rights, contact our Privacy Officer at the address below.
9. Children
Our services are designed for businesses, not children. We do not knowingly collect personal information from anyone under 13 years of age. If you believe we have, please contact us and we will delete it.
10. Changes to this policy
We may update this policy from time to time. Each material change is published as a new version (e.g., Version 1.1, 2.0); the current version is shown at the top of this page. Material changes will also be communicated to active customers by email.
11. Contact — Privacy Officer
Infolead.ca Technology Inc.
Attn: Privacy Officer
Email: privacy@infolead.ca
Written correspondence available upon written request to the email above.
For unresolved concerns, you may contact the Office of the Privacy Commissioner of Canada: priv.gc.ca | 1-800-282-1376