Introduction

Recevia AI Inc. ("Recevia," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered business communication platform, including our mobile applications, web dashboard, and related services (collectively, the "Services").

Recevia AI Inc. is a company incorporated in Ontario, Canada. We operate in compliance with the Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada and the California Consumer Privacy Act (CCPA) for California residents.

By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use our Services.

2. Information We Collect

We collect information in several ways when you use our Services:

2.1 Information You Provide Directly

Account Information:
Full name, email address, phone number, password (stored in encrypted form), and profile picture (optional).

Organization Information:
Business name, business address (optional), business hours and settings, service offerings and descriptions, and industry type.

Customer/Contact Data (CRM):
When you use our CRM features, you may input information about your customers, including customer names, phone numbers, email addresses, company names, and notes and interaction history.

Payment Information:
Billing name and address, and payment method details (processed securely by Stripe; we do not store full credit card numbers).

2.2 Information Collected Automatically

Call Data:
Phone numbers (caller and recipient), call duration, call date and time, call recordings (audio files), call transcripts (generated from recordings), AI-generated call summaries, sentiment analysis results, call direction (inbound/outbound), and call outcome classifications.

SMS/Text Message Data:
Message content, phone numbers (sender and recipient), message timestamps, and delivery status.

Chat Data:
Messages sent to our AI chat assistant, AI responses, and chat session timestamps.

Calendar and Booking Data:
Appointment details (when calendar integration is enabled), calendar event information, and booking confirmations and modifications.

Device and Technical Information:
Device type and model, operating system and version, push notification tokens, IP address, browser type (for web dashboard), and app version.

Usage and Analytics Data:
Features used within the app, interaction patterns, error logs and crash reports, and performance metrics.

2.3 Information from Third-Party Integrations

When you connect third-party services to Recevia, we may receive information from those services:

Google Integration (Calendar & Email):
Calendar availability and event details (for scheduling purposes), email content, metadata, and attachments (when you authorize email access for AI assistant tasks), and OAuth tokens (encrypted). Note: Email access is only used by the in-app AI chat assistant when you explicitly task it to perform email operations (send, reply, read). This feature is for team members only and is not accessible to public callers or SMS contacts.

Microsoft 365 Integration (Calendar & Email):
Calendar availability and event details (for scheduling purposes), email content, metadata, and attachments (when you authorize email access for AI assistant tasks), and OAuth tokens (encrypted). Note: Email access is only used by the in-app AI chat assistant when you explicitly task it to perform email operations (send, reply, read). This feature is for team members only and is not accessible to public callers or SMS contacts.

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Service Provision
Operate and maintain our AI receptionist services, process and route voice calls through our AI system, send and receive SMS messages on your behalf, generate call transcripts and summaries, provide AI chat assistant functionality (including email operations when authorized), enable calendar integrations and appointment scheduling, enable email integrations for AI assistant tasks (send, reply, read emails on your behalf), and manage your customer contacts and CRM data.

3.2 AI Training Clarification
We do not use your data to train general-purpose AI models. Your call recordings, transcripts, customer contacts, and other business data are used solely to provide and improve services for your specific organization. Your data is not shared with or used to train AI models for other customers or third parties.

3.3 Account Management
Create and manage your user account, process subscription payments and billing, communicate with you about your account and services, and provide customer support.

3.4 Service Improvement
Analyze usage patterns to improve our Services, develop new features and functionality, train and improve our AI models (using anonymized and aggregated data), and monitor and enhance platform performance and reliability.

3.5 Communications
Send transactional notifications (call alerts, booking confirmations), send service-related announcements, and respond to your inquiries and support requests.

3.6 Legal and Safety
Comply with applicable laws and regulations, enforce our Terms of Service, protect against fraudulent or illegal activity, and protect the rights and safety of our users and third parties.

4. Call Recording Disclosure

4.1 Recording Notice
All phone calls handled by Recevia AI agents are recorded. Before the AI agent answers each call, an automated message (IVR announcement) informs callers that the call may be recorded for quality assurance and training purposes.

4.2 Purpose of Recordings
Call recordings are used to generate accurate transcripts for your review, create AI-generated call summaries, enable quality assurance, provide evidence in case of disputes, and improve AI performance (using anonymized data).

4.3 Access to Recordings
Only authorized users within your organization can access call recordings associated with your account. You can listen to, download, and delete recordings through the Recevia dashboard.

4.4 Caller Consent
By continuing with the call after the recording announcement, callers consent to being recorded. If a caller does not wish to be recorded, they may disconnect the call.

5. Email Integration Disclosure

5.1 Scope of Email Access
When you connect your Google or Microsoft email account to Recevia, our AI chat assistant can perform email operations on your behalf, including reading emails to gather information you request, sending emails as instructed by you, replying to emails based on your direction, and searching your inbox for specific information.

5.2 Who Can Access Email Features
Team Members Only: Email integration features are exclusively available to authorized users within your Recevia account who have connected their email.
Not Public-Facing: Public callers who contact your AI receptionist via phone or SMS cannot access, read, or trigger any email operations. The email integration is completely separate from the public-facing voice and SMS services.

5.3 Email Data Handling
Email content is processed in real-time to fulfill your AI assistant requests. We do not permanently store the full content of your emails. Email metadata (subject lines, timestamps, sender/recipient addresses) may be temporarily cached for task completion. OAuth tokens are stored encrypted and can be revoked at any time through your account settings.

5.4 Revoking Email Access
You can disconnect your email integration at any time through your Recevia account settings or your Google or Microsoft account security settings. Upon disconnection, we immediately cease access to your email account.

6. Third-Party Service Providers

We share your information with the following categories of third-party service providers who assist us in operating our Services:

6.1 Infrastructure and Hosting
Supabase
Purpose: Database hosting, user authentication, file storage, and serverless functions
Data shared: Account data, organization data, call metadata, transcripts, recordings
Location: United States
Privacy Policy: https://supabase.com/privacy

6.2 Payment Processing
Stripe
Purpose: Payment processing, subscription management, billing
Data shared: Billing name, email, payment method details
Location: United States
Privacy Policy: https://stripe.com/privacy
Note: We do not store full credit card numbers; all payment data is handled directly by Stripe

6.3 Voice AI Technology
Retell AI
Purpose: AI voice agent technology, real-time conversation processing
Data shared: Call audio, phone numbers, conversation context
Location: United States
Privacy Policy: https://www.retellai.com/legal/privacy-policy

6.4 Telecommunications
Twilio
Purpose: Voice call routing, SMS messaging infrastructure, phone number provisioning
Data shared: Phone numbers, call audio, SMS content
Location: United States
Privacy Policy: https://www.twilio.com/legal/privacy

6.5 Calendar & Email Integrations
Google (Google Calendar & Gmail)
Purpose: Calendar integration for appointment scheduling; email integration for AI chat assistant tasks
Data shared: Calendar availability, event details, email content and metadata (only when you authorize each scope)
Location: United States
Privacy Policy: https://policies.google.com/privacy
Note: Email integration is optional and used only by the in-app AI chat assistant for team members. Public callers and SMS contacts cannot access your email.

Microsoft (Microsoft 365/Outlook)
Purpose: Calendar integration for appointment scheduling; email integration for AI chat assistant tasks
Data shared: Calendar availability, event details, email content and metadata (only when you authorize each scope)
Location: United States
Privacy Policy: https://privacy.microsoft.com/privacystatement
Note: Email integration is optional and used only by the in-app AI chat assistant for team members. Public callers and SMS contacts cannot access your email.

6.6 Analytics
PostHog
Purpose: Product analytics, feature usage tracking, error monitoring
Data shared: Usage events, device information, anonymized interaction data
Location: United States/European Union
Privacy Policy: https://posthog.com/privacy

6.7 Push Notifications
Expo (Expo Push Notifications)
Purpose: Delivering push notifications to mobile devices
Data shared: Push tokens, notification content
Location: United States
Privacy Policy: https://expo.dev/privacy

6.8 AI Processing
OpenAI
Purpose: AI language processing, transcription, embeddings, and content generation
Data shared: Text content for processing, audio for transcription
Location: United States
Privacy Policy: https://openai.com/privacy

6.9 Web Scraping
Firecrawl
Purpose: Website content extraction for knowledge base creation
Data shared: URLs you provide for scraping, extracted website content
Location: United States
Privacy Policy: https://www.firecrawl.dev/privacy
Note: Only used when you actively request website scraping for your knowledge base

6.10 Email Delivery
Resend
Purpose: Transactional email delivery (invitations, notifications, summaries)
Data shared: Recipient email addresses, email content
Location: United States
Privacy Policy: https://resend.com/legal/privacy-policy

7. Data Retention

We retain your information for the following periods:

Call recordings and transcripts: 1 year from creation date
SMS/chat message history: 1 year from creation date
Account information: Until account deletion, plus 30 days
Organization data: Until account deletion, plus 30 days
Contact/CRM data: Until account deletion or manual deletion
Analytics data: 2 years
Billing and payment records: 7 years (legal requirement)
System logs: 90 days

Deletion: You may request deletion of your data at any time by contacting us at info@recevia.ai. Upon account termination, we will delete or anonymize your personal information within 30 days, except where retention is required by law.

8. Your Privacy Rights

8.1 Rights Under PIPEDA (Canada)
If you are a Canadian resident, you have the following rights under the Personal Information Protection and Electronic Documents Act (PIPEDA):

Right to Access: You may request access to the personal information we hold about you.
Right to Correction: You may request correction of inaccurate or incomplete personal information.
Right to Withdraw Consent: You may withdraw your consent for certain data processing activities, subject to legal or contractual restrictions.
Right to Complain: You may file a complaint with the Office of the Privacy Commissioner of Canada.

8.2 Rights Under CCPA (California Residents)
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you.
Right to Delete: You may request deletion of your personal information, subject to certain exceptions.
Right to Opt-Out of Sale: You have the right to opt-out of the sale of your personal information. Note: Recevia does not sell personal information.
Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.

8.3 Exercising Your Rights
To exercise any of your privacy rights, please contact us at:

Email: info@recevia.ai
Subject Line: Privacy Rights Request

We will respond to your request within 30 days (or 45 days if an extension is needed). We may need to verify your identity before processing your request.

8.4 Authorized Agents
You may designate an authorized agent to submit requests on your behalf. We may require written authorization and verification of your identity.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal information:

9.1 Technical Safeguards
Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher.
Encryption at Rest: Sensitive data stored in our databases is encrypted using AES-256 encryption.
Access Controls: Role-based access controls limit data access to authorized personnel only.
Authentication: Multi-factor authentication options and secure password hashing (bcrypt).

9.2 Organizational Safeguards
Regular security assessments and code reviews, employee training on data protection and privacy, incident response procedures, and vendor security assessments.

9.3 Data Breach Notification
In the event of a data breach that poses a real risk of significant harm, we will notify affected individuals and relevant regulatory authorities in accordance with applicable laws.

10. International Data Transfers

Recevia AI Inc. is based in Ontario, Canada. Your information may be transferred to, stored, and processed in Canada (primary data storage) and the United States (third-party service providers).

When we transfer data internationally, we implement appropriate safeguards to ensure your information receives an adequate level of protection, including standard contractual clauses, data processing agreements with service providers, and compliance with applicable cross-border transfer requirements.

11. Children's Privacy

Our Services are not intended for individuals under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete such information promptly.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at info@recevia.ai.

12. Third-Party Links and Services

Our Services may contain links to third-party websites or services that are not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you access through our platform.

13. Do Not Track Signals

Some browsers have a "Do Not Track" feature that signals to websites that you do not want your online activity tracked. Our Services do not currently respond to Do Not Track signals. However, you can manage your privacy preferences through the settings in our app and your browser.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. When we make material changes, we will update the "Last Updated" date at the top of this policy, notify you via email or in-app notification at least 30 days before the changes take effect, and obtain your consent where required by law.

Your continued use of our Services after the effective date of any changes constitutes your acceptance of the updated Privacy Policy.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Recevia AI Inc.
Email: info@recevia.ai
Website: https://recevia.ai

For privacy-specific inquiries, please use the subject line "Privacy Inquiry" to ensure prompt handling.

16. Enterprise and Custom Agreements

16.1 Data Processing Agreements (DPA)
Enterprise customers with specific data processing requirements may request a separate Data Processing Agreement (DPA) that provides additional contractual commitments regarding data handling, security measures, and compliance obligations.

16.2 Custom Implementations
Enterprise tier customers may receive custom implementations with tailored data handling procedures, dedicated infrastructure, or specific compliance configurations. In such cases, the custom agreement terms will govern data processing for that customer's account and will supersede the general terms in this Privacy Policy where they conflict.

16.3 Requesting Enterprise Agreements
To request a Data Processing Agreement or discuss enterprise-specific data handling requirements, please contact us at info@recevia.ai with the subject line "Enterprise DPA Request."

17. Supplemental Notices

17.1 Notice for California Residents

Categories of Personal Information Collected:

In the preceding 12 months, we have collected the following categories of personal information:

Identifiers (name, email, phone number, IP address) - Yes
Personal information under Cal. Civ. Code § 1798.80(e) (name, address, telephone number) - Yes
Commercial information (subscription history, payment records) - Yes
Internet or network activity (usage data, browsing history within app) - Yes
Geolocation data (IP-based location, approximate) - Yes
Audio, electronic, or visual information (call recordings) - Yes
Professional information (business name, industry) - Yes
Inferences (customer preferences, usage patterns) - Yes

Sources of Personal Information:
Directly from you, automatically through your use of our Services, and from third-party integrations you authorize.

Business Purposes for Collection:
Providing and improving our Services, processing transactions, security and fraud prevention, and legal compliance.

Sale of Personal Information:
Recevia does not sell personal information as defined under the CCPA.

Sharing for Business Purposes:
We share personal information with service providers as described in Section 6 of this Privacy Policy.

17.2 Notice for Canadian Residents

Privacy Commissioner Contact:
If you are not satisfied with our response to your privacy concerns, you may contact the Office of the Privacy Commissioner of Canada:

Office of the Privacy Commissioner of Canada
30 Victoria Street
Gatineau, Quebec K1A 1H3
Toll-free: 1-800-282-1376
Website: https://www.priv.gc.ca

This Privacy Policy is provided in English. In the event of any conflict between the English version and any translation, the English version shall prevail.

Recevia AI Inc.
Ontario, Canada
https://recevia.ai