Privacy Policy

1. Introduction

Recevia AI Inc. ("Recevia," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered business communication platform, including our mobile applications, web dashboard, and related services (collectively, the "Services").

Recevia AI Inc. is a company incorporated in Ontario, Canada. We operate in compliance with the Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada and the California Consumer Privacy Act (CCPA) for California residents.

By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use our Services.

2. Information We Collect

We collect information in several ways when you use our Services:

2.1 Information You Provide Directly

Account Information:

• Full name
• Email address
• Phone number
• Password (stored in encrypted form)
• Profile picture (optional)

Organization Information:

• Business name
• Business address (optional)
• Business hours and settings
• Service offerings and descriptions
• Industry type

Customer/Contact Data (CRM): When you use our CRM features, you may input information about your customers, including:

• Customer names
• Phone numbers
• Email addresses
• Company names
• Notes and interaction history

Payment Information:

• Billing name and address
• Payment method details (processed securely by Stripe; we do not store full credit card numbers)

2.2 Information Collected Automatically

Call Data:

• Phone numbers (caller and recipient)
• Call duration
• Call date and time
• Call recordings (audio files)
• Call transcripts (generated from recordings)
• AI-generated call summaries
• Sentiment analysis results
• Call direction (inbound/outbound)
• Call outcome classifications

SMS/Text Message Data:

• Message content
• Phone numbers (sender and recipient)
• Message timestamps
• Delivery status

Chat Data:

• Messages sent to our AI chat assistant
• AI responses
• Chat session timestamps

Calendar and Booking Data:

• Appointment details (when calendar integration is enabled)
• Calendar event information
• Booking confirmations and modifications

Device and Technical Information:

• Device type and model
• Operating system and version
• Push notification tokens
• IP address
• Browser type (for web dashboard)
• App version

Usage and Analytics Data:

• Features used within the app
• Interaction patterns
• Error logs and crash reports
• Performance metrics

2.3 Information from Third-Party Integrations

When you connect third-party services to Recevia, we may receive information from those services:

Google Integration (Calendar & Email):

• Calendar availability and event details (for scheduling purposes)
• Email content, metadata, and attachments (when you authorize email access for AI assistant tasks)
• OAuth tokens (encrypted)
• Note: Email access is only used by the in-app AI chat assistant when you explicitly task it to perform email operations (send, reply, read). This feature is for team members only and is not accessible to public callers or SMS contacts.

Microsoft 365 Integration (Calendar & Email):

• Calendar availability and event details (for scheduling purposes)
• Email content, metadata, and attachments (when you authorize email access for AI assistant tasks)
• OAuth tokens (encrypted)
• Note: Email access is only used by the in-app AI chat assistant when you explicitly task it to perform email operations (send, reply, read). This feature is for team members only and is not accessible to public callers or SMS contacts.

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Service Provision

• Operate and maintain our AI receptionist services
• Process and route voice calls through our AI system
• Send and receive SMS messages on your behalf
• Generate call transcripts and summaries
• Provide AI chat assistant functionality (including email operations when authorized)
• Enable calendar integrations and appointment scheduling
• Enable email integrations for AI assistant tasks (send, reply, read emails on your behalf)
• Manage your customer contacts and CRM data

3.2 AI Training Clarification

We do not use your data to train general-purpose AI models. Your call recordings, transcripts, customer contacts, and other business data are used solely to provide and improve services for your specific organization. Your data is not shared with or used to train AI models for other customers or third parties.

3.3 Account Management

• Create and manage your user account
• Process subscription payments and billing
• Communicate with you about your account and services
• Provide customer support

3.4 Service Improvement

• Analyze usage patterns to improve our Services
• Develop new features and functionality
• Train and improve our AI models (using anonymized and aggregated data)
• Monitor and enhance platform performance and reliability

3.5 Communications

• Send transactional notifications (call alerts, booking confirmations)
• Send service-related announcements
• Respond to your inquiries and support requests

3.6 Legal and Safety

• Comply with applicable laws and regulations
• Enforce our Terms of Service
• Protect against fraudulent or illegal activity
• Protect the rights and safety of our users and third parties

4. Call Recording Disclosure

4.1 Recording Notice

All phone calls handled by Recevia AI agents are recorded. Before the AI agent answers each call, an automated message (IVR announcement) informs callers that the call may be recorded for quality assurance and training purposes.

4.2 Purpose of Recordings

Call recordings are used to:

• Generate accurate transcripts for your review
• Create AI-generated call summaries
• Enable quality assurance
• Provide evidence in case of disputes
• Improve AI performance (using anonymized data)

4.3 Access to Recordings

Only authorized users within your organization can access call recordings associated with your account. You can listen to, download, and delete recordings through the Recevia dashboard.

4.4 Caller Consent

By continuing with the call after the recording announcement, callers consent to being recorded. If a caller does not wish to be recorded, they may disconnect the call.

5. Email Integration Disclosure

5.1 Scope of Email Access

When you connect your Google or Microsoft email account to Recevia, our AI chat assistant can perform email operations on your behalf, including:

• Reading emails to gather information you request
• Sending emails as instructed by you
• Replying to emails based on your direction
• Searching your inbox for specific information

5.2 Who Can Access Email Features

• Team Members Only: Email integration features are exclusively available to authorized users within your Recevia account who have connected their email.
• Not Public-Facing: Public callers who contact your AI receptionist via phone or SMS cannot access, read, or trigger any email operations. The email integration is completely separate from the public-facing voice and SMS services.

5.3 Email Data Handling

• Email content is processed in real-time to fulfill your AI assistant requests
• We do not permanently store the full content of your emails
• Email metadata (subject lines, timestamps, sender/recipient addresses) may be temporarily cached for task completion
• OAuth tokens are stored encrypted and can be revoked at any time through your account settings

5.4 Revoking Email Access

You can disconnect your email integration at any time through:

• Your Recevia account settings
• Your Google or Microsoft account security settings Upon disconnection, we immediately cease access to your email account.

6. Third-Party Service Providers

We share your information with the following categories of third-party service providers who assist us in operating our Services:

6.1 Infrastructure and Hosting

Supabase

• Purpose: Database hosting, user authentication, file storage, and serverless functions
• Data shared: Account data, organization data, call metadata, transcripts, recordings
• Location: United States
• Privacy Policy: https://supabase.com/privacy

6.2 Payment Processing

Stripe

• Purpose: Payment processing, subscription management, billing
• Data shared: Billing name, email, payment method details
• Location: United States
• Privacy Policy: https://stripe.com/privacy
• Note: We do not store full credit card numbers; all payment data is handled directly by Stripe

6.3 Voice AI Technology

Retell AI

• Purpose: AI voice agent technology, real-time conversation processing
• Data shared: Call audio, phone numbers, conversation context
• Location: United States
• Privacy Policy: https://www.retellai.com/legal/privacy-policy

6.4 Telecommunications

Twilio

• Purpose: Voice call routing, SMS messaging infrastructure, phone number provisioning
• Data shared: Phone numbers, call audio, SMS content
• Location: United States
• Privacy Policy: https://www.twilio.com/legal/privacy

6.5 Calendar & Email Integrations

Google (Google Calendar & Gmail)

• Purpose: Calendar integration for appointment scheduling; email integration for AI chat assistant tasks
• Data shared: Calendar availability, event details, email content and metadata (only when you authorize each scope)
• Location: United States
• Privacy Policy: https://policies.google.com/privacy
• Note: Email integration is optional and used only by the in-app AI chat assistant for team members. Public callers and SMS contacts cannot access your email.

Microsoft (Microsoft 365/Outlook)

• Purpose: Calendar integration for appointment scheduling; email integration for AI chat assistant tasks
• Data shared: Calendar availability, event details, email content and metadata (only when you authorize each scope)
• Location: United States
• Privacy Policy: https://privacy.microsoft.com/privacystatement
• Note: Email integration is optional and used only by the in-app AI chat assistant for team members. Public callers and SMS contacts cannot access your email.

6.6 Analytics

PostHog

• Purpose: Product analytics, feature usage tracking, error monitoring
• Data shared: Usage events, device information, anonymized interaction data
• Location: United States/European Union
• Privacy Policy: https://posthog.com/privacy

6.7 Push Notifications

Expo (Expo Push Notifications)

• Purpose: Delivering push notifications to mobile devices
• Data shared: Push tokens, notification content
• Location: United States
• Privacy Policy: https://expo.dev/privacy

6.8 AI Processing

OpenAI

• Purpose: AI language processing, transcription, embeddings, and content generation
• Data shared: Text content for processing, audio for transcription
• Location: United States
• Privacy Policy: https://openai.com/privacy

6.9 Web Scraping

Firecrawl

• Purpose: Website content extraction for knowledge base creation
• Data shared: URLs you provide for scraping, extracted website content
• Location: United States
• Privacy Policy: https://www.firecrawl.dev/privacy
• Note: Only used when you actively request website scraping for your knowledge base

6.10 Email Delivery

Resend

• Purpose: Transactional email delivery (invitations, notifications, summaries)
• Data shared: Recipient email addresses, email content
• Location: United States
• Privacy Policy: https://resend.com/legal/privacy-policy

7. Data Retention

We retain your information for the following periods:

Deletion: You may request deletion of your data at any time by contacting us at info@recevia.ai. Upon account termination, we will delete or anonymize your personal information within 30 days, except where retention is required by law.

8. Your Privacy Rights

8.1 Rights Under PIPEDA (Canada)

If you are a Canadian resident, you have the following rights under the Personal Information Protection and Electronic Documents Act (PIPEDA):

• Right to Access: You may request access to the personal information we hold about you.
• Right to Correction: You may request correction of inaccurate or incomplete personal information.
• Right to Withdraw Consent: You may withdraw your consent for certain data processing activities, subject to legal or contractual restrictions.
• Right to Complain: You may file a complaint with the Office of the Privacy Commissioner of Canada.

8.2 Rights Under CCPA (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

• Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you.
• Right to Delete: You may request deletion of your personal information, subject to certain exceptions.
• Right to Opt-Out of Sale: You have the right to opt-out of the sale of your personal information. Note: Recevia does not sell personal information.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.

8.3 Exercising Your Rights

To exercise any of your privacy rights, please contact us at:

Email: info@recevia.ai
Subject Line: Privacy Rights Request

We will respond to your request within 30 days (or 45 days if an extension is needed). We may need to verify your identity before processing your request.

8.4 Authorized Agents

You may designate an authorized agent to submit requests on your behalf. We may require written authorization and verification of your identity.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal information:

9.1 Technical Safeguards

• Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher.
• Encryption at Rest: Sensitive data stored in our databases is encrypted using AES-256 encryption.
• Access Controls: Role-based access controls limit data access to authorized personnel only.
• Authentication: Multi-factor authentication options and secure password hashing (bcrypt).

9.2 Organizational Safeguards

• Regular security assessments and code reviews
• Employee training on data protection and privacy
• Incident response procedures
• Vendor security assessments

9.3 Data Breach Notification

In the event of a data breach that poses a real risk of significant harm, we will notify affected individuals and relevant regulatory authorities in accordance with applicable laws.

10. International Data Transfers

Recevia AI Inc. is based in Ontario, Canada. Your information may be transferred to, stored, and processed in:

• Canada (primary data storage)
• United States (third-party service providers)

When we transfer data internationally, we implement appropriate safeguards to ensure your information receives an adequate level of protection, including:

• Standard contractual clauses
• Data processing agreements with service providers
• Compliance with applicable cross-border transfer requirements

11. Children's Privacy

Our Services are not intended for individuals under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete such information promptly.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at info@recevia.ai.

12. Third-Party Links and Services

Our Services may contain links to third-party websites or services that are not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you access through our platform.

13. Do Not Track Signals

Some browsers have a "Do Not Track" feature that signals to websites that you do not want your online activity tracked. Our Services do not currently respond to Do Not Track signals. However, you can manage your privacy preferences through the settings in our app and your browser.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. When we make material changes, we will:

• Update the "Last Updated" date at the top of this policy
• Notify you via email or in-app notification at least 30 days before the changes take effect
• Obtain your consent where required by law

Your continued use of our Services after the effective date of any changes constitutes your acceptance of the updated Privacy Policy.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Recevia AI Inc.
Email: info@recevia.ai
Website: https://recevia.ai

For privacy-specific inquiries, please use the subject line "Privacy Inquiry" to ensure prompt handling.

16. Enterprise and Custom Agreements

16.1 Data Processing Agreements (DPA)

Enterprise customers with specific data processing requirements may request a separate Data Processing Agreement (DPA) that provides additional contractual commitments regarding data handling, security measures, and compliance obligations.

16.2 Custom Implementations

Enterprise tier customers may receive custom implementations with tailored data handling procedures, dedicated infrastructure, or specific compliance configurations. In such cases, the custom agreement terms will govern data processing for that customer's account and will supersede the general terms in this Privacy Policy where they conflict.

16.3 Requesting Enterprise Agreements

To request a Data Processing Agreement or discuss enterprise-specific data handling requirements, please contact us at info@recevia.ai with the subject line "Enterprise DPA Request."

17. Supplemental Notices

17.1 Notice for California Residents

Categories of Personal Information Collected:

In the preceding 12 months, we have collected the following categories of personal information:

Sources of Personal Information:

• Directly from you
• Automatically through your use of our Services
• From third-party integrations you authorize

Business Purposes for Collection:

• Providing and improving our Services
• Processing transactions
• Security and fraud prevention
• Legal compliance

Sale of Personal Information: Recevia does not sell personal information as defined under the CCPA.

Sharing for Business Purposes: We share personal information with service providers as described in Section 5 of this Privacy Policy.

17.2 Notice for Canadian Residents

Privacy Commissioner Contact:
If you are not satisfied with our response to your privacy concerns, you may contact the Office of the Privacy Commissioner of Canada:

Office of the Privacy Commissioner of Canada
30 Victoria Street
Gatineau, Quebec K1A 1H3
Toll-free: 1-800-282-1376
Website: https://www.priv.gc.ca

This Privacy Policy is provided in English. In the event of any conflict between the English version and any translation, the English version shall prevail.

Recevia AI Inc.
Ontario, Canada
https://recevia.ai