Legal · Global compliance

Privacy Policy

How AgentAssistPlus collects, protects, and — just as often — deliberately does not use your data, across PIPEDA, GDPR, AIDA, and CCPA/CPRA.

Incorporated
Canada
Compliance
PIPEDA, GDPR, AIDA, CCPA/CPRA
Last updated
March 14, 2026
Effective
March 14, 2026
1

Global Scope & Governance

Which laws we answer to, and the baseline standard everything else is built on.

1.1Jurisdiction

AgentAssistPlus is a Canadian corporation. Our primary regulatory baseline is the Personal Information Protection and Electronic Documents Act (PIPEDA).

1.2Global standards

We adhere to the EU AI Act (Article 50), GDPR (EU/UK), and CCPA/CPRA (USA). We operate on a "Privacy by Design" model, ensuring data protection is the foundation of our AI workflow architecture.

1.3Data minimization

We only collect and process the minimum amount of personal data necessary to execute our AI workflows. If a service can be provided using de-identified data, we prioritize that method.

2

Artificial Intelligence & Data Ethics

How your data does — and does not — feed the models, and who stays in the loop.

2.1Prompt security

We use enterprise-grade AI APIs (OpenAI, Anthropic, Perplexity) which legally prohibit the use of client-submitted data for their general model training.

2.2Proprietary training & opt-out

We may use anonymized datasets to train our internal models. You have the right to object — you may opt out of having your de-identified data used for our internal training by contacting our Privacy Officer.

2.3Human-in-the-loop

No high-impact decision (e.g., final contract execution) is fully autonomous. Every workflow requires human initiation and review to ensure accuracy and ethical alignment.

2.4Algorithmic fairness

We regularly audit our workflows to detect and mitigate unintended bias or discriminatory outcomes in lead processing and contract generation.

3

Data Sourcing & Content Disclosure

Where lead lists are allowed to come from, and how AI-made content is labeled.

3.1Non-exploitation (scraping)

We do not engage in predatory or illegal scraping. Clients are solely responsible for ensuring that uploaded lead lists or databases were collected in accordance with applicable local laws.

3.2Synthetic content disclosure

Content generated by AgentAssistPlus may contain digital watermarks or metadata identifying it as AI-assisted. In accordance with global transparency standards, we require clients to maintain transparency when AI is used to create public-facing content.

4

Data Types & Sensitive Information

How financial and personal details are locked down, and who we knowingly do not serve.

4.1Contract automation

Sensitive data required for contract modification (e.g., financial details or personal identifiers) is encrypted and accessible only to the automated workflow during the generation window.

4.2B2B limitation

Our services are strictly for professional use. We do not knowingly collect data from individuals under the age of 18. If discovered, such data is purged immediately.

5

Cookies, Tracking & Opt-Outs

What we track for campaign performance, and how easy it is to walk away.

5.1Tracking technologies

We use cookies, pixels, and web beacons to monitor campaign effectiveness (e.g., email open rates).

5.2Right to be forgotten

We honor Right to be Forgotten requests by purging an individual’s data from our active broadcasting databases within 30 days of a verified request. Every mass-nurturing communication includes an immediate unsubscribe path compliant with CASL and CAN-SPAM.

6

Security & Breach Protocol

Encryption standards, where data physically lives, and what happens if something goes wrong.

6.1Encryption

All sensitive data is encrypted at rest and in transit using AES-256 standards.

6.2Cross-border transfers

Data is stored on servers in Canada and the United States. We use Standard Contractual Clauses (SCCs) to ensure a comparable level of protection regardless of location.

6.372-hour breach protocol

We will notify affected users and regulators within 72 hours of discovering a data breach that poses a risk of significant harm.

7

Advanced Data Rights

What deletion actually covers, and the limits of the Right to Erasure once data trains a model.

7.1Derivative data

While we delete raw personal data upon request, AgentAssistPlus retains the right to keep anonymized "Derivative Data" (e.g., performance metadata) that does not identify an individual.

7.2Meaningful explanation

Users have the right to request an explanation of the logic used in our lead scoring or categorization workflows.

7.3Legacy training waiver

Once data has been anonymized and integrated into trained model weights, it cannot be individually extracted. The Right to Erasure does not extend to previously trained, non-identifiable model parameters.

8

Vetting & Updates

How we check our vendors, and how you’ll know when this policy changes.

8.1Sub-processor vetting

We conduct annual privacy impact assessments on our LLM providers and cloud hosts to ensure their standards meet our Global Privacy Standard.

8.2Amendments

We may update this policy to reflect changes in AI law (e.g., AIDA). Changes will be posted here with a revised "Last Updated" date.

© AgentAssistPlus. All rights reserved.Privacy Officer requests · opt-outs · erasure requests