How AgentAssistPlus collects, protects, and — just as often — deliberately does not use your data, across PIPEDA, GDPR, AIDA, and CCPA/CPRA.
Which laws we answer to, and the baseline standard everything else is built on.
AgentAssistPlus is a Canadian corporation. Our primary regulatory baseline is the Personal Information Protection and Electronic Documents Act (PIPEDA).
We adhere to the EU AI Act (Article 50), GDPR (EU/UK), and CCPA/CPRA (USA). We operate on a "Privacy by Design" model, ensuring data protection is the foundation of our AI workflow architecture.
We only collect and process the minimum amount of personal data necessary to execute our AI workflows. If a service can be provided using de-identified data, we prioritize that method.
How your data does — and does not — feed the models, and who stays in the loop.
We use enterprise-grade AI APIs (OpenAI, Anthropic, Perplexity) which legally prohibit the use of client-submitted data for their general model training.
We may use anonymized datasets to train our internal models. You have the right to object — you may opt out of having your de-identified data used for our internal training by contacting our Privacy Officer.
No high-impact decision (e.g., final contract execution) is fully autonomous. Every workflow requires human initiation and review to ensure accuracy and ethical alignment.
We regularly audit our workflows to detect and mitigate unintended bias or discriminatory outcomes in lead processing and contract generation.
Where lead lists are allowed to come from, and how AI-made content is labeled.
We do not engage in predatory or illegal scraping. Clients are solely responsible for ensuring that uploaded lead lists or databases were collected in accordance with applicable local laws.
Content generated by AgentAssistPlus may contain digital watermarks or metadata identifying it as AI-assisted. In accordance with global transparency standards, we require clients to maintain transparency when AI is used to create public-facing content.
How financial and personal details are locked down, and who we knowingly do not serve.
Sensitive data required for contract modification (e.g., financial details or personal identifiers) is encrypted and accessible only to the automated workflow during the generation window.
Our services are strictly for professional use. We do not knowingly collect data from individuals under the age of 18. If discovered, such data is purged immediately.
What we track for campaign performance, and how easy it is to walk away.
We use cookies, pixels, and web beacons to monitor campaign effectiveness (e.g., email open rates).
We honor Right to be Forgotten requests by purging an individual’s data from our active broadcasting databases within 30 days of a verified request. Every mass-nurturing communication includes an immediate unsubscribe path compliant with CASL and CAN-SPAM.
Encryption standards, where data physically lives, and what happens if something goes wrong.
All sensitive data is encrypted at rest and in transit using AES-256 standards.
Data is stored on servers in Canada and the United States. We use Standard Contractual Clauses (SCCs) to ensure a comparable level of protection regardless of location.
We will notify affected users and regulators within 72 hours of discovering a data breach that poses a risk of significant harm.
What deletion actually covers, and the limits of the Right to Erasure once data trains a model.
While we delete raw personal data upon request, AgentAssistPlus retains the right to keep anonymized "Derivative Data" (e.g., performance metadata) that does not identify an individual.
Users have the right to request an explanation of the logic used in our lead scoring or categorization workflows.
Once data has been anonymized and integrated into trained model weights, it cannot be individually extracted. The Right to Erasure does not extend to previously trained, non-identifiable model parameters.
How we check our vendors, and how you’ll know when this policy changes.
We conduct annual privacy impact assessments on our LLM providers and cloud hosts to ensure their standards meet our Global Privacy Standard.
We may update this policy to reflect changes in AI law (e.g., AIDA). Changes will be posted here with a revised "Last Updated" date.