Legal
Privacy Policy
Effective date: April 8, 2026
ProMAS Inc. ("ProMAS", "we", "our", or "us") provides an AI-powered front office platform that answers calls, books appointments, and assists customers on behalf of businesses.
This Privacy Policy explains how we collect, use, disclose, and safeguard personal information in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA), Canada's Anti-Spam Legislation (CASL), and applicable Canadian privacy laws.
1. Roles and Responsibilities
Business customers act as the data controller of their customers' personal information. ProMAS acts as a data processor on behalf of the business.
2. Information We Collect
We collect:
- Account information (name, email, business details)
- Caller information (name, phone number, appointment requests)
- Call transcripts generated in real time
- Appointment and interaction data
- Usage and system logs
3. How We Use Information
We use personal information to:
- Provide AI call handling and appointment booking
- Send confirmations, reminders, and notifications
- Improve system performance
- Comply with legal obligations
We do not sell personal information and do not use customer data to train general-purpose AI models.
4. Call Processing and Transcription
Calls are processed in real time by an automated system to assist with booking and support. Conversations are transcribed and stored as text records. Live calls are not stored as audio recordings. Voicemail messages may be recorded and stored by our telephony provider.
5. Data Storage and Cross-Border Processing
Primary data (including transcripts and account information) is stored in Canada using Supabase (AWS ca-central-1).
Certain processing activities (including AI processing, telephony, and messaging) may occur outside Canada, primarily in the United States, through trusted service providers.
6. Sub-Processors
- Twilio: Telephony and SMS (United States)
- OpenAI: Real-time AI processing and transcription (United States)
- Supabase: Database and storage (Canada)
- Railway: Hosting and operational logging (United States)
- Resend: Transactional email delivery (United States)
- Voyage AI: Embeddings for knowledge base search (United States, transient processing only)
7. Logging and Data Separation
Operational logs are stored separately from customer data. Logs contain system metadata and masked identifiers only. Full transcripts and personal content are stored securely in the database and are not written to application logs.
8. Data Retention
We retain personal information only as long as necessary to provide our services and comply with legal obligations.
- Call transcripts, appointment data, and related records are retained for a default period of 180 days, unless a longer retention period is requested by the business or required by applicable law.
- After this period, conversation content is removed and only limited call metadata (such as call time, duration, and outcome) is retained for record-keeping purposes.
- Account data is retained for the duration of the active subscription.
- After account cancellation, data is deleted within 90 days unless otherwise required by law.
Backups are subject to the same retention and deletion policies.
9. SMS Communications
SMS messages are transactional and sent only with user consent. Recipients may opt out at any time by replying STOP or similar commands.
10. Security
We implement safeguards including encryption in transit and at rest, access controls, and role-based permissions.
11. Your Rights
Individuals may request access, correction, or deletion of their data by contacting info@promas.ca. Requests are handled within 30 days.
12. Automated Decision-Making
ProMAS uses automated systems to respond to calls and manage bookings. Callers may request human assistance at any time.
13. Changes
We may update this policy and will notify users of material changes.
14. Contact
ProMAS Inc., Toronto, Ontario, Canada