Privacy Policy

Your privacy and data security are fundamental to our business. Learn how Inputly.AI protects your restaurant and customer information in compliance with Canadian privacy laws.

Last Updated: March 18, 2026

Introduction

Inputly AI Inc. ("we," "our," or "us") is committed to protecting the privacy and security of personal information collected through our restaurant automation platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services.

As a Canadian company, we comply with the Personal Information Protection and Electronic Documents Act (PIPEDA), applicable provincial privacy legislation, and international privacy standards where we operate.

Key Privacy Commitments

  • Minimal Data Collection: We only collect information necessary for our services

  • Transparent Use: Clear explanation of how your data is used

  • Strong Security: Enterprise-grade encryption and security measures

  • Canadian Storage: Data stored in Canadian facilities when possible

  • User Control: You control your data and can request deletion

Information We Collect

Restaurant Account Information

When you create an account or use our services, we collect:

  • Business name, address, and contact information

  • Owner/manager name and email address

  • Phone numbers for voice ordering setup

  • Menu information and pricing

  • Payment and billing information

  • Integration credentials for POS and other systems

Customer Order Information

Through our platform, we process customer information necessary for order fulfillment:

  • Customer name and contact information

  • Delivery or pickup addresses

  • Order details and preferences

  • Payment information (processed through secure payment processors)

  • Order history and frequency

Voice Data and Call Recording

IMPORTANT NOTICE: ALL TELEPHONE CALLS MAY BE RECORDED

Our voice ordering system processes and records:

  • Voice recordings during order calls (recorded for quality assurance and training purposes)

  • Transcribed text from voice interactions

  • Voice pattern data for AI training and accuracy improvement (anonymized)

  • Call metadata including phone numbers, timestamps, and duration

  • Audio recordings stored for dispute resolution and compliance

By using our Service or calling our voice ordering system, you consent to call recording and monitoring for quality assurance, training, security, and compliance purposes. Recordings are retained in accordance with applicable law and business requirements.

Technical and Usage Data

We automatically collect technical information to improve our services:

  • IP addresses and device information

  • Browser type and version

  • Usage patterns and feature utilization

  • Performance metrics and error logs

  • Website analytics and cookies

How We Use Your Information

Service Delivery

  • Processing and fulfilling customer orders

  • Managing your restaurant account and settings

  • Providing voice ordering and AI automation services

  • Integrating with your POS and other systems

  • Generating analytics and business insights

Communication

  • Sending order confirmations and updates

  • Providing customer support and technical assistance

  • Sharing important service updates and announcements

  • Marketing communications (with your consent)

Improvement and Development

  • Improving AI accuracy and system performance

  • Developing new features and services

  • Conducting research and analytics (aggregated and anonymized)

  • Monitoring system security and preventing fraud

Legal and Compliance

  • Complying with applicable laws and regulations

  • Responding to legal requests and court orders

  • Protecting our rights and the rights of others

  • Ensuring food safety and health compliance

Information Sharing and Disclosure

We do not sell, trade, or rent your personal information. We only share information in the following circumstances:

Service Providers and Hosting

We work with trusted third-party service providers who assist in delivering our services:

  • Microsoft Azure: Primary cloud hosting and infrastructure provider. Your data is hosted on Azure servers which may be located in Canada, United States, or other Azure regions

  • Payment processors for secure transaction handling (Stripe, PayPal)

  • AI service providers (OpenAI, Azure OpenAI, Anthropic) for natural language processing

  • Telephony providers for voice calling infrastructure

  • Analytics and monitoring services

  • Customer support and communication platforms

IMPORTANT: While we use enterprise-grade hosting providers, we cannot guarantee 100% uptime or security. Service interruptions, downtime, or data breaches may occur despite our best efforts. By using our Service, you accept these risks.

Integration Partners

With your explicit consent, we share necessary information with:

  • POS system providers for order synchronization

  • Delivery platforms for order fulfillment

  • Accounting software for financial integration

  • Other restaurant technology partners

Legal Requirements

We may disclose information when required by law or to:

  • Comply with legal processes and government requests

  • Protect against fraud and security threats

  • Enforce our terms of service

  • Protect public health and safety

Business Transfers

In the event of a merger, acquisition, or sale of assets, customer information may be transferred as part of the business assets. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

Facebook and Instagram Data

Inputly.AI integrates with Meta platforms (Facebook and Instagram) to enable automated messaging and customer service for our restaurant clients. This section explains how we handle data obtained through these integrations.

What We Collect from Facebook and Instagram

When a restaurant connects their Facebook Page or Instagram Business Account to Inputly.AI, we collect and store:

  • Facebook Page access tokens and Instagram access tokens (encrypted at rest)

  • Facebook Page ID and Instagram Business Account ID

  • Message content sent to the connected Facebook Page or Instagram account by customers

  • Sender user IDs (Page-scoped IDs assigned by Meta — we do not collect full Facebook profile data)

  • Message timestamps and message IDs (used for deduplication and audit)

How We Use Facebook and Instagram Data

  • Automated replies: Message content is passed to our AI system solely to generate and send an automated response on behalf of the restaurant

  • Order processing: Where a customer places an order via Messenger or Instagram DM, the message is parsed to extract order details

  • Support and audit: Message logs are retained for dispute resolution and quality assurance

We do not sell, share, or use Facebook or Instagram message data for advertising, profiling, or any purpose beyond delivering the Inputly.AI restaurant automation service.

Meta Platform Compliance

  • We comply with the Meta Platform Terms and Meta Developer Policies

  • Access tokens are stored encrypted and are only used to send messages through the Meta Graph API on behalf of the restaurant owner who authorized the connection

  • We do not access or store any data beyond what is required to operate the messaging integration

  • Restaurant owners may disconnect their Facebook Page or Instagram account at any time from within the Inputly.AI dashboard, which immediately revokes our access and deletes stored tokens

Facebook and Instagram Data Deletion

You have the right to request deletion of any data we collected through your Facebook or Instagram integration. To submit a deletion request:

  • Email privacy@inputly.ai with subject line: "Facebook/Instagram Data Deletion Request"

  • Include your business name and the Facebook Page or Instagram account name

  • We will process your request and confirm deletion within 30 days

Disconnecting your Facebook or Instagram integration via the Inputly.AI dashboard will automatically delete all stored access tokens associated with that account within 24 hours.

LinkedIn Lead Data

Inputly.AI integrates with LinkedIn Lead Gen Forms to help businesses automatically receive, process, and respond to inbound leads. This section explains how we handle data obtained through LinkedIn integrations.

What We Collect from LinkedIn

When a business connects a LinkedIn advertising account or lead form workflow to Inputly.AI, we may collect and store:

  • LinkedIn OAuth access tokens and refresh tokens (encrypted at rest)

  • LinkedIn advertising account identifiers and LinkedIn subscription identifiers required for lead notifications

  • Lead form response data made available by LinkedIn, including fields such as name, email address, phone number, city, company, job title, and submitted form values

  • LinkedIn lead response identifiers, form identifiers, submission timestamps, and related webhook event metadata used for synchronization, deduplication, and audit purposes

How We Use LinkedIn Data

  • Lead synchronization: To receive LinkedIn lead notifications and import lead submissions into the Inputly.AI platform

  • CRM and follow-up workflows: To route leads into configured automations, customer service flows, and business follow-up processes

  • Support and audit: To maintain event history, troubleshoot integration issues, and confirm delivery of lead data

We do not sell LinkedIn lead data, use it for unrelated advertising purposes, or process it beyond what is necessary to provide the Inputly.AI lead automation service requested by the connected business.

LinkedIn Platform Compliance

  • We use LinkedIn data only for the specific business workflows authorized by the account holder connecting the integration

  • OAuth tokens are stored encrypted and are used solely to retrieve leads, maintain authorized subscriptions, and operate the LinkedIn integration

  • We limit our collection and retention of LinkedIn data to what is reasonably necessary for synchronization, support, security, and compliance

  • Businesses may disconnect their LinkedIn integration at any time, which disables future LinkedIn lead access and revokes active processing for that connection

LinkedIn Data Deletion and Revocation

You may request deletion of LinkedIn integration data or revoke access at any time.

  • Email privacy@inputly.ai with subject line: "LinkedIn Data Deletion Request"

  • Include your business name, LinkedIn ad account identifier, and any relevant lead form details to help us locate the integration

  • We will process validated deletion requests and confirm completion within 30 days, unless a shorter period is required by law

Disconnecting the LinkedIn integration through the Inputly.AI platform or by contacting us will revoke stored LinkedIn tokens, disable future lead synchronization, and remove associated subscription identifiers from active use.

Data Security

We implement comprehensive security measures to protect your information:

Technical Safeguards

  • 256-bit SSL/TLS encryption for data transmission

  • AES-256 encryption for data at rest

  • Multi-factor authentication for account access

  • Regular security audits and penetration testing

  • Automated monitoring for security threats

Operational Safeguards

  • Limited employee access on a need-to-know basis

  • Background checks for employees with data access

  • Regular security training for all staff

  • Incident response plan for security breaches

  • Secure data centers with physical access controls

Voice Data Protection

  • Voice recordings automatically deleted after 90 days

  • Encrypted transmission and storage of voice data

  • Anonymization of voice pattern data

  • Opt-out options for voice data retention

Data Retention

We retain personal information only as long as necessary for the purposes outlined in this policy:

Retention Periods

Data Type Retention Period Purpose
Account Information Duration of service + 7 years Service delivery, tax, and legal requirements
Order Data 3 years Customer service, analytics, legal compliance
Voice Recordings 90 days Quality assurance and dispute resolution
Analytics Data 2 years (anonymized) Service improvement and business insights
Security Logs 1 year Security monitoring and incident response
Facebook / Instagram Message Logs 90 days Dispute resolution, audit, quality assurance
Facebook / Instagram Access Tokens Until disconnected or revoked Required to operate the messaging integration on behalf of the restaurant

Data Deletion

When retention periods expire or upon your request, we securely delete personal information using industry-standard data destruction methods.

Your Privacy Rights

Under Canadian privacy law, you have the following rights regarding your personal information:

Access and Correction

  • Request access to personal information we hold about you

  • Correct inaccurate or incomplete information

  • Update your account information at any time

Deletion and Portability

  • Request deletion of your personal information

  • Export your data in a portable format

  • Close your account and delete associated data

Consent Management

  • Withdraw consent for marketing communications

  • Opt-out of voice data retention

  • Control integration data sharing

Exercise Your Rights

To exercise any of these rights, contact our Privacy Officer:

  • 📧 Email: privacy@inputly.ai

  • 📞 Phone: 1-833-INPUTLY (1-833-467-8859)

  • 📍 Mail: Inputly AI Inc., Privacy Officer, 123 Main St, Vancouver, BC V6B 1A1

We will respond to your request within 30 days.

Cookies and Tracking Technologies

We use cookies and similar technologies to improve your experience and analyze usage:

Types of Cookies

  • Essential Cookies: Required for basic website functionality

  • Performance Cookies: Help us understand how visitors use our site

  • Functional Cookies: Remember your preferences and settings

  • Marketing Cookies: Used to deliver relevant advertisements (with consent)

Cookie Management

You can control cookies through your browser settings or our cookie preference center. Note that disabling certain cookies may affect website functionality.

Children's Privacy

Our services are designed for businesses and are not intended for children under 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected information from a child under 13, we will promptly delete that information.

International Data Transfers

We primarily store and process data within Canada. When data must be transferred outside Canada for service delivery:

  • We ensure adequate protection through contractual safeguards

  • Transfers only occur to countries with adequate privacy protection

  • We maintain the same security standards regardless of location

  • You can request data to remain in Canada for an additional fee

AI System Limitations and Disclaimer

Important: AI-Powered Service

Our entire Service is powered by artificial intelligence (AI) and machine learning systems. While we strive for accuracy, AI systems can and do make mistakes.

YOU EXPRESSLY ACKNOWLEDGE AND AGREE THAT:

  • AI may process data incorrectly, resulting in wrong information, orders, or outputs

  • Voice recognition may misunderstand or misinterpret spoken words

  • AI-generated responses may be inaccurate, inappropriate, or fail to meet expectations

  • Data processing errors may occur despite our best efforts

  • You should verify critical information before relying on AI outputs

LIMITATION OF LIABILITY: Inputly AI Inc. and all associated parties (including officers, directors, employees, shareholders, affiliates, contractors, family members, heirs, and personal assets) SHALL NOT BE LIABLE for any errors, mistakes, or damages arising from:

  • AI system errors or inaccuracies

  • Incorrect data processing or analysis

  • Service downtime or interruptions

  • Data loss, corruption, or unauthorized access

  • Third-party service failures (Azure, payment processors, etc.)

We are a SERVICE PROVIDER ONLY and do not control or verify the accuracy of customer-facing outputs. You remain responsible for validating data and complying with all applicable regulations.

Privacy Compliance

Inputly AI Inc. is committed to compliance with all applicable privacy laws:

Corporate Information

Inputly AI Inc. is a registered business incorporated in British Columbia, Canada, with principal offices in Surrey, BC.

Canadian Compliance

  • Personal Information Protection and Electronic Documents Act (PIPEDA)

  • Provincial privacy legislation (Alberta PIPA, BC PIPA, Quebec Act 25)

  • Canadian Anti-Spam Legislation (CASL)

International Standards

  • General Data Protection Regulation (GDPR) for EU customers

  • California Consumer Privacy Act (CCPA) for US customers

  • ISO 27001 information security standards

Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make material changes:

  • We will notify you by email and through our platform

  • We will post the updated policy on our website

  • The effective date will be clearly indicated

  • Your continued use constitutes acceptance of the changes

Contact Our Privacy Officer

If you have questions about this Privacy Policy or our privacy practices, please contact our Privacy Officer:

Privacy Officer

Inputly AI Inc.

Surrey, BC
Canada

Contact Methods

📧 Email: privacy@inputly.ai

📞 Phone: 1-833-INPUTLY (1-833-467-8859)

🕐 Hours: Monday-Friday, 9 AM - 5 PM PST

Privacy Complaint Process

If you believe your privacy rights have been violated, you can:

  1. Contact our Privacy Officer using the information above

  2. File a complaint with the Office of the Privacy Commissioner of Canada

  3. Contact your provincial privacy commissioner

We are committed to resolving privacy concerns promptly and fairly.