Effective date: [Month Day, Year]
This Privacy Policy explains how SwiftCNS.ai ("SwiftCNS", "we", "us", or "our") collects, uses, discloses, and safeguards personal information when you:
We are committed to handling personal information in a way that is transparent, reasonable, and compliant with applicable privacy laws, including Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) for our commercial activities.
By accessing or using the Service, you agree that we may collect, use, and disclose your information as described in this Privacy Policy and our Terms of Service.
If you do not agree with this Privacy Policy, please do not use the Service.
SwiftCNS.ai is a Canadian-based technology company providing an AI-driven experimentation platform for businesses, innovators, startups, and enterprises around the world.
This Privacy Policy applies to:
It covers "personal information" as defined in PIPEDA: information about an identifiable individual, including business contact information when used beyond simple business communications. It does not apply to information about organizations themselves that does not relate to an identifiable individual.
The rest of this Policy provides more detail.
The information we collect depends on how you use the Site and Service. We group it as follows:
When you create an account or interact with us, we may collect:
This is primarily business contact information in a professional context, but we treat it with care as personal information where applicable.
As part of using the Service, you and your authorized users may submit:
In this Policy, we call this "Experiment Data" and treat it as part of your "User Content".
Important: The Service is designed for business and research data, not for sensitive personal data. We ask you not to include personal information about individuals in your Experiment Data where reasonably avoidable, and never include highly sensitive data (see Section 6.6 below).
When you visit the Site or use the Service, we automatically collect certain technical information, such as:
This "Usage Data" helps us secure the Service, understand how it is used, and improve performance.
If you contact us (e.g., by email, contact form, or support chat), we collect:
We use this information to respond to your requests and maintain records of our communications.
If you purchase a paid plan, we or our payment processors may collect:
We do not normally store full payment card numbers on our own systems; instead, we rely on PCI‑compliant payment service providers.
Depending on your configuration, we may receive information from:
We treat such information in accordance with this Policy and the applicable integration's terms.
We collect personal information through:
Under PIPEDA, we must identify the purposes for which personal information is collected at or before the time of collection. We do this through this Policy, in‑product notices, and our Terms of Service.
We use cookies and similar technologies (such as local storage and pixels) to:
We may also use third‑party analytics services to help us understand aggregate usage patterns.
You can control cookies through your browser settings. If you disable cookies, some features of the Service may not function properly.
We use personal information (including business contact information, Experiment Data, and Usage Data) for the following purposes, in line with PIPEDA's principles of Identifying Purposes, Limiting Collection, and Limiting Use, Disclosure, and Retention.
You can opt out of marketing emails at any time by using the unsubscribe link in the email or contacting us directly. (We may still send non‑marketing communications related to your account or the Service.)
We analyze Usage Data, Aggregated/De‑identified Data, and, in limited cases, samples of Experiment Data to:
Where possible, we use Aggregated / De‑identified Data so that the information does not reasonably identify you or any individual. We commit not to attempt to re‑identify such data.
We may process personal information to:
Our Service is not intended to collect or process:
We request that you do not input such information into the Service. If you believe we may have inadvertently processed sensitive or children's information, please contact us so we can take appropriate steps (such as deletion or additional protection).
Under PIPEDA, organizations must obtain meaningful consent for the collection, use, and disclosure of personal information, except where an exception applies.
We rely on a combination of:
PIPEDA requires that collection, use, and disclosure be for purposes a reasonable person would consider appropriate in the circumstances. We limit our practices to such purposes and design our platform and policies accordingly.
If we wish to use personal information for a new purpose that is not reasonably related to the original purpose, we will explain the new purpose and obtain additional consent as required.
For users in other jurisdictions (e.g., the EU/UK), additional legal grounds (such as contractual necessity or legitimate interests) may apply under local law. If you are in such a jurisdiction and have questions about how this applies to you, please contact us.
We do not sell your personal information. We share personal information only as described below and as permitted or required by law.
We use third‑party service providers to help operate and support the Service, including:
These service providers act on our behalf and are only allowed to use personal information as necessary to perform services for us, under appropriate confidentiality and data protection obligations.
When you run an experiment, relevant Experiment Data is sent to AI Providers to perform the requested analysis or generation. We contractually require AI Providers to:
(You should still avoid including unnecessary personal information in your Experiment Data.)
We may share information with our corporate affiliates or trusted business partners where they assist in providing or improving the Service, subject to privacy and confidentiality obligations.
If we are involved in a merger, acquisition, sale of assets, financing, or similar transaction, your information may be transferred as part of that transaction. We will take steps to ensure that any recipient continues to handle your information in accordance with this Policy and applicable law.
We may disclose information if we reasonably believe it is necessary to:
We may share your information with third parties when you ask us to do so—for example, when you connect a third‑party integration or request that we collaborate with another provider on your behalf.
SwiftCNS is based in Canada, but we and our service providers (including AI Providers and cloud hosts) may process personal information in Canada, the United States, and other countries.
This means your information may be subject to the laws and access requests of those jurisdictions (for example, from law enforcement or regulatory authorities).
Where we transfer personal information outside of Canada, we take steps to ensure a comparable level of protection, such as by:
We retain personal information only as long as reasonably necessary to fulfill the purposes for which it was collected or as required by law, consistent with PIPEDA's principles on limiting retention.
In general:
We may keep information longer where required by law or to resolve disputes.
We take reasonable administrative, technical, and physical safeguards to protect personal information against loss, theft, unauthorized access, disclosure, copying, use, or modification, as required by PIPEDA's Safeguards principle.
Measures may include:
However, no system can be perfectly secure. We cannot guarantee absolute security of information, and you are responsible for maintaining the security of your own account credentials and environment.
If we become aware of a security incident involving personal information, we will take appropriate steps, which may include investigation, containment, notification, and mitigation in line with applicable laws.
Under PIPEDA, you have the right to request access to personal information we hold about you and to request corrections if it is inaccurate or incomplete, subject to certain limited exceptions.
You can:
We may require reasonable verification of your identity before responding to such requests and may charge a minimal fee where permitted by law (we'll tell you in advance if this applies).
You may withdraw your consent to our collection, use, or disclosure of your personal information, subject to legal or contractual restrictions and reasonable notice.
If you withdraw consent for essential uses (for example, to operate your account), we may no longer be able to provide some or all of the Service.
If you no longer wish to receive marketing emails from us, you can opt out by:
We may still send important transactional or service‑related messages even if you opt out of marketing.
You can:
Please note that deleting content or closing an account does not always result in immediate deletion of all associated information from our systems, due to backups and legal requirements, but we will handle such information in line with this Policy and our retention practices.
If you have concerns about our handling of your personal information, you may contact us (Section 15). Under PIPEDA, you also have the right to complain to the Office of the Privacy Commissioner of Canada (OPC) if you are not satisfied with our response.
Our Service uses AI models operated by third‑party AI Providers to process Experiment Data and generate outputs. This involves automated processing of the data you submit.
We use AI Providers as service providers under our instructions, to perform experiments you initiate.
We do not use your personal information to make automated decisions that produce legal or similarly significant effects about you or other individuals, without appropriate additional notice and any consent required by law.
You remain responsible for evaluating AI‑generated outputs and for how you use them in your business. AI outputs may be imperfect, biased, or unsuitable without human judgment.
We follow emerging guidance from Canadian privacy regulators regarding responsible, privacy‑protective development and use of generative AI, and will adapt our practices as laws and best practices evolve.
Our Site and Service are intended for adults and business users. They are not directed to children under 13, and we do not knowingly collect personal information about children.
If you believe that a child under 13 has provided personal information to us, please contact us so we can take appropriate action, such as deleting the information where appropriate.
The Site and Service may contain links to third‑party websites or allow you to connect to third‑party services (e.g., integration partners). We are not responsible for the privacy practices of those third parties.
We encourage you to review the privacy policies of any third‑party websites or services you use.
We may update this Privacy Policy from time to time, for example to reflect changes in:
When we make material changes, we will:
Your continued use of the Service after an updated Privacy Policy becomes effective indicates that you accept the changes. If you do not agree, you should stop using the Service and may request that we close your account.
We are responsible for personal information under our control and have designated a person accountable for compliance with this Privacy Policy and PIPEDA's principles (sometimes referred to as a Privacy Officer).
If you have any questions, concerns, or requests about this Privacy Policy or our privacy practices, please contact:
SwiftCNS.ai – Privacy Officer
[Legal entity name]
[Mailing address]
Email: [privacy@swiftcns.ai] (or other dedicated privacy email)
You also have the right to contact:
Office of the Privacy Commissioner of Canada
(for contact details, see the OPC website)