Privacy Policy
This Privacy Policy explains how Concord AI ("Concord AI", "we", "us", or "our") collects, uses, shares, and protects personal information in connection with the website at concordai.ca and any consulting, advisory, or AI implementation services we provide (the "Services"). Concord AI is an independent consulting practice based in Fort McMurray, Alberta, Canada.
We comply with the federal Personal Information Protection and Electronic Documents Act (PIPEDA) and Alberta's Personal Information Protection Act (PIPA). This policy is written in plain language so you can understand what we do — if anything here is unclear, please contact us.
1.What This Policy Covers
This policy applies to:
- Visitors to concordai.ca;
- People who contact us by email, phone, or other channels;
- Clients who engage us for consulting or AI implementation work;
- End users who interact with AI systems we have built and deployed on behalf of a client (for example, callers to a client's AI voice receptionist).
When we build an AI system for a client (for example, a voice agent that answers calls for a contracting business), that client is the data controller for the personal information collected through that system. Concord AI acts as a service provider handling data on the client's behalf, under their privacy policy and our written agreement with them.
2.Information We Collect
Website visitors. Our website does not use analytics, advertising pixels, or tracking cookies. Standard server-level information may be logged by our hosting provider (such as IP address, browser type, pages visited, and timestamps) for security, abuse prevention, and basic operational diagnostics. The website loads fonts from Google Fonts, which may involve a brief connection to Google's servers.
Inquiries and email. If you email us at info@concordai.ca or otherwise contact us, we collect the information you provide — typically your name, email address, business details, and the content of your message — so we can respond and follow up.
Clients during an engagement. When you engage us for consulting or implementation work, we collect information necessary to deliver the Services. This may include contact and billing information, business documents you share with us, system credentials needed to build integrations, content (transcripts, recordings, prompts) used to design and test AI tools, and feedback collected during the engagement.
End users of deployed AI systems. AI tools we build for clients (such as voice receptionists, chat assistants, or automated workflows) may collect:
- Caller phone numbers and call audio recordings;
- Transcripts of voice or text conversations;
- Information the user provides during the interaction (name, address, project details, scheduling preferences, payment context);
- Metadata about the interaction (timestamps, duration, outcome).
Where required by law, AI voice systems we deploy disclose that the caller is speaking with an AI assistant and that calls may be recorded. The client business is responsible for ensuring the disclosure and consent practices meet the requirements of the jurisdictions they operate in.
3.How We Use Information
We use personal information to:
- Respond to inquiries and provide the Services you have requested;
- Design, build, test, and improve AI tools and integrations for our clients;
- Communicate with clients about engagements, deliverables, billing, and follow-ups;
- Maintain security, prevent abuse, and protect our systems and the systems we manage on behalf of clients;
- Meet legal, accounting, and tax obligations.
We do not sell personal information. We do not use client business data or end-user conversations to train general-purpose AI models on our own account.
4.Legal Basis for Processing
Under PIPEDA and Alberta PIPA, we collect, use, and disclose personal information only with consent (express or implied), or where the law otherwise permits or requires it. By contacting us, engaging us, or interacting with AI systems we deploy on behalf of a client, you provide implied consent to the handling described in this policy.
5.Third-Party Service Providers
To operate our Services we rely on third-party platforms, which may process personal information on our behalf or on behalf of our clients. Depending on the engagement, these may include providers such as:
- Voice and telephony infrastructure (for example, Retell, Twilio);
- Email delivery (for example, Resend, Google Workspace);
- Payment processing (for example, Stripe);
- Accounting and field-service tools (for example, QuickBooks, Jobber);
- Calendar and document services (for example, Google);
- AI model providers (for example, Anthropic, OpenAI);
- Web hosting and deployment platforms (for example, Hostinger, Railway).
We only share what is necessary, and we choose providers we believe offer reasonable security and privacy practices. Each provider has its own privacy policy and terms.
6.International Transfers
Some of the providers listed above store or process data outside of Canada, including in the United States. Personal information processed in another country may be subject to that country's laws, including lawful access by government authorities. By using our Services, you understand and consent to this cross-border processing.
7.AI Models, Recordings, and Training
Conversations handled by AI tools we build may be processed by third-party AI model providers in order to generate a response. We configure these integrations to use API endpoints that, under the provider's standard terms, do not use submitted content to train general models. Where a provider's defaults differ, we work with the client to select appropriate settings.
Call recordings and transcripts are typically retained for a limited operational period for quality, debugging, and improvement of the deployed system, after which they are deleted or anonymized in accordance with the client's instructions and applicable law.
8.How We Share Information
We share personal information only:
- With third-party service providers as described above, to deliver the Services;
- With our clients, where the information was collected through an AI system we operate on their behalf;
- When required by law, court order, or to respond to a valid government request;
- To protect the rights, property, or safety of Concord AI, our clients, end users, or the public;
- In connection with a business transition (such as a merger or sale), in which case any successor must agree to handle personal information consistently with this policy.
9.Data Retention
We retain personal information only for as long as needed to fulfill the purposes for which it was collected, to meet our legal and contractual obligations, and to resolve disputes. Retention periods vary by data type and engagement. When information is no longer needed, we securely delete, destroy, or anonymize it.
10.Security
We use reasonable administrative, technical, and physical safeguards to protect personal information — including access controls, encryption in transit, vetted infrastructure providers, and the principle of least privilege for credentials. No system is perfectly secure, however, and we cannot guarantee that personal information will never be accessed, disclosed, altered, or destroyed by a breach of any of our safeguards.
11.Your Rights
Subject to PIPEDA, Alberta PIPA, and other applicable law, you have the right to:
- Ask whether we hold personal information about you, and request a copy of it;
- Ask us to correct information that is inaccurate or incomplete;
- Withdraw consent to certain uses (subject to legal and contractual restrictions);
- Ask us to delete information we no longer need to retain;
- File a complaint with us, or with the Office of the Privacy Commissioner of Canada (priv.gc.ca) or the Office of the Information and Privacy Commissioner of Alberta (oipc.ab.ca).
If your personal information was collected by an AI system we operate on behalf of a client, please contact that client directly to exercise rights against the data controller. We will support the client in responding.
12.Cookies and Tracking
Our website does not set advertising cookies, analytics cookies, or marketing pixels. If we add cookie-based or analytics tools in the future (for example, privacy-respecting analytics, or a contact form), we will update this policy and, where required, request your consent.
13.Children
Our Services are intended for businesses and adults. We do not knowingly collect personal information from children under the age of 13. If you believe a child has provided us with personal information, please contact us and we will take reasonable steps to delete it.
14.Changes to This Policy
We may update this Privacy Policy from time to time. Updated versions become effective when posted on this page, and the "Last updated" date will reflect the change. Material changes will be highlighted where reasonable. Your continued use of the website or Services after changes are posted means you accept the updated policy.
15.Contact
Questions, requests, or complaints about this Privacy Policy or how we handle personal information? Reach out to us:
- Concord AI
- Fort McMurray, Alberta, Canada
- info@concordai.ca