Privacy Policy

Last updated: March 19, 2026

1. Scope

This Privacy Policy explains how AITWIRE collects, uses, discloses, stores, and otherwise processes personal information through the AITWIRE website, dashboard, APIs, support channels, sales and billing processes, marketing communications, and connected or embedded services where this Policy is referenced.

This Policy is intended to comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation. Where other privacy laws apply (such as GDPR for individuals in the European Economic Area), AITWIRE will handle personal information in accordance with the requirements of those laws to the extent applicable.

2. What We Collect

Account and profile information

Name, email address, organization name, job title, login credentials, authentication data, billing contact information, and workspace or account settings.

Transaction and billing information

Subscription details, invoices, payment status, plan selection, and limited payment metadata. Payment card processing is handled by third-party processors (such as Stripe); AITWIRE does not store full payment card numbers.

Product usage and technical information

Log data, device and browser information, IP address, authentication events, diagnostic data, API usage, widget configuration, domain configuration, usage metrics, and interaction history with the Service.

Authority declaration and entity data

Information that Customer submits, connects, or generates through the Service in connection with Authority Declarations, Authority Surfaces, and Customer Entities, including business names, addresses, hours, pricing, policies, product information, and other business facts. This information is typically not personal information, but may contain personal information if Customer chooses to include it (for example, individual contact names or employee information in authority declarations).

AI monitoring and analytics data

Results from Monitoring Probes sent to third-party Automated Agents, including AI system responses, accuracy assessments, drift detection results, visibility scores, sentiment analyses, and compliance evaluations. Monitoring Probe responses may transiently contain third-party content but are processed for analytical purposes and are not stored as personal information.

Connector-sourced platform data

Entity data extracted from connected third-party platforms (such as Shopify, WordPress, or Google Business Profile) through Connectors, as authorized by Customer.

Communications

Messages sent to support, sales, or us generally, and records of those communications.

Marketing and preferences

Consent status, subscription preferences, and engagement with our communications.

3. How We Use Personal Information

We use personal information to:

  • provide, operate, secure, and support the Service;
  • authenticate users and administer accounts;
  • process payments and manage subscriptions;
  • publish Authority Declarations and Authority Files on behalf of Customer;
  • conduct AI monitoring, including sending Monitoring Probes to third-party Automated Agents to assess accuracy;
  • perform drift detection, analytics, scoring, and product improvement;
  • provide customer support;
  • communicate service notices, updates, billing notices, and other operational messages;
  • send marketing communications where permitted by law;
  • comply with legal obligations; and
  • detect, investigate, and prevent fraud, misuse, or security incidents.

4. AI Monitoring and Third-Party Automated Agents

As part of the Service, AITWIRE sends Monitoring Probes — controlled queries — to third-party Automated Agents (such as ChatGPT, Gemini, Claude, and Perplexity) to assess how those systems represent Customer Entities. This process:

  • involves sending queries containing business names and other Customer Entity identifiers to third-party AI systems;
  • receives and processes responses from those systems for accuracy assessment, drift detection, sentiment analysis, and compliance scoring;
  • does not involve sending personal information of individuals to third-party AI systems (probes concern business entities, not individual persons); and
  • is subject to the third-party AI systems' own terms of service and privacy practices, which AITWIRE does not control.

5. Account Data vs. Customer Data

AITWIRE distinguishes between:

  • Account Data that AITWIRE controls for its own administrative, security, and commercial purposes (such as login credentials, billing records, and support history); and
  • Customer Data that Customer submits or connects to the Service and that AITWIRE processes to provide the Service (such as authority declaration content, entity records, and connector-sourced data).

Where AITWIRE processes personal information contained in Customer Data on behalf of Customer, Customer is responsible for ensuring it has the necessary rights and lawful basis to provide that data. Enterprise customers requiring processor-style commitments should refer to the AITWIRE Enterprise Data Processing Addendum.

6. Consent and Legal Bases

AITWIRE relies on the following legal bases for processing personal information, as applicable under PIPEDA and other privacy laws:

  • Consent — where you have provided express or implied consent, such as when creating an account, subscribing to marketing communications, or connecting third-party platforms;
  • Contractual necessity — where processing is necessary to provide the Service you have requested;
  • Legitimate business purposes — where processing is necessary for AITWIRE's legitimate interests (such as security, fraud prevention, analytics, and product improvement) and those interests are not overridden by your privacy rights;
  • Legal obligations — where processing is required by law.

You may withdraw certain consents, subject to legal or contractual restrictions and reasonable notice. Withdrawal of consent may affect your ability to use certain features of the Service.

7. Marketing Communications

If AITWIRE sends commercial electronic messages, we comply with Canada's Anti-Spam Legislation (CASL), including by:

  • obtaining consent (express or implied as permitted) before sending commercial electronic messages;
  • including identification information (sender name, contact information) in each message; and
  • providing a functioning unsubscribe mechanism that is honored within ten (10) business days.

8. Cookies and Similar Technologies

AITWIRE uses cookies, local storage, analytics tags, and similar technologies on our website and dashboard. These fall into the following categories:

  • Strictly necessary cookies — required for authentication, session management, and security. These cannot be disabled without affecting core functionality.
  • Analytics cookies — used to measure traffic, usage patterns, and Service performance. These help us understand how the Service is used and identify improvements.
  • Preference cookies — used to remember settings, display preferences, and workspace configurations.

AITWIRE does not use third-party advertising cookies or sell data collected through cookies.

9. Disclosure of Personal Information

We may disclose personal information to:

  • Service providers and subprocessors assisting with hosting, identity, analytics, support, payment processing, communications, or infrastructure;
  • Authorized users or workspace administrators, depending on account structure;
  • Third-party integrations that Customer chooses to enable through Connectors;
  • Legal, regulatory, or governmental authorities where required or permitted by law; and
  • A purchaser or successor in connection with a merger, financing, acquisition, reorganization, or sale of all or part of our business.

AITWIRE does not sell personal information as that term is commonly understood in consumer privacy laws.

10. De-Identified and Aggregated Data

AITWIRE may create and use de-identified, anonymous, or aggregated data for lawful business purposes, including product improvement, analytics, benchmarking, security, and research. We will not attempt to re-identify individuals from data that is intended to be de-identified.

11. Retention

AITWIRE retains personal information for as long as reasonably necessary for the purposes described in this Policy, including for legal, accounting, security, operational, dispute resolution, and enforcement needs.

Specific retention practices:

  • Account Data is retained for the duration of the account relationship and for a reasonable period thereafter for legal and administrative purposes.
  • Customer Data is retained during the subscription and for thirty (30) days following termination to support data export, after which it may be deleted.
  • Monitoring Probe results and analytics are retained in accordance with the applicable plan's data retention period.
  • Billing and transaction records are retained for the period required by applicable tax and accounting laws.

12. Security

AITWIRE uses reasonable administrative, technical, and organizational safeguards designed to protect personal information against unauthorized access, disclosure, alteration, loss, or misuse. These safeguards include encryption in transit, access controls, authentication requirements, logging, and incident response procedures.

No method of storage or transmission is perfectly secure, and AITWIRE cannot guarantee absolute security.

13. Cross-Border Processing

AITWIRE is based in Ontario, Canada. Personal information may also be processed by our service providers in other jurisdictions, including through Cloudflare's global edge network. Where personal information is processed outside Canada, it may be subject to the laws of those jurisdictions, which may differ from Canadian privacy law.

For enterprise customers requiring specific transfer mechanisms, these may be addressed in the Enterprise Data Processing Addendum or a separate agreement.

14. Automated Decision-Making

AITWIRE uses automated processing to generate visibility scores, drift assessments, compliance grades, sentiment analyses, and remediation recommendations. These automated outputs are informational tools intended to assist Customer's decision-making and do not constitute decisions with legal or similarly significant effects on individuals.

If you believe an automated process has affected you in a way that requires human review, you may contact us using the information below.

15. Access, Correction, and Privacy Rights

Subject to applicable law, individuals may:

  • request access to their personal information held by AITWIRE;
  • request correction of inaccurate personal information;
  • request information about AITWIRE's handling practices;
  • withdraw consent to certain processing activities; and
  • file a complaint with the Office of the Privacy Commissioner of Canada or the applicable provincial privacy authority.

Depending on the jurisdiction and the nature of the relationship, individuals may also have rights regarding deletion, portability, restriction, or objection.

AITWIRE may need to verify identity before responding to a request. Requests related to personal information contained in Customer Data should be directed to the applicable Customer, who controls the purposes of that processing.

16. Children

The Service is not intended for children under the age of sixteen (16), and AITWIRE does not knowingly collect personal information from children under sixteen. If we become aware that we have collected personal information from a child under sixteen without appropriate authorization, we will take steps to delete that information.

17. Changes to This Policy

AITWIRE may update this Privacy Policy from time to time by posting a revised version with a new "Last Updated" date. Material changes will be communicated through the Service, by email, or by other reasonable means.

Contact

If you have questions about this Privacy Policy, please contact us at privacy@aitwire.com or visit our contact page.

Privacy authority: Office of the Privacy Commissioner of Canada — priv.gc.ca