Applicable Law
Nevind AI is operated by Sinreh Digital, Toronto, Ontario, Canada. Our privacy practices are governed by the following legislation:
PIPEDA
Canadian Federal
Canada's federal private-sector privacy law governing how we collect, use, and disclose personal information.
Quebec Law 25
Provincial (in force Sept 2023)
Grants rights similar to GDPR — data portability, right to be forgotten, privacy impact assessments.
GDPR
EU / EEA
Applies to the personal data of individuals in the European Economic Area that we process.
Rights at a Glance
| Right | PIPEDA | Quebec Law 25 | GDPR |
|---|---|---|---|
| Access your data | ✓ | ✓ | ✓ |
| Correct inaccurate data | ✓ | ✓ | ✓ |
| Delete / erasure | ✓ (limited) | ✓ | ✓ |
| Data portability | ✓ | ✓ | ✓ |
| Withdraw consent | ✓ | ✓ | ✓ |
| Object to processing | — | ✓ | ✓ |
| Lodge a complaint | OPC | CAI | Supervisory authority |
Access & Portability
You have the right to receive a copy of all personal data we hold about you, in a structured, machine-readable format.
If you prefer to submit a written request, email privacy@nevind.com with the subject line "Data Access Request". We respond within 30 calendar days.
Erasure & Deletion
You may request permanent deletion of your account and associated personal data at any time.
The following data is excluded from deletion due to legal retention obligations:
- Billing records — retained 7 years under the Income Tax Act s.230
- Email unsubscribe / suppression records — retained indefinitely under CASL
- Breach incident records — retained 10 years under PIPEDA regulations
Correction
If any personal data we hold about you is inaccurate or incomplete, you may update it:
- Self-serve: Edit your business profile and account details directly in Settings.
- By request: Email privacy@nevind.com with the subject line "Correction Request" and describe what needs to be updated.
Withdraw Consent
Where processing is based on your consent, you may withdraw it at any time — this will not affect the lawfulness of processing before withdrawal.
- Marketing emails: Use the one-click Unsubscribe link in any email we send, or manage preferences in Settings.
- Call recording / transcription: Contact us to disable optional transcription on your account.
- All other consent-based processing: Email privacy@nevind.com.
Data Processing Agreement (DPA)
Enterprise customers and organisations that require a formal Data Processing Agreement for GDPR or Quebec Law 25 compliance may request one by emailing privacy@nevind.com with the subject "DPA Request".
You may also view our standard DPA at nevind.com/dpa.
Breach Notification
In the event of a privacy breach that poses a real risk of significant harm (as defined under PIPEDA s.10.1), we will:
- Notify the Office of the Privacy Commissioner of Canada as soon as feasible (targeting 72 hours of awareness)
- Notify all affected individuals directly by email
- For EU users: notify the relevant supervisory authority within 72 hours, as required by GDPR Art. 33
- Maintain a breach record for a minimum of 24 months
Regulatory Complaints
If you are not satisfied with our response to a privacy request, you may escalate to a regulatory authority:
Contact Us
We aim to respond to all privacy requests within 30 calendar days, as required under PIPEDA s.9(2).