Overview
Sinreh Digital, operating as Nevind AI ("Nevind", "we", "us", "our"), is committed to protecting your personal information. This Privacy Policy describes how we collect, use, disclose, and protect information in connection with the Nevind AI platform — including our website, dashboard, AI voice receptionist, lead generation, appointment booking, and email outreach services (collectively, the "Service").
By using the Service, you agree to this Privacy Policy. If you do not agree, please do not use the Service.
Who We Are
Data Controller / Accountable Organisation: Sinreh Digital, Toronto, Ontario, Canada.
Privacy Officer: privacy@nevind.com
Data Processing Agreement (GDPR / Quebec Law 25): Enterprise and EU customers may request our DPA at privacy@nevind.com or view it at /dpa.
What We Collect
Account & Business Information
- Name, email address, and password (hashed)
- Business name, category, website, physical address, phone number, city, timezone, and languages
- Billing information (processed by Stripe — we do not store card numbers)
Usage & Service Data
- Call logs: caller number, call duration, date/time, outcome (answered, voicemail, missed)
- Call transcripts and AI-generated summaries (if transcription is enabled)
- Call recordings (if enabled by the business owner — see §5)
- Appointment records: client name, phone, email, appointment type, date/time, status
- B2B lead data: business names, contact emails discovered via public websites
- Outbound email metrics: delivery, open, click, and unsubscribe status
Technical Data
- IP address, browser type, operating system, referrer URL (collected during authentication)
- Authentication tokens (session-scoped, never stored in permanent cookies)
Knowledge Base Data
- Content crawled from your business website and Google Maps listing (publicly accessible content only)
- Documents you upload (PDFs, DOCX, TXT) for AI knowledge ingestion
How We Use Your Information
We use your information only for the following purposes:
- Provide the Service — operate the AI voice receptionist, book appointments, manage leads, and send outreach emails on your behalf
- Account management — create and maintain your account, authenticate you, and process billing
- AI training (your data only) — use your call transcripts and business data to improve your own AI assistant. We do not use your data to train shared or third-party models.
- Security — detect and prevent fraud, abuse, and security incidents
- Legal compliance — meet our obligations under PIPEDA, Quebec Law 25, GDPR, CASL, and Canadian tax law
- Service improvement — analyse aggregated, anonymised usage patterns to improve features
- Transactional communications — send receipts, security alerts, and product updates
Call Recording & AI Processing
The Nevind AI voice receptionist answers calls on behalf of your business. When a call is handled:
- The AI processes the caller's speech in real time to understand intent and respond appropriately
- A call transcript may be generated and stored in your dashboard
- Recordings are retained according to your plan's retention settings
AI processing (transcription, intent recognition, knowledge retrieval) is performed by our contracted AI infrastructure providers, who act as sub-processors under our Data Processing Agreement. See our DPA for details.
Data Residency
Our primary database is hosted in Canada. This means that your account data, business records, call logs, and appointment data are stored in Canada.
| Data Type | Location | Sub-Processor Category |
|---|---|---|
| Account & business data | Canada | Cloud database provider |
| Call audio / transcripts | US | AI voice processing provider |
| AI inference (calls) | US | AI inference provider |
| Phone number assignment | US | Telephony provider |
| Billing data | US | Payment processor |
| Transactional & outreach email | US | Email delivery provider |
For GDPR purposes, transfers to the US are covered by Standard Contractual Clauses (SCCs) with each sub-processor. See our DPA for details.
Third-Party Sub-Processors
We share your data only with the service providers necessary to deliver the Service:
| Category | Purpose | Data Shared |
|---|---|---|
| Cloud database provider | Database & authentication | All account data |
| AI voice processing provider | AI-powered call handling | Call audio, transcripts |
| AI inference provider | AI inference & knowledge retrieval | Call content, knowledge text |
| Telephony provider | Phone number provisioning & routing | Phone number assignment |
| Payment processor | Subscription & billing | Billing info only |
| Email delivery provider | Transactional & outreach email | Email addresses, send events |
| Mapping data provider | Business discovery (lead gen) | Search queries only |
We do not share your data with advertisers, data brokers, or third-party analytics platforms. We will disclose data if required by law, court order, or to protect the rights and safety of Nevind, our users, or the public.
Data Retention
| Data Category | Retention Period | Basis |
|---|---|---|
| Account & profile data | Until account deletion + 30-day grace period | Contractual necessity |
| Call logs & transcripts | As long as account is active (configurable) | Legitimate interest |
| Billing records | 7 years after last transaction | Canadian tax law (ITA s.230) |
| Outbound email suppression list | Indefinitely | CASL / GDPR compliance |
| Anonymised usage analytics | Up to 3 years | Service improvement |
| Breach incident records | 10 years | PIPEDA regulatory obligation |
Your Rights
Under PIPEDA, Quebec Law 25, and GDPR, you have the following rights regarding your personal data:
Access
Request a copy of all personal data we hold about you.
Settings → Download my data
Portability
Export your data in machine-readable JSON format.
Settings → Download my data
Erasure
Request permanent deletion of your account and data.
Settings → Delete my account
Correction
Update inaccurate or incomplete personal data.
Edit in dashboard or email us
Withdraw consent
Withdraw consent for optional processing at any time.
Contact privacy@nevind.com
Object / restrict
(GDPR / Quebec Law 25) Object to specific processing activities.
Contact privacy@nevind.com
To exercise any right, use the self-serve tools in Settings → Privacy & Data or email privacy@nevind.com. We respond within 30 days.
Regulatory Complaints
- PIPEDA: Office of the Privacy Commissioner of Canada (OPC)
- Quebec Law 25: Commission d'accès à l'information du Québec (CAI)
- GDPR: Your national Data Protection Authority (DPA) in the EU/EEA
Healthcare Notice (PHIPA)
If you operate a healthcare practice (medical clinic, dental office, physiotherapy, etc.):
- Do not use Nevind AI to collect, transmit, or store Protected Health Information (PHI) — including diagnoses, medications, test results, health history, or insurance information.
- The AI voice receptionist may be used for general appointment booking and business inquiries, but callers must not be asked to provide clinical health details.
- You are responsible for ensuring that callers are not induced to share PHI through the AI assistant, in accordance with your obligations as a Health Information Custodian.
- If you require a PHIPA-compliant AI receptionist with a Business Associate Agreement (BAA), please contact privacy@nevind.com to discuss our enterprise healthcare offering (in development).
CASL & Outbound Email
Canada's Anti-Spam Legislation (CASL) governs commercial electronic messages sent to Canadians.
- All outbound B2B prospecting emails sent through Nevind AI include a one-click unsubscribe link compliant with RFC 8058 and Google/Yahoo 2024 sender requirements.
- Unsubscribe requests are processed immediately and the recipient is added to a permanent suppression list.
- B2B outreach targets publicly listed business email addresses, which fall under CASL's implied consent for commercial messages to business contacts.
- All messages include the sender's physical mailing address as required by CAN-SPAM and CASL.
- You are responsible for ensuring you have appropriate consent before sending to any individual whose email address you upload manually.
Cookies & Local Storage
We use essential cookies only. We do not use tracking, advertising, or third-party analytics cookies.
| Name | Type | Purpose | Duration |
|---|---|---|---|
| sb-* | Essential | Authentication session token | Session |
| nevind_cookie_consent | Essential | Stores your cookie consent preference | 1 year |
| theme | Functional | Stores your light/dark mode preference | 1 year |
If we introduce analytics in the future, we will update this policy, obtain fresh consent via our cookie banner, and give you the option to opt out.
Children's Privacy
The Service is not directed to individuals under the age of 13. We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a child under 13, please contact privacy@nevind.com and we will delete it promptly.
Breach Notification
In the event of a privacy breach that poses a real risk of significant harm (as defined under PIPEDA s.10.1), we will:
- Notify the Office of the Privacy Commissioner of Canada as soon as feasible (targeting within 72 hours)
- Notify all affected individuals directly by email
- Maintain a record of every breach for a minimum of 24 months
- For EU users under GDPR: notify the relevant supervisory authority within 72 hours of becoming aware of the breach
Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email (to the address on your account) and update the "Last updated" date above. Continued use of the Service after the effective date constitutes acceptance of the updated policy.
Contact Us
We aim to respond to all privacy requests within 30 calendar days, as required under PIPEDA s.9(2).