This Privacy Policy describes how 10368504 Canada Inc, doing business as Autonomous Blue, together with its affiliates and brands, collectively, "we," "us," or "our," collects, uses, discloses, stores, protects, and otherwise processes personal information through our websites, landing pages, hosted pages, CRM systems, AI tools, voice systems, messaging systems, customer portals, integrations, and related products and services, including without limitation Autonomous Blue CRM, Autonomous Blue, and our managed hosting and web infrastructure services, collectively, the "Services."
This Privacy Policy also explains the rights and choices that may be available to individuals depending on their location and the nature of their relationship with us.
By visiting our websites, submitting forms, communicating with us, purchasing services from us, using our Services, or interacting with any page, tool, AI system, or communication channel we operate or make available, you acknowledge that your personal information may be handled as described in this Privacy Policy.
01.Scope and Application
This Privacy Policy applies to personal information we collect:
1.1directly from you
1.2from your use of our websites, forms, funnels, portals, and hosted assets
1.3when you interact with our AI tools, chat systems, voice systems, email systems, text messaging systems, or CRM systems
1.4from our customers who use our Services to collect or manage information about their own leads, prospects, customers, patients, staff, contractors, or other contacts
1.5from third parties and integrations connected to our Services, such as payment processors, calendars, telephony providers, analytics services, domain providers, advertising platforms, and customer relationship tools
This Privacy Policy does not apply to third party websites, services, or platforms that we do not own or control, even if they are linked to or integrated with our Services.
02.Important Role Clarification
Depending on the situation, we may act in different roles with respect to personal information:
2.1When we collect personal information for our own business purposes, such as when you contact us, buy from us, browse our site, request a demo, or sign a services agreement, we generally act as the organization deciding why and how that information is processed.
2.2When our customers use our CRM, AI, messaging, or hosting tools to collect, store, or process personal information, we may act as a service provider, processor, or similar role on behalf of that customer, depending on applicable law and the service configuration.
2.3If you are an end user whose information was submitted to our systems by one of our customers, you may need to contact that customer first for certain questions about your information, because that customer may control the relevant relationship, form, workflow, or database.
03.Personal Information We Collect
The categories of personal information we collect depend on how you interact with us and which Services are used.
3.1 Identifiers and Contact Information
We may collect identifiers and contact details such as:
a.full name
b.business name
c.job title
d.mailing address
e.billing address
f.email address
g.telephone number
h.mobile number
i.social media handles
j.username or account login identifier
3.2 Account and Administrative Information
We may collect account and administrative details such as:
a.login credentials
b.account ownership information
c.account preferences
d.workspace or subaccount details
e.internal user permissions
f.support history
g.billing status
h.contract or subscription records
3.3 Transaction and Commercial Information
We may collect transaction and commercial information such as:
a.products or services purchased
b.subscription tier
c.invoice history
d.payment status
e.service configuration history
f.implementation notes
g.purchase dates
h.renewal and cancellation records
We generally use third party payment processors for payment handling, and we may receive limited transaction information from them, but we do not necessarily store full payment card details ourselves.
3.4 Communications Information
We may collect information contained in communications, including:
a.emails
b.support tickets
c.SMS or MMS messages
d.call logs
e.voicemail content
f.meeting notes
g.chat transcripts
h.call recordings, where enabled
i.customer success communications
j.AI interaction transcripts and summaries
3.5 Device, Network, and Technical Information
When you use our websites or Services, we may automatically collect technical information such as:
a.IP address
b.browser type
c.operating system
d.device type
e.language settings
f.referring URLs
g.pages viewed
h.timestamps
i.clickstream and session activity
j.crash logs
k.diagnostic and performance logs
l.approximate geolocation derived from IP address
3.6 Usage and Behavioral Information
We may collect usage information about how our Services are accessed and used, including:
a.feature usage
b.workflow usage
c.template usage
d.automation activity
e.campaign interactions
f.page engagement metrics
g.help center usage
h.account activity and event logs
3.7 Information Submitted Through Forms and Landing Pages
If you complete a website form, funnel form, intake form, appointment form, consultation form, or lead capture form, we may collect any information you choose to submit, including:
a.name and contact information
b.service inquiry details
c.business details
d.project requirements
e.scheduling details
f.responses to intake questions
g.other information you provide voluntarily
3.8 AI and Automation Inputs and Outputs
If you interact with our AI Services or if our customers use our AI Services on their websites, phone lines, workflows, or messaging systems, we may collect and process:
a.prompts
b.user inputs
c.AI responses
d.voice recordings
e.transcriptions
f.generated summaries
g.appointment and routing outcomes
h.metadata about AI interactions
i.quality assurance notes
j.configuration settings and prompt logic
3.9 CRM and Contact Management Information
If our CRM Services are used, we may process information such as:
a.contact records
b.lead sources
c.pipeline status
d.tags
e.notes
f.appointment history
g.communication logs
h.campaign status
i.assigned users
j.workflow triggers and events
3.10 Hosting and Web Infrastructure Information
If we provide Hosting Services, we may process:
a.website content
b.uploaded files
c.form submission data
d.DNS and domain settings
e.SSL or certificate-related records
f.server access logs
g.performance logs
h.incident and security logs
3.11 Sensitive Information
Depending on how our Services are configured, we or our customers may process information that may be considered sensitive under certain laws, such as precise geolocation, financial account-related information, account credentials, or health-related information. We do not seek to collect sensitive personal information unless it is reasonably necessary for a lawful business purpose, for the provision of requested services, or because a customer has chosen to configure our Services to collect such information.
If you or one of our customers submit sensitive information through our Services, you represent that there is an appropriate legal basis to do so.
04.Sources of Personal Information
We may collect personal information from the following sources:
4.1directly from you
4.2from your employer or organization
4.3from our customers
4.4from website forms, calendars, funnels, landing pages, intake flows, and support portals
4.5from your devices and browsers when you use our websites or Services
4.6from communications you send to us
4.7from integrations and connected third party services
4.8from analytics providers, fraud prevention tools, telephony providers, and hosting providers
4.9from payment processors and billing systems
4.10from advertising, lead generation, or social platforms, where applicable
05.How We Use Personal Information
We may use personal information for the following purposes:
5.1to provide, operate, maintain, secure, support, and improve our Services
5.2to create and manage accounts and subscriptions
5.3to process transactions, invoices, renewals, and cancellations
5.4to communicate with you about accounts, purchases, support, service updates, and security matters
5.5to respond to inquiries, schedule calls, provide demos, and deliver customer support
5.6to operate AI, CRM, messaging, automation, and hosting features requested by customers
5.7to authenticate users and protect against fraud, abuse, spam, and unauthorized access
5.8to monitor, troubleshoot, and improve performance, stability, and user experience
5.9to analyze usage trends, product adoption, deliverability, and service effectiveness
5.10to enforce our contracts, terms, acceptable use standards, and legal rights
5.11to comply with applicable legal, regulatory, tax, accounting, security, and reporting obligations
5.12to maintain records needed for auditing, dispute resolution, and compliance
5.13to send service-related notices and, where permitted by law, marketing and promotional communications
5.14to develop, test, and improve workflows, templates, support systems, AI features, and service operations
06.Legal Bases for Processing, Where Applicable
Where applicable law requires us to identify a legal basis for processing, we may process personal information because:
6.1the processing is necessary to perform a contract with you or to take steps at your request before entering into a contract
6.2the processing is necessary for our legitimate interests, including operating, securing, improving, supporting, and administering our business and Services, except where overridden by your rights
6.3the processing is necessary to comply with legal obligations
6.4you have provided consent, where consent is required or relied upon
If we rely on consent where required by law, you may withdraw that consent, subject to legal or contractual restrictions and reasonable notice.
07.How We Disclose Personal Information
We may disclose personal information to the following categories of recipients, depending on the Services used and the purpose of processing:
7.1 Service Providers and Subprocessors
We may disclose information to vendors and service providers that help us operate the Services, such as:
a.hosting and cloud infrastructure providers
b.telephony and messaging vendors
c.email delivery providers
d.AI model and voice providers
e.analytics providers
f.support and ticketing providers
g.fraud prevention and security vendors
h.payment processors
i.calendar and integration vendors
j.domain and DNS providers
7.2 Customers and Account Administrators
If you are an end user interacting with a system operated for one of our customers, we may disclose your information to that customer and the administrators of that customer's account.
7.3 Professional Advisors and Business Counterparties
We may disclose information to auditors, insurers, accountants, lawyers, bankers, financing counterparties, and similar professional advisors where reasonably necessary.
7.4 Authorities and Legal Process
We may disclose information where we believe in good faith that disclosure is necessary to:
a.comply with law
b.respond to lawful process
c.enforce contracts
d.detect or prevent fraud, abuse, or security threats
e.protect our rights, users, customers, or the public
7.5 Corporate Transactions
We may disclose personal information in connection with a merger, acquisition, financing, restructuring, sale of assets, bankruptcy, or similar corporate event, subject to customary confidentiality protections.
7.6 With Consent or Direction
We may disclose information where you direct us to do so or otherwise consent.
08.AI Services Privacy Disclosures
Because our Services may include AI voice, AI texting, AI chat, AI workflows, and AI-generated responses, the following additional privacy points apply.
8.1 AI Interaction Data
We may collect and process prompts, responses, transcripts, recordings, summaries, routing outcomes, timing data, and related metadata generated during AI interactions.
8.2 AI Quality and Safety Review
We may review AI interactions, logs, and transcripts for quality assurance, support, debugging, abuse prevention, fraud prevention, safety monitoring, and service improvement.
8.3 AI Output Limitations
AI-generated outputs may be inaccurate, incomplete, or misleading. Personal information included in AI-generated outputs may reflect the underlying data submitted to the system or the logic configured by the customer using the system.
8.4 Customer-Controlled AI Environments
Where our customers deploy AI tools in their own business environment, they control what prompts, scripts, datasets, contacts, or workflows are used. In such cases, the relevant customer may be the primary point of contact for certain privacy requests relating to that deployment.
8.5 Training and Model Use
We do not knowingly use confidential customer business content or customer-submitted personal information to train public global models without appropriate authorization. We may, however, use service logs, metadata, de-identified information, aggregated information, and system performance information to secure, maintain, and improve our Services.
8.6 AI Voice and Recording
Where AI voice, call handling, or transcription features are used, audio and transcript data may be processed by us and by our service providers. Customers are responsible for ensuring that legally required recording or AI interaction disclosures are given where required by law.
09.CRM Services Privacy Disclosures
If our CRM Services are used, we may process personal information to:
9.1create and maintain contact records
9.2support lead capture and pipeline management
9.3log communications and appointments
9.4manage workflows, tags, reminders, and tasks
9.5operate marketing, support, or follow-up campaigns
9.6document customer relationship history and account activity
If you are in a CRM maintained for one of our customers and want to access, correct, or delete your information, the fastest route is often to contact that customer directly first.
10.Hosting Services Privacy Disclosures
If we provide Hosting Services, we may process personal information through hosted pages, forms, sites, or infrastructure logs.
This may include:
10.1form submissions
10.2support portal content
10.3access and security logs
10.4website analytics and cookie data
10.5files and content uploaded by or on behalf of customers
10.6domain, DNS, and deployment records
Hosted content and forms may be controlled by our customers, and those customers may decide what fields are collected and why.
11.Cookies, Pixels, Analytics, and Similar Technologies
We and our service providers may use cookies, pixels, tags, scripts, local storage, SDKs, session replay tools, and similar technologies to collect information about website and service usage.
We may use these technologies to:
11.1keep you signed in
11.2remember preferences
11.3provide security controls
11.4measure traffic and engagement
11.5understand performance and troubleshooting issues
11.6improve site design and user experience
11.7support marketing or advertising activities, where applicable
Depending on how our websites are configured, we may use:
a.strictly necessary cookies
b.performance and analytics cookies
c.functionality cookies
d.advertising or targeting technologies
If required by law, we will request consent for certain non-essential technologies before activating them.
You can also manage cookies through your browser settings, device settings, or any consent management tool we make available.
12.Marketing Communications
We may send marketing, promotional, or newsletter communications where permitted by law or where you have consented.
You may opt out of marketing emails by using the unsubscribe link included in the message. You may opt out of text messages by replying with a recognized opt-out keyword where applicable.
Even if you opt out of marketing communications, we may still send non-marketing messages related to your account, purchases, billing, service status, security, or legal matters.
Commercial emails and texts sent from, within, or into Canada must comply with CASL's consent, identification, and unsubscribe rules.
13.How Long We Retain Personal Information
We retain personal information for as long as reasonably necessary for the purposes described in this Privacy Policy, including to:
13.1provide and support the Services
13.2maintain business and financial records
13.3comply with legal, tax, accounting, and regulatory obligations
13.4investigate incidents, disputes, or abuse
13.5enforce contracts and defend legal claims
Retention periods vary depending on the type of information, the sensitivity of the information, the context in which it was collected, and legal or operational needs.
When personal information is no longer reasonably necessary, we will delete, anonymize, aggregate, or otherwise dispose of it in accordance with our retention practices and applicable law.
14.Security
We use commercially reasonable administrative, technical, and organizational safeguards designed to protect personal information against unauthorized access, disclosure, alteration, misuse, or destruction.
These measures may include role-based access controls, logging, authentication controls, encryption in transit, secure hosting, vendor review, monitoring, and incident response procedures.
No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
Organizations subject to PIPEDA may have breach reporting, notification, and recordkeeping obligations if a breach creates a real risk of significant harm.
15.International and Cross-Border Transfers
We may store, access, or process personal information in Canada, the United States, and other jurisdictions where we or our service providers operate.
As a result, personal information may be subject to the laws of jurisdictions outside the location where it was originally collected, including laws that may allow access by courts, regulators, or law enforcement in those jurisdictions.
Where required by applicable law, we will use appropriate safeguards for cross-border transfers.
16.Your Privacy Rights and Choices
Depending on your location and our role in the relevant processing, you may have rights regarding your personal information.
These rights may include the right to:
16.1request access to personal information
16.2request correction of inaccurate personal information
16.3request deletion of personal information
16.4withdraw consent, where consent is the basis of processing
16.5object to or restrict certain processing
16.6request portability of certain information
16.7opt out of certain marketing communications
16.8opt out of certain sale or sharing activities, where applicable
16.9limit certain uses of sensitive personal information, where applicable
We may need to verify your identity before fulfilling a request.
We may also deny or limit certain requests where permitted by law, including where an exception applies, where we cannot verify identity, or where the request relates to information controlled by one of our customers rather than by us directly.
17.Canadian Privacy Rights
PIPEDA requires private-sector organizations in the course of commercial activities to handle personal information according to fair information principles including accountability, identifying purposes, consent, limiting collection, safeguards, openness, and individual access.
If you are in Canada and want to request access to, correction of, or information about personal information we control, you may contact us using the contact details at the end of this Privacy Policy.
If we are processing your information on behalf of one of our customers, we may direct you to that customer first.
18.California Privacy Notice
This Section applies to California residents to the extent the California Consumer Privacy Act, as amended, applies.
18.1 California Rights
California residents may have the right to:
a.know what personal information we collect, use, disclose, sell, or share
b.request deletion of personal information, subject to exceptions
c.request correction of inaccurate personal information
d.opt out of the sale or sharing of personal information
e.limit certain uses and disclosures of sensitive personal information in some circumstances
f.receive equal service and pricing even if they exercise privacy rights, subject to lawful differences
California law also requires covered businesses to provide certain notices explaining their privacy practices and consumer rights.
18.2 Categories of Personal Information Collected
Over the last 12 months, we may have collected the categories of personal information described in Section 3 of this Privacy Policy, depending on the Services used.
18.3 Categories of Sources
We may collect those categories from the sources described in Section 4.
18.4 Business and Commercial Purposes
We may use those categories for the purposes described in Section 5.
18.5 Categories of Recipients
We may disclose those categories to the categories of recipients described in Section 7.
18.6 Sale or Sharing Disclosure
Option B, if applicable: We do not sell personal information for money. However, some analytics, pixels, cookies, or advertising-related technologies used on our websites may be considered "sharing" under California law. If we engage in those practices, California residents may submit a request to opt out of that sale or sharing by partner@autonomousblue.com.
18.7 Sensitive Personal Information
We only use and disclose sensitive personal information for permitted business purposes, for the provision of requested services, or as otherwise allowed by law.
18.8 How to Exercise California Rights
California residents may exercise applicable privacy rights by contacting us at:
Email: partner@autonomousblue.com
You may also designate an authorized agent to make certain requests on your behalf where permitted by law.
19.GDPR and EEA or UK Transparency Notice
If the GDPR or similar law applies, data subjects generally must be informed of core items such as the controller's identity, contact details, purposes of processing, legal basis, recipients, transfer information, retention information, rights, complaint rights, and, where applicable, the existence of automated decision-making.
If you are located in the European Economic Area, Switzerland, or the United Kingdom, and applicable law gives you privacy rights, you may contact us to exercise those rights using the contact details below.
If required by applicable law, we will provide additional jurisdiction-specific disclosures upon request or in a supplemental notice.
20.Children's Privacy
Our Services are intended primarily for business use and are not directed to children under the age at which parental consent is required under applicable law.
We do not knowingly collect personal information directly from children in a manner requiring parental consent unless explicitly stated otherwise in a specific service context.
If you believe a child has provided personal information to us improperly, contact us and we will take appropriate steps to review and address the issue.
21.Third Party Links and Services
Our websites and Services may link to third party sites or include integrations with third party services. We are not responsible for the privacy, security, or data handling practices of those third parties.
We encourage you to review the privacy policies of every site, service, or platform you interact with.
22.Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in law, technology, business practices, or the Services.
When we do, we will update the "Effective Date" at the top of this page. If changes are materially significant, we may also provide additional notice where appropriate.
Your continued use of the Services after the effective date of an updated Privacy Policy means the updated version will apply going forward, subject to any non-waivable legal rights you may have.
23.Contact Us
If you have questions, requests, or complaints about this Privacy Policy or our privacy practices, contact us at:
Email: partner@autonomousblue.com
24.Supplemental Notes for Your Site Build
Before you post this, make sure you decide and finalize these points:
- whether you use analytics only, or analytics plus ad pixels
- whether you support browser-based opt-out signals like GPC
- what email and form you want for privacy requests
- whether you want a separate cookie policy
- whether you want a separate Data Processing Addendum for clients using your CRM and AI products
- whether any hosted forms collect health or other sensitive data